langgenius
error: operation not permitted
Self Checks
- [X] This is only for bug report, if you would like to ask a question, please head to Discussions.
- [X] I have searched for existing issues search for existing issues, including closed ones.
- [X] I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
- [X] Please do not modify this template :) and fill in all the required fields.
Dify version
0.6.9
Cloud or Self Hosted
Self Hosted (Docker)
Steps to reproduce
We configured a pipeline for our application, it contains following parts:
- first we input some particular words as part of the context for the LLM.
- then we call LLM to answer the question.
- we input the LLM output into a python function to filter and analysis the content.
- based on the output of the python function, then it runs into two different branches and output the final result.
Then sometimes, it will occurs the "operation not permitted" error at the python function step. If we recall the service once again, it will run correctly with the same inputs and outputs.
✔️ Expected Behavior
fix the bug and make the process stable.
❌ Actual Behavior
No response
@neptune4year Hello there! I'm here to help you with bug fixes, answer your questions, and guide you to become a contributor. Let's work together to resolve any issues you're experiencing while we wait for a human maintainer.
The "operation not permitted" error in your self-hosted Dify setup using Docker is likely due to restrictions in the Docker environment. Here are steps to resolve the issue:
-
Check File Permissions: Ensure that the directories and files mounted into the Docker containers have the correct permissions. The user inside the container should have the necessary permissions to read/write to these directories.
-
Update Docker Compose File: Ensure that the
volumessection in yourdocker-compose.yamlfile correctly maps the host directories to the container directories and that the permissions are set correctly. Here is an example:services: api: image: langgenius/dify-api:0.6.10 restart: always environment: # ... other environment variables ... volumes: - ./volumes/app/storage:/app/api/storage networks: - ssrf_proxy_network - default worker: image: langgenius/dify-api:0.6.10 restart: always environment: # ... other environment variables ... volumes: - ./volumes/app/storage:/app/api/storage networks: - ssrf_proxy_network - default db: image: postgres:15-alpine restart: always environment: PGUSER: postgres POSTGRES_PASSWORD: difyai123456 POSTGRES_DB: dify PGDATA: /var/lib/postgresql/data/pgdata volumes: - ./volumes/db/data:/var/lib/postgresql/data healthcheck: test: [ "CMD", "pg_isready" ] interval: 1s timeout: 3s retries: 30 redis: image: redis:6-alpine restart: always volumes: - ./volumes/redis/data:/data command: redis-server --requirepass difyai123456 healthcheck: test: [ "CMD", "redis-cli", "ping" ] # ... other services ... -
Set Correct Permissions on Host: Ensure that the directories on the host have the correct permissions. You can set the permissions using the
chmodcommand. For example:chmod -R 777 ./volumes/app/storage chmod -R 777 ./volumes/db/data chmod -R 777 ./volumes/redis/data -
Run Docker Containers as a Specific User: If the issue persists, try running the Docker containers as a specific user who has the necessary permissions. You can specify the user in the
docker-compose.yamlfile using theuserdirective. For example:services: api: image: langgenius/dify-api:0.6.10 restart: always user: "1000:1000" # Replace with the appropriate user ID and group ID environment: # ... other environment variables ... volumes: - ./volumes/app/storage:/app/api/storage networks: - ssrf_proxy_network - default # ... other services ... -
Convert Files to Unix Format: If you are using Windows, you may need to convert certain files to Unix format to avoid permission issues. For example, the
entrypoint.shfile should be converted to Unix format. You can use thedos2unixtool to do this:# Install dos2unix if not already installed sudo apt-get install dos2unix # Convert the file dos2unix entrypoint.sh
By following these steps, you should be able to resolve the "operation not permitted" error in your Docker setup [1][2].
To continue talking to Dosu, mention @dosu.
![dosubot[bot] avatar](https://avatars.githubusercontent.com/in/324583?v=4 "Published by a pub.dev verified publisher"){kind=small}
def main(llm_text, candidates) -> dict: cans = candidates.split(",") text = llm_text + "" text = text.replace(" ",",") text = text.replace(",",",") text = text.replace("、",",") valid = True completed = True if text.find("{") < 0: return { "result": f'{text}', "check":-1, "valid":0 } rez_words = text.split("{")[1].split("}")[0].split(",") if len(rez_words) > 0: for w in cans: if w not in rez_words: completed = False break else: completed = False return { "result": f'{llm_text}', "check":int(completed), "valid":1 }
this is the code that occurs the error.
the log is just like the above, there is no more information.
What's your sandbox version? upgrade to 2.1 may solve this.
we use the 0.2.1 version already.
I also have this error. It looks like it happened randomly. Re executing will get success. In the sandbox container , which log can help to debug? @neptune4year
I also have this error. It looks like it happened randomly. Re executing will get success. In the sandbox container , which log can help to debug? @neptune4year
0.6.6 not this question
@neptune4year Hello there! I'm here to help you with bug fixes, answer your questions, and guide you to become a contributor. Let's work together to resolve any issues you're experiencing while we wait for a human maintainer.
The "operation not permitted" error in your self-hosted Dify setup using Docker is likely due to restrictions in the Docker environment. Here are steps to resolve the issue:
- Check File Permissions: Ensure that the directories and files mounted into the Docker containers have the correct permissions. The user inside the container should have the necessary permissions to read/write to these directories.
