Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Since 4-23-2022 image container won't start with s6-overlay-suexec: fatal: can only run as pid 1 #434

Closed
mroth opened this issue Apr 23, 2022 · 31 comments
Labels

Comments

@mroth
Copy link

mroth commented Apr 23, 2022

Describe Your Problem:
Since latest version pushed to Docker Hub yesterday, container wont start for me with message s6-overlay-suexec: fatal: can only run as pid 1.

Rolling back to previous tag for my architecture (2022-04-14-aarch64) appears to successfully mitigate the issue, so likely something introduced in recent commits.

Logs:

s6-overlay-suexec: fatal: can only run as pid 1
s6-overlay-suexec: fatal: can only run as pid 1
s6-overlay-suexec: fatal: can only run as pid 1
s6-overlay-suexec: fatal: can only run as pid 1
s6-overlay-suexec: fatal: can only run as pid 1
s6-overlay-suexec: fatal: can only run as pid 1
s6-overlay-suexec: fatal: can only run as pid 1
s6-overlay-suexec: fatal: can only run as pid 1
s6-overlay-suexec: fatal: can only run as pid 1

etc.

Docker Start Command:
Configured via ansible, but the syntax here is similar to docker compose so should be fairly explanatory.

  - name: Set up Homebridge container
    docker_container:
      container_default_behavior: compatibility
      name: homebridge
      image: oznu/homebridge:latest
      state: started
      network_mode: host
      # Run an init inside the container that forwards signals and reaps
      # processes. This option requires Docker API >= 1.25.
      init: yes
      restart_policy: always
      pull: yes
      volumes:
        - /config/homebridge:/homebridge
      env:
        TZ: "America/New_York"
        PGID: "1000"
        PUID: "1000"
        HOMEBRIDGE_INSECURE: "0"
        HOMEBRIDGE_DEBUG: "0"
        HOMEBRIDGE_CONFIG_UI: "1"
        HOMEBRIDGE_CONFIG_UI_PORT: "8080"

Homebridge Config:

{
    "bridge": {
        "name": "REDACTED",
        "username": "REDACTED",
        "port": 52133,
        "pin": "REDACTED",
        "advertiser": "ciao"
    },
    "accessories": [],
    "platforms": [
        {
            "name": "Hue",
            "users": {
                "REDACTED": "REDACTED"
            },
            "hosts": [
                "127.0.0.1"
            ],
            "lights": true,
            "nativeHomeKitLights": true,
            "nativeHomeKitSensors": true,
            "nupnp": true,
            "resource": true,
            "sensors": true,
            "platform": "Hue"
        },
        {
            "name": "Config",
            "port": 8080,
            "platform": "config"
        }
    ]
}

Screenshots:
N/A

Environment:

  • Host Operating System: Linux raspberrypi 5.10.92-v8+ #1514 SMP PREEMPT Mon Jan 17 17:39:38 GMT 2022 aarch64 GNU/Linux
  • Docker Version:
Client: Docker Engine - Community
 Version:           20.10.14
 API version:       1.41
 Go version:        go1.16.15
 Git commit:        a224086
 Built:             Thu Mar 24 01:47:24 2022
 OS/Arch:           linux/arm64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.14
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.15
  Git commit:       87a90dc
  Built:            Thu Mar 24 01:45:44 2022
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.5.11
  GitCommit:        3df54a852345ae127d1fa3092b95168e4a88e2f8
 runc:
  Version:          1.0.3
  GitCommit:        v1.0.3-0-gf46b6ba
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
  • Image Tag / Type: latest
@mroth mroth added the question label Apr 23, 2022
@DannyBoyKN
Copy link

I have a similar problem since version 2022-04-23 on the RaspberryPi 4 (mage: oznu/homebridge:ubuntu):

$ docker-compose -f docker-compose.homebridge.yml up

Creating homebridge ... done
Attaching to homebridge
homebridge    | s6-svscan: warning: unable to iopause: Operation not permitted
homebridge    | s6-svscan: warning: executing into .s6-svscan/crash
homebridge    | s6-svscan crashed. Killing everything and exiting.
homebridge    | s6-linux-init-hpr: fatal: unable to reboot(): Operation not permitted
homebridge    | s6-svscan: warning: unable to iopause: Operation not permitted
homebridge    | s6-svscan: warning: executing into .s6-svscan/crash
homebridge    | s6-svscan crashed. Killing everything and exiting.
homebridge    | s6-supervise s6-linux-init-shutdownd: fatal: unable to iopause: Operation not permitted
homebridge    | s6-linux-init-shutdownd: fatal: unable to iopause: Operation not permitted
homebridge    | s6-linux-init-hpr: fatal: unable to reboot(): Operation not permitted
homebridge exited with code 111

Back to oznu/homebridge:2022-04-14-debian-arm32v7 works fine!

Could that be related ?

@stefan1957

This comment was marked as duplicate.

@oznu
Copy link
Member

oznu commented Apr 24, 2022

@mroth - the issue is the init: true flag in your docker-compose file.

