docker-mariadb-aria icon indicating copy to clipboard operation
docker-mariadb-aria copied to clipboard
verified publisher icon jc21

Unprivileged container fail to start in podman.

Open Moltey opened this issue 4 years ago • 0 comments

When running an unprivileged mariadb-aria container in podman with the "--user" flag, it will fail to start (access privileges for the respective folders set up correctly):

[i] pre-init.d - processing /scripts/pre-init.d/01_secret-init.sh
[i] mysqld not found, creating....
mkdir: can't create directory '/run/mysqld': Permission denied
chown: /run/mysqld: No such file or directory
[i] MySQL data directory not found, creating initial DBs
chown: /var/lib/mysql/aria_log_control: Operation not permitted
chown: /var/lib/mysql/aria_log.00000001: Operation not permitted
chown: /var/lib/mysql: Operation not permitted
chown: /var/lib/mysql: Operation not permitted
chown: /var/lib/mysql: Operation not permitted
[i] Creating database: npm
[i] with character set: 'utf8' and collation: 'utf8_general_ci'
[i] Creating user: USER with password PA$$WORD
2021-11-21 15:29:58 0 [Note] /usr/bin/mysqld (mysqld 10.4.15-MariaDB) starting as process 33 ...
/usr/bin/mysqld: One can only use the --user switch if running as root
2021-11-21 15:29:58 0 [Note] Plugin 'InnoDB' is disabled.
2021-11-21 15:29:58 0 [Note] Plugin 'FEEDBACK' is disabled.
ERROR: 1049  Unknown database 'mysql'
2021-11-21 15:29:58 0 [ERROR] Aborting
/scripts/run.sh: ignoring or entrypoint initdb empty /docker-entrypoint-initdb.d/*


MySQL init process done. Ready for start up.

exec /usr/bin/mysqld --user=mysql --console --skip-name-resolve --skip-networking=0
2021-11-21 15:29:58 0 [Note] /usr/bin/mysqld (mysqld 10.4.15-MariaDB) starting as process 1 ...
/usr/bin/mysqld: One can only use the --user switch if running as root
2021-11-21 15:29:58 0 [Note] Plugin 'InnoDB' is disabled.
2021-11-21 15:29:58 0 [Note] Plugin 'FEEDBACK' is disabled.
2021-11-21 15:29:58 0 [ERROR] Could not open mysql.plugin table. Some plugins may be not loaded
2021-11-21 15:29:58 0 [ERROR] Can't open and lock privilege tables: Table 'mysql.servers' doesn't exist
2021-11-21 15:29:58 0 [Note] Server socket created on IP: '::'.
2021-11-21 15:29:58 0 [ERROR] Can't start server : Bind on unix socket: No such file or directory
2021-11-21 15:29:58 0 [ERROR] Do you already have another mysqld server running on socket: /run/mysqld/mysqld.sock ?
2021-11-21 15:29:58 0 [ERROR] Aborting

My best guess: The --user parameter is not checked as in the "standard" mariadb repository: https://github.com/MariaDB/mariadb-docker/blob/ef12d140f19ace81b65f2b9aba9bf02b51ae888e/docker-entrypoint.sh#L68-L74

Expectation: Unprivileged startup as experienced with the standard mariadb image.

Moltey avatar Nov 21 '21 16:11 Moltey