Bugzilla – Bug 1224066
DistroBox does not start; after fresh install on SUSE TumbleWeed [ISSUE]
Last modified: 2024-05-27 13:26:04 UTC
Created attachment 874772 [details] A screenshot of my desktop martin@LENOVO-ThinkCentre-M75q-Gen-2--SUSE-TumbleWeed-KDE ~> uname -a Linux LENOVO-ThinkCentre-M75q-Gen-2--SUSE-TumbleWeed-KDE 6.8.8-1-default #1 SMP PREEMPT_DYNAMIC Mon Apr 29 05:24:46 UTC 2024 (5cd3298) x86_64 x86_64 x86_64 GNU/Linux martin@LENOVO-ThinkCentre-M75q-Gen-2--SUSE-TumbleWeed-KDE ~> whoami martin martin@LENOVO-ThinkCentre-M75q-Gen-2--SUSE-TumbleWeed-KDE ~> distrobox list permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.45/containers/json?all=1": dial unix /var/run/docker.sock: connect: permission denied martin@LENOVO-ThinkCentre-M75q-Gen-2--SUSE-TumbleWeed-KDE ~ [1]> sudo distrobox-list --root Running distrobox-list via SUDO/DOAS is not supported. Instead, please try running: distrobox-list --root --root martin@LENOVO-ThinkCentre-M75q-Gen-2--SUSE-TumbleWeed-KDE ~ [1]> systemctl status docker.service ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: disabled) Active: active (running) since Mon 2024-05-06 11:25:38 CEST; 25min ago TriggeredBy: ● docker.socket Docs: http://docs.docker.com Main PID: 23788 (dockerd) Tasks: 36 CPU: 6.458s CGroup: /system.slice/docker.service ├─23788 /usr/bin/dockerd --add-runtime oci=/usr/sbin/runc └─23804 containerd --config /var/run/docker/containerd/containerd.toml --log-level warn martin@LENOVO-ThinkCentre-M75q-Gen-2--SUSE-TumbleWeed-KDE ~> systemctl status docker.socket ● docker.socket - Docker Socket for the API Loaded: loaded (/usr/lib/systemd/system/docker.socket; enabled; preset: disabled) Active: active (running) since Mon 2024-05-06 11:25:37 CEST; 26min ago Triggers: ● docker.service Listen: /run/docker.sock (Stream) Tasks: 0 (limit: 4915) CPU: 488us CGroup: /system.slice/docker.socket martin@LENOVO-ThinkCentre-M75q-Gen-2--SUSE-TumbleWeed-KDE ~> zypper info distrobox Information for package distrobox: ---------------------------------- Repository : Main Repository (OSS) Name : distrobox Version : 1.7.1-1.2 Arch : noarch Vendor : openSUSE Installed Size : 500,8 KiB Installed : Yes Status : up-to-date Source package : distrobox-1.7.1-1.2.src Upstream URL : https://github.com/89luca89/distrobox Summary : Use any linux distribution inside your terminal Description : Use any Linux distribution inside your terminal. Distrobox uses podman or docker to create containers using the Linux distribution of your choice. The created container will be tightly integrated with the host, allowing sharing of the HOME directory of the user, external storage, external USB devices and graphical apps (X11/Wayland), and audio. SYSTEM INFORMATION: root@LENOVO-ThinkCentre-M75q-Gen-2--SUSE-TumbleWeed-KDE /# inxi -F System: Host: LENOVO-ThinkCentre-M75q-Gen-2--SUSE-TumbleWeed-KDE Kernel: 6.8.8-1-default arch: x86_64 bits: 64 Console: pty pts/2 Distro: openSUSE Tumbleweed 20240503 Machine: Type: Mini-pc System: LENOVO product: 11JN000GCK v: ThinkCentre M75q Gen 2 serial: PC2F95D9 Mobo: LENOVO model: 32E4 v: SDK0T76538 WIN 3556288344599 serial: N/A UEFI: LENOVO v: M47KT34A date: 01/04/2024 CPU: Info: 6-core model: AMD Ryzen 5 PRO 5650GE with Radeon Graphics bits: 64 type: MT MCP cache: L2: 3 