dockerfiles icon indicating copy to clipboard operation
dockerfiles copied to clipboard
verified publisher icon vimagick

"privileged: true" required for mpd after latest image update

Open melyux opened this issue 5 years ago • 1 comments

I updated the vimagick/mpd container image recently (to the last update 6 days ago) and after that, the MPD container wouldn't start, giving only this in the logs: standard_init_linux.go:211: exec user process caused "operation not permitted".

I had to add privileged: true to the Docker Compose to get the container running again.

melyux avatar Jul 28 '20 01:07 melyux

Currently there are multiple workarounds:

  • build a custom image with capabilities removed from the mpd binary (works fine with swarm):
# Dockerfile for mpd
#

FROM alpine

RUN apk --update upgrade && apk add --no-cache mpd mpc && setcap -r /usr/bin/mpd
COPY mpd.conf /etc/mpd.conf
VOLUME /var/lib/mpd

EXPOSE 6600
CMD ["mpd", "--stdout", "--no-daemon"
  • add capabilities (will not work in swarm):
compose:

- cap_add:
  - SYS_NICE

--------

docker: 

--cap-add SYS_NICE
  • run in a privileged mode (not recommended, will not work in swarm).

nulltab avatar Dec 30 '20 12:12 nulltab