Docker-CODE icon indicating copy to clipboard operation
Docker-CODE copied to clipboard
verified publisher icon CollaboraOnline

mknod fails when docker is run with --userns-remap

Open trallen opened this issue 6 years ago • 0 comments

I'm using the latest version of collabora/code under docker, but with user namespace isolation.

This causes mknod to fail due to a lack of permissions, which renders SSL non-functional:

collabora | kit-00040-00031 2019-05-26 19:45:13.467107 [ loolkit ] ERR mknod(/opt/lool/child-roots/HfsIzgrgIslYDEpO//dev/random) failed. (EPERM: Operation not permitted)| kit/Kit.cpp:2389 collabora | kit-00040-00031 2019-05-26 19:45:13.467170 [ loolkit ] ERR mknod(/opt/lool/child-roots/HfsIzgrgIslYDEpO//dev/urandom) failed. (EPERM: Operation not permitted)| kit/Kit.cpp:2396 collabora | wsd-00029-00038 2019-05-26 19:45:20.297768 [ websrv_poll ] ERR Socket #21 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281 collabora | wsd-00029-00038 2019-05-26 19:45:20.297926 [ websrv_poll ] ERR Error while handling poll for socket #21 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570 collabora | wsd-00029-00038 2019-05-26 19:45:20.652259 [ websrv_poll ] ERR Socket #21 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281 collabora | wsd-00029-00038 2019-05-26 19:45:20.652312 [ websrv_poll ] ERR Error while handling poll for socket #21 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570 collabora | wsd-00029-00038 2019-05-26 19:45:21.019853 [ websrv_poll ] ERR Socket #21 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281 collabora | wsd-00029-00038 2019-05-26 19:45:21.019909 [ websrv_poll ] ERR Error while handling poll for socket #21 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570 collabora | wsd-00029-00038 2019-05-26 19:45:21.370576 [ websrv_poll ] ERR Socket #21 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281 collabora | wsd-00029-00038 2019-05-26 19:45:21.370633 [ websrv_poll ] ERR Error while handling poll for socket #21 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570 collabora | wsd-00029-00038 2019-05-26 19:45:21.733146 [ websrv_poll ] ERR Socket #21 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281 collabora | wsd-00029-00038 2019-05-26 19:45:21.733211 [ websrv_poll ] ERR Error while handling poll for socket #21 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570 collabora | wsd-00029-00038 2019-05-26 19:45:22.092278 [ websrv_poll ] ERR Socket #21 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281 collabora | wsd-00029-00038 2019-05-26 19:45:22.092340 [ websrv_poll ] ERR Error while handling poll for socket #21 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570 collabora | wsd-00029-00038 2019-05-26 19:45:22.449719 [ websrv_poll ] ERR Socket #21 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281 collabora | wsd-00029-00038 2019-05-26 19:45:22.449788 [ websrv_poll ] ERR Error while handling poll for socket #21 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570 collabora | wsd-00029-00038 2019-05-26 19:45:22.803844 [ websrv_poll ] ERR Socket #21 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281 collabora | wsd-00029-00038 2019-05-26 19:45:22.803907 [ websrv_poll ] ERR Error while handling poll for socket #21 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570 collabora | wsd-00029-00038 2019-05-26 19:45:23.160122 [ websrv_poll ] ERR Socket #21 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281 collabora | wsd-00029-00038 2019-05-26 19:45:23.160184 [ websrv_poll ] ERR Error while handling poll for socket #21 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570

There seem to be a number of warnings against disabling SSL, so even though I proxy all connections to port 9980 through a local Apache, I'm reluctant to do this (Collabora appears to work when I do disable SSL).

As far as I can tell, the best way to resolve this would be to make /dev/{,u}random on the host available as volumes to the container, but since it's hard to predict the folder name (in this case, HfsIzgrgIslYDEpO), that's a no-go.

Are there any other approaches I can take to resolve this issue?

trallen avatar May 26 '19 20:05 trallen