exec /app/run: operation not permitted #91

New Issue

Closed

opened 2025-12-29 09:22:55 +01:00 by adam · 9 comments

adam commented 2025-12-29 09:22:55 +01:00

Owner

Copy Link

Originally created by @zachkont on GitHub (Jul 9, 2025).

I recently replaced the drive where godoxy was happily running as a compose file and since then I can't start it successfully. Instead, I keep getting a

exec /app/run: operation not permitted

error in the godoxy:v0.15.3 container logs and a

exec /nodejs/bin/node: operation not permitted

in the godoxy-frontend:v0.15.3 container logs. The godoxy-socket container logs indicate that it's running fine I think

2025/07/09 21:49:50 Docker socket listening on: 0.0.0.0:2375

I am fairly certain it's a permissions issue but I cannot figure out what exactly. I have tried moving the mounted volume from the /data/compose/godoxy directory where it was running before the drive change to a directory in my home, I have tried different ownership schemes (root:root, root:docker, user:docker) while always making sure that GODOXY_UID and GODOXY_GID have the correct values set but I keep getting the same message. I also tried deleting everything inside the mounted directories and letting the container create new entries but it only created the sub-dirs and nothing else and the error kept showing up in the logs. One note is that the subdirs were created with root:root ownership even though the env vars pointed to user:docker. I should also mention I'm running them through a portainer-gitops setup.

Originally created by @zachkont on GitHub (Jul 9, 2025). I recently replaced the drive where godoxy was happily running as a compose file and since then I can't start it successfully. Instead, I keep getting a ``` exec /app/run: operation not permitted ``` error in the `godoxy:v0.15.3` container logs and a ``` exec /nodejs/bin/node: operation not permitted ``` in the `godoxy-frontend:v0.15.3` container logs. The `godoxy-socket` container logs indicate that it's running fine I think ``` 2025/07/09 21:49:50 Docker socket listening on: 0.0.0.0:2375 ``` I am fairly certain it's a permissions issue but I cannot figure out what exactly. I have tried moving the mounted volume from the `/data/compose/godoxy` directory where it was running before the drive change to a directory in my home, I have tried different ownership schemes (`root:root`, `root:docker`, `user:docker`) while always making sure that `GODOXY_UID` and `GODOXY_GID` have the correct values set but I keep getting the same message. I also tried deleting everything inside the mounted directories and letting the container create new entries but it only created the sub-dirs and nothing else and the error kept showing up in the logs. One note is that the subdirs were created with `root:root` ownership even though the env vars pointed to `user:docker`. I should also mention I'm running them through a portainer-gitops setup.

adam closed this issue 2025-12-29 09:22:55 +01:00

adam commented 2025-12-29 09:22:56 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Jul 10, 2025):

Does it happen on any other containers?

@yusing commented on GitHub (Jul 10, 2025): Does it happen on any other containers?

adam commented 2025-12-29 09:22:56 +01:00

Author

Owner

Copy Link

@zachkont commented on GitHub (Jul 10, 2025):

no, all the others were moved without issue

@zachkont commented on GitHub (Jul 10, 2025): no, all the others were moved without issue

adam commented 2025-12-29 09:22:56 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Jul 11, 2025):

Have you tried with UID 0 and GID 0?

@yusing commented on GitHub (Jul 11, 2025): Have you tried with UID 0 and GID 0?

adam commented 2025-12-29 09:22:56 +01:00

Author

Owner

Copy Link

@zachkont commented on GitHub (Jul 11, 2025):

Yes, the combinations I've tried are 0:0 and 1000:1001 (my user and the docker group which matches the mounted volume permissions)

@zachkont commented on GitHub (Jul 11, 2025): Yes, the combinations I've tried are 0:0 and 1000:1001 (my user and the docker group which matches the mounted volume permissions)

adam commented 2025-12-29 09:22:56 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Jul 11, 2025):

I guess you could try removing cap_drop and security_opts from docker compose file and try again.

Also may I know your docker engine version?

