https-portal
https-portal copied to clipboard
SteveLTN
Problems with setting read_only:true
My AWS Security Hub was failed with ECS containers must restrict access to the root file system to read-only so i want to add read_only to my Docker compose file but it make the container can not build! I have many problem with s6
Here is my docker-compose.yaml
https-portal:
read_only: true
image: steveltn/https-portal:1
ports:
- '8081:443'
environment:
DOMAINS: 'localhost -> http://host.docker.internal:8080'
STAGE: local
volumes:
- s6-overlay:/var/run/s6:rw
And the error =>
backend-https-portal-1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
backend-https-portal-1 | [s6-init] ensuring user provided files have correct perms...s6-chown: fatal: unable to chown /var/run/s6/etc/cont-init.d/20-setup: Read-only file system
backend-https-portal-1 | s6-chown: fatal: unable to chown /var/run/s6/etc/cont-init.d/30-set-docker-gen-status: Read-only file system
backend-https-portal-1 | s6-chown: fatal: unable to chown /var/run/s6/etc/cont-init.d/00-welcome: Read-only file system
backend-https-portal-1 | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/cont-init.d/30-set-docker-gen-status: Read-only file system
backend-https-portal-1 | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/cont-init.d/20-setup: Read-only file system
backend-https-portal-1 | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/cont-init.d/00-welcome: Read-only file system
backend-https-portal-1 | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/20-crond/run: Read-only file system
backend-https-portal-1 | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/30-dynamic-env/run: Read-only file system
backend-https-portal-1 | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/10-docker-gen/run: Read-only file system
backend-https-portal-1 | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/00-nginx/run: Read-only file system
backend-https-portal-1 | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/20-crond/run: Read-only file system
backend-https-portal-1 | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/30-dynamic-env/run: Read-only file system
backend-https-portal-1 | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/10-docker-gen/run: Read-only file system
backend-https-portal-1 | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/00-nginx/run: Read-only file system
backend-https-portal-1 | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/30-dynamic-env/finish: Read-only file system
backend-https-portal-1 | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/20-crond/finish: Read-only file system
backend-https-portal-1 | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/10-docker-gen/finish: Read-only file system
backend-https-portal-1 | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/00-nginx/finish: Read-only file system
backend-https-portal-1 | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/30-dynamic-env/finish: Read-only file system
backend-https-portal-1 | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/20-crond/finish: Read-only file system
backend-https-portal-1 | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/10-docker-gen/finish: Read-only file system
backend-https-portal-1 | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/00-nginx/finish: Read-only file system
backend-https-portal-1 | exited 0.
backend-https-portal-1 | [fix-attrs.d] applying ownership & permissions fixes...
backend-https-portal-1 | [fix-attrs.d] done.
backend-https-portal-1 | [cont-init.d] executing container initialization scripts...
backend-https-portal-1 | [cont-init.d] 00-welcome: executing...
backend-https-portal-1 | foreground: warning: unable to spawn /var/run/s6/etc/cont-init.d/00-welcome: Permission denied
backend-https-portal-1 | [cont-init.d] 00-welcome: exited 127.
backend-https-portal-1 | [cont-finish.d] executing container finish scripts...
backend-https-portal-1 | [cont-finish.d] done.
backend-https-portal-1 | [s6-finish] waiting for services.
backend-https-portal-1 | [s6-finish] sending all processes the TERM signal.
backend-https-portal-1 | [s6-finish] sending all processes the KILL signal and exiting.
backend-https-portal-1 exited with code 1
When i set the volume to s6-overlay:/var/run/s6/etc:rw, it lead to another problems
backend-https-portal-1 | s6-rmrf: fatal: unable to remove /var/run/s6/container_environment: Read-only file system
I am newbie with docker so I'm having quite a bit of difficulty with this part. Thank you for supporting me