The updated version of s6 in the latest container does not seem to like this.

I was able to replicate the issue you are facing with init: true, the issue is not present when this flag is not set.

@YPyltiai
Copy link

YPyltiai commented Apr 24, 2022

@oznu I don't think that's it - I don't have init: true and it doesn't work for me either. Had to roll back to oznu/homebridge:2022-04-14.
I have the vanilla config that is mentioned in setup process, so something else is likely wrong.

@stefan1957
Copy link

@oznu I don't have init: true and it doesn't work for me either. Had to roll back to oznu/homebridge:2022-04-14
this is wat happens when i use :latest

homebridge_1 | s6-svscan: warning: unable to iopause: Operation not permitted
homebridge_1 | s6-svscan: warning: executing into .s6-svscan/crash
homebridge_1 | s6-supervise s6-linux-init-shutdownd: fatal: unable to iopause: Operation not permitted
homebridge_1 | s6-svscan crashed. Killing everything and exiting.
homebridge_1 | s6-linux-init-shutdownd: fatal: unable to iopause: Operation not permitted
homebridge_1 | s6-linux-init-hpr: fatal: unable to reboot(): Operation not permitted

@Hifclif
Copy link

Hifclif commented Apr 24, 2022

Same Problem here

@casperse
Copy link

casperse commented Apr 24, 2022

Same problem here! not running anymore?
Rollback on Unraid docker and its working again! Thanks
repository: oznu/homebridge:2022-04-14

@sparkrussell
Copy link

I had to roll back to 2022-04-03 in order for the container to startup successfully again.

@gargamelonly
Copy link

gargamelonly commented Apr 26, 2022

same issue with my setup (RPI3).
rolled back to older image:
image: oznu/homebridge:2022-04-14-raspberry-pi

@n2o
Copy link

n2o commented Apr 26, 2022

Same problem here on a Raspberry Pi 4. "Solved" it by downgrading to 2022-04-14.

PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian
version: '2'
services:
  homebridge:
    image: oznu/homebridge:ubuntu
    restart: unless-stopped
    network_mode: host
    environment:
      - PGID=1000
      - PUID=1000
      - HOMEBRIDGE_CONFIG_UI=1
      - HOMEBRIDGE_CONFIG_UI_PORT=8581
      - TZ=Europe/Berlin
    volumes:
      - ./persist/homebridge:/homebridge
root@pi /d/homebridge# docker-compose down
Stopping homebridge_homebridge_1 ... done
Removing homebridge_homebridge_1 ... done
root@pi /d/homebridge# docker-compose up -d
Creating homebridge_homebridge_1 ... done
root@pi /d/homebridge# docker-compose logs -f
Attaching to homebridge_homebridge_1
homebridge_1  | s6-svscan: warning: unable to iopause: Operation not permitted
homebridge_1  | s6-svscan: warning: executing into .s6-svscan/crash
homebridge_1  | s6-svscan crashed. Killing everything and exiting.
homebridge_1  | s6-linux-init-hpr: fatal: unable to reboot(): Operation not permitted
homebridge_1  | s6-svscan: warning: unable to iopause: Operation not permitted
homebridge_1  | s6-svscan: warning: executing into .s6-svscan/crash
homebridge_1  | s6-svscan crashed. Killing everything and exiting.
homebridge_1  | s6-linux-init-hpr: fatal: unable to reboot(): Operation not permitted
homebridge_1  | s6-svscan: warning: unable to iopause: Operation not permitted
homebridge_1  | s6-svscan: warning: executing into .s6-svscan/crash
homebridge_1  | s6-svscan crashed. Killing everything and exiting.
homebridge_1  | s6-supervise s6-linux-init-shutdownd: fatal: unable to iopause: Operation not permitted
homebridge_1  | s6-linux-init-shutdownd: fatal: unable to iopause: Operation not permitted
homebridge_1  | s6-linux-init-hpr: fatal: unable to reboot(): Operation not permitted
homebridge_1  | s6-svscan: warning: unable to iopause: Operation not permitted
homebridge_1  | s6-svscan: warning: executing into .s6-svscan/crash
homebridge_1  | s6-svscan crashed. Killing everything and exiting.
homebridge_1  | s6-linux-init-hpr: fatal: unable to reboot(): Operation not permitted
homebridge_1  | s6-svscan: warning: unable to iopause: Operation not permitted
homebridge_1  | s6-svscan: warning: executing into .s6-svscan/crash
homebridge_1  | s6-svscan crashed. Killing everything and exiting.
homebridge_1  | s6-supervise s6-linux-init-shutdownd: fatal: unable to iopause: Operation not permitted
homebridge_1  | s6-linux-init-hpr: fatal: unable to reboot(): Operation not permitted
homebridge_homebridge_1 exited with code 111

@makstech
Copy link

makstech commented Apr 28, 2022

Similar issue, on RPI3B+ (aarch64). It initializes at first normally (though 40-dbus-avahi: exited 1) but then that last part about s6-applyuidgid: fatal: unable to exec hb-service: Exec format error and "Thank you" part are looped indefinetely.

