Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problems with setting read_only:true #343

Open
hieuhgt opened this issue Nov 20, 2023 · 0 comments
Open

Problems with setting read_only:true #343

hieuhgt opened this issue Nov 20, 2023 · 0 comments

Comments

@hieuhgt
Copy link

hieuhgt commented Nov 20, 2023

My AWS Security Hub was failed with ECS containers must restrict access to the root file system to read-only so i want to add read_only to my Docker compose file but it make the container can not build! I have many problem with s6
Here is my docker-compose.yaml

  https-portal:
    read_only: true
    image: steveltn/https-portal:1
    ports:
      - '8081:443'
    environment:
      DOMAINS: 'localhost -> http://host.docker.internal:8080'
      STAGE: local
    volumes:
      - s6-overlay:/var/run/s6:rw

And the error =>

backend-https-portal-1  | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
backend-https-portal-1  | [s6-init] ensuring user provided files have correct perms...s6-chown: fatal: unable to chown /var/run/s6/etc/cont-init.d/20-setup: Read-only file system
backend-https-portal-1  | s6-chown: fatal: unable to chown /var/run/s6/etc/cont-init.d/30-set-docker-gen-status: Read-only file system
backend-https-portal-1  | s6-chown: fatal: unable to chown /var/run/s6/etc/cont-init.d/00-welcome: Read-only file system
backend-https-portal-1  | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/cont-init.d/30-set-docker-gen-status: Read-only file system
backend-https-portal-1  | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/cont-init.d/20-setup: Read-only file system
backend-https-portal-1  | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/cont-init.d/00-welcome: Read-only file system
backend-https-portal-1  | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/20-crond/run: Read-only file system
backend-https-portal-1  | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/30-dynamic-env/run: Read-only file system
backend-https-portal-1  | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/10-docker-gen/run: Read-only file system
backend-https-portal-1  | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/00-nginx/run: Read-only file system
backend-https-portal-1  | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/20-crond/run: Read-only file system
backend-https-portal-1  | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/30-dynamic-env/run: Read-only file system
backend-https-portal-1  | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/10-docker-gen/run: Read-only file system
backend-https-portal-1  | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/00-nginx/run: Read-only file system
backend-https-portal-1  | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/30-dynamic-env/finish: Read-only file system
backend-https-portal-1  | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/20-crond/finish: Read-only file system
backend-https-portal-1  | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/10-docker-gen/finish: Read-only file system
backend-https-portal-1  | s6-chown: fatal: unable to chown /var/run/s6/etc/services.d/00-nginx/finish: Read-only file system
backend-https-portal-1  | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/30-dynamic-env/finish: Read-only file system
backend-https-portal-1  | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/20-crond/finish: Read-only file system
backend-https-portal-1  | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/10-docker-gen/finish: Read-only file system
backend-https-portal-1  | s6-chmod: fatal: unable to change mode of /var/run/s6/etc/services.d/00-nginx/finish: Read-only file system
backend-https-portal-1  | exited 0.
backend-https-portal-1  | [fix-attrs.d] applying ownership & permissions fixes...
backend-https-portal-1  | [fix-attrs.d] done.
backend-https-portal-1  | [cont-init.d] executing container initialization scripts...
backend-https-portal-1  | [cont-init.d] 00-welcome: executing... 
backend-https-portal-1  | foreground: warning: unable to spawn /var/run/s6/etc/cont-init.d/00-welcome: Permission denied
backend-https-portal-1  | [cont-init.d] 00-welcome: exited 127.
backend-https-portal-1  | [cont-finish.d] executing container finish scripts...
backend-https-portal-1  | [cont-finish.d] done.
backend-https-portal-1  | [s6-finish] waiting for services.
backend-https-portal-1  | [s6-finish] sending all processes the TERM signal.
backend-https-portal-1  | [s6-finish] sending all processes the KILL signal and exiting.
backend-https-portal-1 exited with code 1

When i set the volume to s6-overlay:/var/run/s6/etc:rw, it lead to another problems

backend-https-portal-1  | s6-rmrf: fatal: unable to remove /var/run/s6/container_environment: Read-only file system

I am newbie with docker so I'm having quite a bit of difficulty with this part. Thank you for supporting me
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hieuhgt