MiB Speed (MHz): avg: 2349 min/max: 400/4480 cores: 1: 2969 2: 400 3: 3063 4: 2998 5: 3000 6: 2964 7: 3096 8: 400 9: 2999 10: 3001 11: 400 12: 2907 Graphics: Device-1: AMD Cezanne [Radeon Vega Series / Radeon Mobile Series] driver: amdgpu v: kernel Display: server: X.org v: 1.21.1.12 with: Xwayland v: 23.2.6 driver: X: loaded: modesetting unloaded: fbdev,vesa dri: radeonsi gpu: amdgpu tty: 203x54 resolution: 1920x1080 API: EGL v: 1.5 drivers: radeonsi,swrast platforms: surfaceless,device API: OpenGL v: 4.6 compat-v: 4.5 vendor: mesa v: 24.0.5 note: console (EGL sourced) renderer: AMD Radeon Graphics (radeonsi renoir LLVM 18.1.4 DRM 3.57 6.8.8-1-default), llvmpipe (LLVM 18.1.4 256 bits) API: Vulkan v: 1.3.280 drivers: N/A surfaces: N/A Audio: Device-1: AMD Renoir Radeon High Definition Audio driver: snd_hda_intel Device-2: AMD ACP/ACP3X/ACP6x Audio Coprocessor driver: N/A Device-3: AMD Family 17h/19h HD Audio driver: snd_hda_intel API: ALSA v: k6.8.8-1-default status: kernel-api Network: Device-1: Realtek RTL8111/8168/8211/8411 PCI Express Gigabit Ethernet driver: r8169 IF: enp2s0f1 state: up speed: 1000 Mbps duplex: full mac: 04:7b:cb:49:1b:bd IF-ID-1: docker0 state: down mac: 02:42:12:5d:41:59 Bluetooth: Device-1: Realtek Bluetooth Radio driver: btusb type: USB Report: btmgmt ID: hci0 rfk-id: 0 state: down bt-service: enabled,running rfk-block: hardware: no software: yes address: 3C:55:76:44:92:C8 bt-v: 5.1 Drives: Local Storage: total: 1.14 TiB used: 20.53 GiB (1.8%) ID-1: /dev/nvme0n1 vendor: Western Digital model: WD PC SN740 SDDQNQD-256G-1001 size: 238.47 GiB ID-2: /dev/sda vendor: Samsung model: SSD 870 QVO 1TB size: 931.51 GiB Partition: ID-1: / size: 230.22 GiB used: 16.74 GiB (7.3%) fs: btrfs dev: /dev/nvme0n1p2 ID-2: /boot/efi size: 252 MiB used: 330 KiB (0.1%) fs: vfat dev: /dev/nvme0n1p1 ID-3: /home size: 931.51 GiB used: 3.78 GiB (0.4%) fs: btrfs dev: /dev/sda1 ID-4: /opt size: 230.22 GiB used: 16.74 GiB (7.3%) fs: btrfs dev: /dev/nvme0n1p2 ID-5: /var size: 230.22 GiB used: 16.74 GiB (7.3%) fs: btrfs dev: /dev/nvme0n1p2 Swap: ID-1: swap-1 type: partition size: 8 GiB used: 15.2 MiB (0.2%) dev: /dev/nvme0n1p3 Sensors: System Temperatures: cpu: 39.4 C mobo: N/A gpu: amdgpu temp: 34.0 C Fan Speeds (rpm): N/A Info: Memory: total: 8 GiB note: est. available: 6.64 GiB used: 4.73 GiB (71.2%) Processes: 359 Uptime: 0h 56m Init: systemd Shell: fish inxi: 3.3.34
> distrobox list permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.45/containers/json?all=1": dial unix /var/run/docker.sock: connect: permission denied Docker socket in openSUSE has a following permissions $ stat /run/docker.sock File: /run/docker.sock Size: 0 Blocks: 0 IO Block: 4096 socket Device: 0,26 Inode: 1914 Links: 1 Access: (0666/srw-rw-rw-) Uid: ( 0/ root) Gid: ( 471/ docker) So it can be accessed by users in a docker group. You can check the list of a groups via id command or userctl user $login.
So the point is that there is no mention (the one similar to VirtualBox) about the current user is supposed to be part of the Docker group which could easily be set in %post / %posttrans script as: `usermod -aG $USER docker` (or equivalent...). I shall give it a try again later and change the status quota of the issue here . . Thanks for the reply.