@yusing commented on GitHub (Jul 11, 2025): I guess you could try removing `cap_drop` and `security_opts` from docker compose file and try again. Also may I know your docker engine version?

adam commented 2025-12-29 09:22:57 +01:00

Author

Owner

Copy Link

@zachkont commented on GitHub (Jul 27, 2025):

Sorry for taking so long to reply

❯ docker -v
Docker version 28.1.1+1, build 068a01e

and after removing cap_drop and security_ops it now starts but has trouble creating any files it needs I think. First I got an error about being unable to open /config/config.yml which I copied over into the volume mount from my backup and now I get

07-27 07:20 INF GoDoxy version v0.16.1

07-27 07:20 INF loaded route providers

                  • docker@local 9 routes

                

07-27 07:20 FTL autocert setup error

                  • failed to update last failure: open certs/cert.crt/.last_failure: no such file or directory

cert.crt is a file in my backup but if I copy it over I get

07-27 07:26 FTL autocert setup error

                  • open certs/cert.crt/.last_failure: not a directory

and if I create an empty directory I get

07-27 07:27 FTL autocert setup error

                  • load SSL certificate: read certs/cert.crt: is a directory

@zachkont commented on GitHub (Jul 27, 2025): Sorry for taking so long to reply ``` ❯ docker -v Docker version 28.1.1+1, build 068a01e ``` and after removing `cap_drop` and `security_ops` it now starts but has trouble creating any files it needs I think. First I got an error about being unable to open `/config/config.yml` which I copied over into the volume mount from my backup and now I get ``` 07-27 07:20 INF GoDoxy version v0.16.1 07-27 07:20 INF loaded route providers • docker@local 9 routes 07-27 07:20 FTL autocert setup error • failed to update last failure: open certs/cert.crt/.last_failure: no such file or directory ``` `cert.crt` is a file in my backup but if I copy it over I get ``` 07-27 07:26 FTL autocert setup error • open certs/cert.crt/.last_failure: not a directory ``` and if I create an empty directory I get ``` 07-27 07:27 FTL autocert setup error • load SSL certificate: read certs/cert.crt: is a directory ```

adam commented 2025-12-29 09:22:57 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Jul 27, 2025):

Fixed, please pull again

@yusing commented on GitHub (Jul 27, 2025): Fixed, please pull again

adam commented 2025-12-29 09:22:57 +01:00

Author

Owner

Copy Link

@zachkont commented on GitHub (Jul 27, 2025):

Everything works now, thanks! I'm not familiar with cap_drop and security_opt, is it ok to keep it running without them? why did changing them fix it? It looks like they were being used to reduce the permissions of the container so I guess I'm just trusting the image more with them gone?

@zachkont commented on GitHub (Jul 27, 2025): Everything works now, thanks! I'm not familiar with `cap_drop` and `security_opt`, is it ok to keep it running without them? why did changing them fix it? It looks like they were being used to reduce the permissions of the container so I guess I'm just trusting the image more with them gone?

adam commented 2025-12-29 09:22:57 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Aug 3, 2025):

Idk what changes you have made to the system other than replacing the drive so cannot tell why it does not work with those security features. Yup it is still safe without them.

@yusing commented on GitHub (Aug 3, 2025): Idk what changes you have made to the system other than replacing the drive so cannot tell why it does not work with those security features. Yup it is still safe without them.

adam referenced this issue 2025-12-29 09:23:44 +01:00

[PR #91] [MERGED] refactor: rename utils/testing to expect, replace all dot imports in tests #163

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

compat

feat/agent-stream

dev

main-backup

feat/custom-json-marshaling

feat/non-root-non-host-mode

v0.24.0

v0.23.1

v0.23.0

v0.22.1

v0.22.0

v0.21.3

v0.21.2

v0.21.1

v0.21.0

v0.20.14

v0.20.13

v0.20.12

v0.20.11

v0.20.10

v0.20.9

v0.20.8

v0.20.7

v0.20.6

v0.20.5

v0.20.4

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.2

v0.19.1

v0.19.0

v0.18.6

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.6

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.2

v0.16.0-pathfix

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.2

v0.14.1

v0.14.0

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.9

v0.11.8

v0.11.7

v0.11.6-buildfix

v0.11.6

v0.11.5

v0.11.4

v0.11.3

v0.11.2-2

v0.11.2-1

v0.11.2

v0.11.1

v0.11.0

v0.10.2

v0.10.1

v0.10.0

v0.9.10

v0.9.9-1

v0.9.9

v0.9.8

0.9.8

0.9.7

0.9.6

0.9.5

0.9.4-1

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8.1

0.8.0

0.7.7

0.7.6

0.7.5

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.4-1

0.6.4

0.6.3

0.6.2

0.6.1

0.6

0.6-rp1

0.5.8

0.5.7

0.5.6

0.5.5

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

0.5.0-rc6

0.5.0-rc5

0.5.0-rc4

0.5.0-rc3

0.5.0-rc2

0.5.0-rc1

0.5.0-beta3

0.5.0-beta2

0.5.0-beta

0.4.8-1

0.4.8

0.4.7

0.4.6

0.4.5

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.1

0.3

0.2.2

0.2.1

0.2-alpha

0.1-stable

Labels

Clear labels

bug

enhancement

pull-request

Mirrored from GitHub Pull Request

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/godoxy#91