iris-web icon indicating copy to clipboard operation
iris-web copied to clipboard

Published 20 hours ago verified publisher icon dfir-iris

[BUG] ERROR: for iriswebapp_nginx Cannot start service nginx: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: eaccess /entrypoint.sh: permission denied: unknown

Open malexe3169 opened this issue 1 year ago • 8 comments

Describe the bug I run the install steps and then I got this error when running docker-compose up: _Creating network "iris_backend" with the default driver Creating network "iris_frontend" with the default driver Creating volume "iris-web_iris-downloads" with default driver Creating volume "iris-web_user_templates" with default driver Creating volume "iris-web_server_data" with default driver Creating volume "iris-web_db_data" with default driver Creating iriswebapp_rabbitmq ... done Creating iriswebapp_db ... done Creating iriswebapp_app ... done Creating iriswebapp_nginx ... error Creating iriswebapp_worker ... done

ERROR: for iriswebapp_nginx Cannot start service nginx: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: eaccess /entrypoint.sh: permission denied: unknown

ERROR: for nginx Cannot start service nginx: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: eaccess /entrypoint.sh: permission denied: unknown ERROR: Encountered errors while bringing up the project._

To Reproduce Follow the install steps on Ubuntu 22.04 server

Expected behavior To start normally

Additional context I tries on multiple ubuntu 24.04 servers I have installed, and they all run the same.

malexe3169 avatar Aug 08 '23 00:08 malexe3169

Make sure that the file entrypoint.sh from docker/nginx/ directory has read and execution permissions.

Acsigen avatar Aug 08 '23 07:08 Acsigen

Yeah, I thougt about that but it doesn't seem to work :

root@power:~/iris-web# ls -la docker/nginx/entrypoint.sh -rwxr-xr-x 1 root root 1364 Aug 7 20:24 docker/nginx/entrypoint.sh root@power:~/iris-web# docker-compose up Creating network "iris_backend" with the default driver Creating network "iris_frontend" with the default driver Creating volume "iris-web_iris-downloads" with default driver Creating volume "iris-web_user_templates" with default driver Creating volume "iris-web_server_data" with default driver Creating volume "iris-web_db_data" with default driver Creating iriswebapp_db ... done Creating iriswebapp_rabbitmq ... done Creating iriswebapp_app ... done Creating iriswebapp_nginx ... error Creating iriswebapp_worker ... done

ERROR: for iriswebapp_nginx Cannot start service nginx: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: eaccess /entrypoint.sh: permission denied: unknown

ERROR: for nginx Cannot start service nginx: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: eaccess /entrypoint.sh: permission denied: unknown ERROR: Encountered errors while bringing up the project.

I run : docker-compose down --volume chmod +rx docker/nginx/entrypoint.sh ls -la docker/nginx/entrypoint.sh docker-compose build docker-compose up

malexe3169 avatar Aug 08 '23 12:08 malexe3169

Same issue here. Any ideas how to fix?

duisen0v avatar Aug 09 '23 12:08 duisen0v

same thing happens on a new install of ubuntu 20.04

malexe3169 avatar Aug 09 '23 23:08 malexe3169

Tested on debian 12, and it works perfectly.

malexe3169 avatar Aug 09 '23 23:08 malexe3169

Also having this issue on Ubuntu 20.04 when trying to upgrade our existing instance from v1.4.5 to v2.0.0 (and then was going to go to latest v2.3.2). From what I could see, it looks like the chown for the entrypoint.sh and several other files doesn't seem to be actually getting applied. If I run the image manually using docker run and to an ls I see that entrypoint.sh is still owned by root:root.

Didn't have time to go in depth as it is a prod instance so had to rollback to a previous VM snapshot. I might get a chance to look at it in more detail again soon.

ChestoOfGlen avatar Aug 10 '23 07:08 ChestoOfGlen

Hi, I have same issue when I run the install. I try to fix by edit docker file in docker/nginx/Dockerfile And it worked. I add 2 rows in middle HEALTHCHECK and ENTRYPOINT. My Dockerfile is:

FROM nginx:1.21.3

RUN apt-get update && apt-get install -y curl

ARG NGINX_CONF_GID ARG NGINX_CONF_FILE

RUN groupadd -g ${NGINX_CONF_GID} az-app-nginx-conf && usermod -a -G az-app-nginx-conf www-data

COPY entrypoint.sh /entrypoint.sh RUN chmod 700 /entrypoint.sh RUN chown www-data:www-data /entrypoint.sh

COPY ${NGINX_CONF_FILE} /etc/nginx/nginx.conf

RUN touch /var/log/nginx/audit_platform_error.log && chown -R www-data:www-data /var/log/nginx/audit_platform_error.log RUN touch /var/log/nginx/audit_platform_access.log && chown -R www-data:www-data /var/log/nginx/audit_platform_access.log

RUN touch /var/run/nginx.pid && chown -R www-data:www-data /var/run/nginx.pid /var/cache/nginx /etc/nginx/nginx.conf

RUN mkdir -p /www/certs/

USER www-data

HEALTHCHECK --interval=5s --timeout=3s CMD curl --fail -k https://127.0.0.1:${INTERFACE_HTTPS_PORT:-443} || exit 1 USER root RUN chmod +x entrypoint.sh ENTRYPOINT ["/entrypoint.sh"]

silverfrost94 avatar Aug 14 '23 06:08 silverfrost94

can confirm it worked. thanks

malexe3169 avatar Aug 23 '23 00:08 malexe3169