- Update Docker Compose File: Ensure that the
volumessection in yourdocker-compose.yamlfile correctly maps the host directories to the container directories and that the permissions are set correctly. Here is an example:services: api: image: langgenius/dify-api:0.6.10 restart: always environment: # ... other environment variables ... volumes: - ./volumes/app/storage:/app/api/storage networks: - ssrf_proxy_network - default worker: image: langgenius/dify-api:0.6.10 restart: always environment: # ... other environment variables ... volumes: - ./volumes/app/storage:/app/api/storage networks: - ssrf_proxy_network - default db: image: postgres:15-alpine restart: always environment: PGUSER: postgres POSTGRES_PASSWORD: difyai123456 POSTGRES_DB: dify PGDATA: /var/lib/postgresql/data/pgdata volumes: - ./volumes/db/data:/var/lib/postgresql/data healthcheck: test: [ "CMD", "pg_isready" ] interval: 1s timeout: 3s retries: 30 redis: image: redis:6-alpine restart: always volumes: - ./volumes/redis/data:/data command: redis-server --requirepass difyai123456 healthcheck: test: [ "CMD", "redis-cli", "ping" ] # ... other services ...- Set Correct Permissions on Host: Ensure that the directories on the host have the correct permissions. You can set the permissions using the
chmodcommand. For example:chmod -R 777 ./volumes/app/storage chmod -R 777 ./volumes/db/data chmod -R 777 ./volumes/redis/data- Run Docker Containers as a Specific User: If the issue persists, try running the Docker containers as a specific user who has the necessary permissions. You can specify the user in the
docker-compose.yamlfile using theuserdirective. For example:services: api: image: langgenius/dify-api:0.6.10 restart: always user: "1000:1000" # Replace with the appropriate user ID and group ID environment: # ... other environment variables ... volumes: - ./volumes/app/storage:/app/api/storage networks: - ssrf_proxy_network - default # ... other services ...- Convert Files to Unix Format: If you are using Windows, you may need to convert certain files to Unix format to avoid permission issues. For example, the
entrypoint.shfile should be converted to Unix format. You can use thedos2unixtool to do this:# Install dos2unix if not already installed sudo apt-get install dos2unix # Convert the file dos2unix entrypoint.shBy following these steps, you should be able to resolve the "operation not permitted" error in your Docker setup [1][2].
To continue talking to Dosu, mention @dosu.
The version 0.6.6 doesn’t have this issue, can see what the differences are between them.
I also have this error. It looks like it happened randomly. Re executing will get success. In the sandbox container , which log can help to debug? @neptune4year
I encountered the same problem
I also have this problem, especially when executing to the iteration node
always fail when I import third-party library
import numpy
def main(arg1: str, arg2: str) -> dict:
return {
"result": arg1 + arg2,
}
also fail even if I don't import it but only select the package in the advanced dependencies.
works well in sandbox command line.
always fail when I import third-party library
import numpy def main(arg1: str, arg2: str) -> dict: return { "result": arg1 + arg2, }also fail even if I don't import it but only select the package in the advanced dependencies.
works well in sandbox command line.
The operation was denied due to ./var/sandbox/sandbox-python/python.so, check this blog. One solution is to rebuild the .so file as described in the blog. However, to keep the service simple, it might be better to create another service for all specific operations and communicate with it via HTTP requests?
I am running into the same issue, and the stability is a serious problem. This happens randomly, and I cannot reproduce it.
Are there any updates on how to fix this?
I am running into the same issue, and the stability is a serious problem. This happens randomly, and I cannot reproduce it. Are there any updates on how to fix this?
use the latest version: https://github.com/langgenius/dify-sandbox/releases/tag/0.2.4
I am running into the same issue, and the stability is a serious problem. This happens randomly, and I cannot reproduce it. Are there any updates on how to fix this?
use the latest version: https://github.com/langgenius/dify-sandbox/releases/tag/0.2.4
Still receiving error: operation not permitted, what I imported is pdf2image
Btw, is it possible to get the detailed log for each execution?
For operation not permitted see docs here. https://github.com/langgenius/dify-sandbox/blob/main/FAQ.md
我是用的windows 下的 wsl2 运行 docker 使用这个版本 image: langgenius/dify-sandbox:0.2.10
我看到日志里面抛出这样的错误,但是我已经在python_lib_path:中配置了对应的路径
错误如下:
2025/03/12 11:06:11 env.go:30: [WARN]python lib path /usr/lib/python3.10 is not available 2025/03/12 11:06:11 env.go:30: [WARN]python lib path /usr/lib/python3 is not available 2025/03/12 11:06:21 env.go:30: [WARN]python lib path /run/systemd/resolve/stub-resolv.conf is not available 2025/03/12 11:06:21 env.go:30: [WARN]python lib path /run/resolvconf/resolv.conf is not available
- 编辑 volumes/sandbox/conf/config.yaml 文件,修改 allowed_syscalls 配置
- 检查自己需要的allowed_syscalls: https://github.com/langgenius/dify-sandbox/issues/12#issuecomment-2228581643
- 例子: https://lzw.me/a/dify-sandbox-allowed_syscalls.html
encounter this issue, the reason is "uuid.uuid1()", after replacing with "uuid.uuid4()", the problem is solved. uuid1 use mac address, we suspect container forbiddens reading mac address.
encounter this issue, the reason is "uuid.uuid1()", after replacing with "uuid.uuid4()", the problem is solved.遇到这个问题,原因是"uuid.uuid1()",替换为"uuid.uuid4()"后,问题解决了。 uuid1 use mac address, we suspect container forbiddens reading mac address.uuid1 使用 MAC 地址,我们怀疑容器禁止读取 MAC 地址。
ME Too , Think you suggestion
