'./launcher bootstrap app' fails when Docker started with '--userns-remap=default' option

Docker version 1.12.3, build 6b644ec

The ‘shared’ subdirectory seems to cause issues when Docker started with ‘–userns-remap=default’.

First error was ‘stat /var/discourse/shared/standalone: permission denied’
I then executed ‘chmod 0755 shared’ which seemed to fix this issue.

Next error was at ‘mkdir -p /shared/postgres_run’ - I assume its another ‘permission denied’ but couldn’t figure out how to get past it.

‘stat shared’ returns:

File: ‘shared’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: fd04h/64772d Inode: 256072 Links: 3
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Context: unconfined_u:object_r:svirt_sandbox_file_t:s0
Access: 2016-11-05 08:07:06.081247227 -0500
Modify: 2016-11-05 08:09:20.368153861 -0500
Change: 2016-11-05 21:22:19.291492841 -0500
Birth: -

Why do you need this command line option?

1 Like

We’ve avoided using LXC and Docker on our servers up until now due to the necessity to run these processes as root.

When I saw that Docker now supports ‘User Namespaces’ which address these concerns I thought I’d test Docker + Discourse, since Discourse does look useful.

If you are going down this rabbit hole you are going to have to test and debug this stuff yourself and get super familiar with docker and the way we bootstrap images.

Thanks for your prompt responses.
We’ll fall back to testing on an Amazon instance using the traditional settings.

I got discourse to work when Docker started with --userrns-remap=default.

In my case docker allocated UID 100000 and GID 100000 to root within the discourse container.

To get bootstrap to succeed I needed to set group and ownership on the discourse shared directory correctly:

sudo chown -R 100000:100000 /var/discouse/shared
sudo chown 0711 /var/discouse/shared

It needs to be said that the recursive chown command should only be run once before first bootstrapping.