docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon mattermost

Operation Not Permitted

Open Itschotsch opened this issue 2 years ago • 9 comments

I'm on Ubuntu 22.10, with docker-compose 1.29.2 and Docker 20.10.21, both installed using apt (not snap), on a DigitalOcean server. I followed the installation instructions at https://docs.mattermost.com/install/install-docker.html exactly.

  • For step 4, I copied a fullchain.pem and privkey.pem I already had for the same domain to the specified directory with tthe respective names.
  • I skipped the optional step 5.
  • For step 6, I deployed using the included NGINX. After running sudo docker-compose -f docker-compose.yml -f docker-compose.nginx.yml up (not detached to see the output), I get:
Creating network "mattermost" with the default driver
Creating docker_postgres_1 ... done
Creating docker_mattermost_1 ... done
Creating nginx_mattermost    ... done
Attaching to docker_postgres_1, docker_mattermost_1, nginx_mattermost
mattermost_1  | exec /entrypoint.sh: operation not permitted
postgres_1    | exec /usr/local/bin/docker-entrypoint.sh: operation not permitted
nginx_mattermost | exec /docker-entrypoint.sh: operation not permitted
docker_mattermost_1 exited with code 1
docker_postgres_1 exited with code 1

I restarted the server without any other containers running (ports were free), I tried step 6 without the included NGINX, I ran sudo chmod 777 -R ., I ran everything as root, I searched the web, nothing worked. Is this a bug? Did I do everything correctly? What can I do to make this work?

Itschotsch avatar May 17 '23 14:05 Itschotsch

Same issue here when installing without the included NGINX. @Itschotsch, did you find a fix?

ZelnickB avatar Jul 28 '23 14:07 ZelnickB

@ZelnickB Sadly not, I never managed to install it. :( I really hope they look at this soon!

Itschotsch avatar Jul 29 '23 17:07 Itschotsch

I think that I found the problem. Commenting the lines

security_opt:
    - no-new-privileges:true

out of the /docker-compose.yml file (for both services) seems to solve the issue.

I'll open up a PR.

ZelnickB avatar Jul 31 '23 17:07 ZelnickB

@ZelnickB I can confirm this now works for me too. Thanks!

Itschotsch avatar Aug 03 '23 11:08 Itschotsch

@ZelnickB I have commented the line "- no-new-privileges:true" but the error is also exist. I find the answer here from @yosifkit. The config now is

security_opt:
#   - no-new-privileges:true
  - seccomp:unconfined

for both mattermost and postgresdb

LeNguyenGiaBao avatar May 09 '24 04:05 LeNguyenGiaBao

@LeNguyenGiaBao Weird—it worked for me when I tried it.

ZelnickB avatar May 09 '24 16:05 ZelnickB