There is official documentation that describes manual steps post-install on Linux, see https://docs.docker.com/engine/install/linux-postinstall/. I don't classify this as a bug, but rather well-known behavior. Changes to the Docker package would be a feature request. Aleksa, should we add users to groups in %post/%posttrans scripts?
(In reply to Alexandre Vicenzi from comment #3) > There is official documentation that describes manual steps post-install on > Linux, see https://docs.docker.com/engine/install/linux-postinstall/. > > I don't classify this as a bug, but rather well-known behavior. Changes to > the Docker package would be a feature request. > > Aleksa, should we add users to groups in %post/%posttrans scripts? Nope, it is not a BUG indeed. It is rather my oversight than anything else. But it is a formerly missing information by those who maintain it - As a post installation step / notification about what needs to be done in order to use the software.
(In reply to Alexandre Vicenzi from comment #3) > There is official documentation that describes manual steps post-install on > Linux, see https://docs.docker.com/engine/install/linux-postinstall/. > > I don't classify this as a bug, but rather well-known behavior. Changes to > the Docker package would be a feature request. > > Aleksa, should we add users to groups in %post/%posttrans scripts? Access to the docker group gives you admin privileges to the machine (it is trivial to get root host access using Docker) and so automatically adding users seems like a bad idea in general. We also don't know which users we should add to the group at install time anyway. (In reply to Martin von Reichenberg from comment #2) > So the point is that there is no mention (the one similar to VirtualBox) > about the current user is supposed to be part of the Docker group which > could easily be set in %post / %posttrans script as: `usermod -aG $USER > docker` (or equivalent...). (In reply to Martin von Reichenberg from comment #4) > But it is a formerly missing information by those who maintain it - As a > post installation step / notification about what needs to be done in order > to use the software. I don't see anything in the VirtualBox spec file which would tell users about the vboxusers group at install time. If you want, we can add a line in the package documentation about the docker group, but the fact that you need to be part of the docker group to administer Docker is incredibly common knowledge for users of Docker. As mentioned above, this is mentioned already by the upstream documentation.
(In reply to Aleksa Sarai from comment #5) > (In reply to Alexandre Vicenzi from comment #3) > > There is official documentation that describes manual steps post-install on > > Linux, see https://docs.docker.com/engine/install/linux-postinstall/. > > > > I don't classify this as a bug, but rather well-known behavior. Changes to > > the Docker package would be a feature request. > > > > Aleksa, should we add users to groups in %post/%posttrans scripts? > > Access to the docker group gives you admin privileges to the machine (it is > trivial to get root host access using Docker) and so automatically adding > users seems like a bad idea in general. We also don't know which users we > should add to the group at install time anyway. > > (In reply to Martin von Reichenberg from comment #2) > > So the point is that there is no mention (the one similar to VirtualBox) > > about the current user is supposed to be part of the Docker group which > > could easily be set in %post / %posttrans script as: `usermod -aG $USER > > docker` (or equivalent...). > > (In reply to Martin von Reichenberg from comment #4) > > But it is a formerly missing information by those who maintain it - As a > > post installation step / notification about what needs to be done in order > > to use the software. > > I don't see anything in the VirtualBox spec file which would tell users > about the vboxusers group at install time. If you want, we can add a line in > the package documentation about the docker group, but the fact that you need > to be part of the docker group to administer Docker is incredibly common > knowledge for users of Docker. As mentioned above, this is mentioned already > by the upstream documentation. VirtualBox shows the notification window at the initial runtime. In case of DistroBox it is not clear at the very first usage that it's all bound to Docker (- services/groups). Probably an echo/printf message could be enough, but it should be told after install or initial startup somehow - more likely a request to upstream.
> In case of DistroBox it is not clear at the very first usage that it's all bound to Docker (- services/groups). Distrobox already states in its documentation that it requires rootless podman/docker to work properly and also links to proper instructions. See: https://distrobox.it/compatibility/#supported-container-managers > Probably an echo/printf message could be enough, but it should be told after install or initial startup somehow - more likely a request to upstream. For now, I'm going to close this as there's nothing we can do on our side. Issues raised upstream with permission denied are often closed as invalid and pointed to the documentation. If there's a reliable way to detect that the system is not in rootless mode, it might be worth implementing it upstream and printing it out to warn the user.