androidseb25
[BUG] exec igotify | exec /usr/bin/dotnet: operation not permitted
Describe the bug When following the docker-compose example I am getting a bunch of igotify | exec /usr/bin/dotnet: operation not permitted
[+] Running 1/1 ✔ igotify Pulled 0.6s [+] Running 2/2 ✔ Container gotify Created 0.0s ✔ Container igotify Created 0.0s Attaching to gotify, igotify igotify | exec /usr/bin/dotnet: operation not permitted gotify | exec ./gotify-app: operation not permitted igotify exited with code 0 gotify exited with code 0 igotify | exec /usr/bin/dotnet: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted gotify | exec ./gotify-app: operation not permitted igotify exited with code 255 igotify | exec /usr/bin/dotnet: operation not permitted gotify | exec ./gotify-app: operation not permitted igotify | exec /usr/bin/dotnet: operation not permitted gotify | exec ./gotify-app: operation not permitted
Screenshots If applicable, add screenshots to help explain your problem.
- OS Ubuntu
Docker-compose used
services: gotify: container_name: gotify hostname: gotify image: gotify/server restart: unless-stopped security_opt: - no-new-privileges:true networks: - net ports: - "8680:80" volumes: - /home/user/docker/gotify-server/gotify:/app/data environment: GOTIFY_DEFAULTUSER_PASS: 'password' #Change me!!!!!
igotify: container_name: igotify hostname: igotify image: ghcr.io/androidseb25/igotify-notification-assist:latest restart: unless-stopped security_opt: - no-new-privileges:true pull_policy: always networks: - net ports: - "8681:8080" volumes: - /home/user/docker/gotify-server/igotify:/app/data #environment: # option environment see above note # GOTIFY_URLS: '' # GOTIFY_CLIENT_TOKENS: '' # SECNTFY_TOKENS: ''
networks: net:
volumes: data: api-data:
I think it's a general permission problem in your side, because gotify get also permission problems, did you get docker all permission for read and write?
I don't understand the permission issue fully (tbh, chatgpt ftw), but I've never seen this setting for docker before:
security_opt:
- no-new-privileges:true
But removing this, solved the error for me. But then I got this error instead:
Unhandled exception. System.IO.IOException: The configured user limit (128) on the number of inotify instances ha
at System.IO.FileSystemWatcher.StartRaisingEvents()
at Microsoft.Extensions.FileProviders.Physical.PhysicalFilesWatcher.TryEnableFileSystemWatcher()
at Microsoft.Extensions.FileProviders.Physical.PhysicalFilesWatcher.CreateFileChangeToken(String filter)
at Microsoft.Extensions.Primitives.ChangeToken.ChangeTokenRegistration`1..ctor(Func`1 changeTokenProducer, Act
at Microsoft.Extensions.Primitives.ChangeToken.OnChange(Func`1 changeTokenProducer, Action changeTokenConsumer
at Microsoft.Extensions.Configuration.FileConfigurationProvider..ctor(FileConfigurationSource source)
at Microsoft.Extensions.Configuration.Json.JsonConfigurationSource.Build(IConfigurationBuilder builder)
at Microsoft.Extensions.Configuration.ConfigurationManager.AddSource(IConfigurationSource source)
at Microsoft.Extensions.Configuration.ConfigurationManager.Microsoft.Extensions.Configuration.IConfigurationBu
at Microsoft.Extensions.Hosting.HostingHostBuilderExtensions.ApplyDefaultAppConfiguration(HostBuilderContext h
at Microsoft.Extensions.Hosting.HostApplicationBuilder..ctor(HostApplicationBuilderSettings settings)
at Microsoft.AspNetCore.Builder.WebApplicationBuilder..ctor(WebApplicationOptions options, Action`1 configureD
at Microsoft.AspNetCore.Builder.WebApplication.CreateBuilder(WebApplicationOptions options)
at Program.<Main>$(String[] args) in /src/Program.cs:line 8
And this error can be fixed by setting this environment variable:
environment:
- IGOTIFY_CLIENT_TOKEN='your-token'
- GOTIFY_SERVER_URL="http://gotify"
- DOTNET_HOSTBUILDER__RELOADCONFIGONCHANGE=false
I would love to understand the problem, so if you (@androidseb25) could explain this setting it would be nice :)
For now this works perfect. And I need this fix to build a helm chart for your Notification Assistant. If i get this to work, I will try to open a pull request.
Nice job on the project. Its the only working iOS solution i found on the internet for background notifications!
Cheers, Cellexec
Hi,
I added this parameter to secure the container architecture, because where are handling here sometimes with private data over the websocket, the notification aren't encrypted.
The encryption process is started in my container for sending the notifications to you're phone.
Ah thanks! Make sense...
Since I'm trying to create a helm chart right now, I'm facing this problem constantly. So removing this isn't the way:
security_opt:
- no-new-privileges:true
But kubernetes refuses this setting:
Error: container has runAsNonRoot and image will run as root
This is caused since in the Dockerfile we don't set a user at all, so the root with userid 0 is used.
I suggest to create a user in the Dockerfile by adding this:
# Create non-root user and group with fixed UID/GID 1000
RUN groupadd -g 1000 appgroup && useradd -u 1000 -g appgroup -m appuser
# Ensure appuser owns the app directory
RUN chown -R appuser:appgroup /app
# Switch to non-root user
USER appuser
Cheers, Cellexec