Edit: This seems more like a #315.

Distributor ID:	Debian
Description:	Debian GNU/Linux 11 (bullseye)
Release:	11
Codename:	bullseye
version: '3.8'

services:
  homebridge:
    image: oznu/homebridge:latest
    restart: unless-stopped
    environment:
      - TZ=Europe/Riga
      - HOMEBRIDGE_CONFIG_UI=1
      - PGID=1000
      - PUID=1000
    volumes:
      - ./homebridge/files:/homebridge
    network_mode: "host"
homebridge-1  | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
homebridge-1  | [s6-init] ensuring user provided files have correct perms...exited 0.
homebridge-1  | [fix-attrs.d] applying ownership & permissions fixes...
homebridge-1  | [fix-attrs.d] done.
homebridge-1  | [cont-init.d] executing container initialization scripts...
homebridge-1  | [cont-init.d] 10-adduser: executing...
homebridge-1  | usermod: no changes
homebridge-1  |
homebridge-1  | -------------------------------------
homebridge-1  | GID/UID
homebridge-1  | -------------------------------------
homebridge-1  | User uid:    1000
homebridge-1  | User gid:    1000
homebridge-1  | -------------------------------------
homebridge-1  |
homebridge-1  | [cont-init.d] 10-adduser: exited 0.
homebridge-1  | [cont-init.d] 20-set-timezone: executing...
homebridge-1  | [cont-init.d] 20-set-timezone: exited 0.
homebridge-1  | [cont-init.d] 30-packages: executing...
homebridge-1  | [cont-init.d] 30-packages: exited 0.
homebridge-1  | [cont-init.d] 40-dbus-avahi: executing...
homebridge-1  | [cont-init.d] 40-dbus-avahi: exited 1.
homebridge-1  | [cont-init.d] 45-user-data: executing...
homebridge-1  | [cont-init.d] 45-user-data: exited 0.
homebridge-1  | [cont-init.d] 50-plugins: executing...
homebridge-1  |
homebridge-1  |
homebridge-1  |     Thank you for using the oznu/homebridge docker image!
...
homebridge-1  |
homebridge-1  | Homebridge: Installing plugins...
homebridge-1  |
homebridge-1  | up to date in 9s
homebridge-1  |
homebridge-1  | up to date in 4s
homebridge-1  | [cont-init.d] 50-plugins: exited 0.
homebridge-1  | [cont-init.d] 55-config-ui: executing...
homebridge-1  | Enabling homebridge-config-ui-x...
homebridge-1  | [cont-init.d] 55-config-ui: exited 0.
homebridge-1  | [cont-init.d] done.
homebridge-1  | [services.d] starting services
homebridge-1  | Starting cron
homebridge-1  |
homebridge-1  |   If you find this project useful please STAR it on GitHub:
...
homebridge-1  |
homebridge-1  | [services.d] done.
homebridge-1  | s6-applyuidgid: fatal: unable to exec hb-service: Exec format error
homebridge-1  |
homebridge-1  |
homebridge-1  |     Thank you for using the oznu/homebridge docker image!
homebridge-1  |
homebridge-1  |   If you find this project useful please STAR it on GitHub:
homebridge-1  |
homebridge-1  |          https://github.com/oznu/docker-homebridge
homebridge-1  |
homebridge-1  |                 Or donate to the project:
homebridge-1  |
homebridge-1  |             https://github.com/sponsors/oznu
homebridge-1  |                   https://paypal.me/oznu
homebridge-1  |
homebridge-1  | s6-applyuidgid: fatal: unable to exec hb-service: Exec format error

@stefan1957
Copy link

@oznu I don't have init: true and it doesn't work for me either. Had to roll back to oznu/homebridge:2022-04-14 this is wat happens when i use :latest

homebridge_1 | s6-svscan: warning: unable to iopause: Operation not permitted homebridge_1 | s6-svscan: warning: executing into .s6-svscan/crash homebridge_1 | s6-supervise s6-linux-init-shutdownd: fatal: unable to iopause: Operation not permitted homebridge_1 | s6-svscan crashed. Killing everything and exiting. homebridge_1 | s6-linux-init-shutdownd: fatal: unable to iopause: Operation not permitted homebridge_1 | s6-linux-init-hpr: fatal: unable to reboot(): Operation not permitted

I solved the problem by updating libseccomp2 to version 2.5.4-1.
First i downloaded libseccomp2_2.5.4-1_armhf.deb from here http://ftp.debian.org/debian/pool/main/libs/libseccomp/
and moved it to the Rpi in my case to the homebridge directory
and followed the step below:

pi@raspberrypi:~/homebridge $ sudo dpkg -i libseccomp2_2.5.4-1_armhf.deb
(Reading database ... 51531 files and directories currently installed.)
Preparing to unpack libseccomp2_2.5.4-1_armhf.deb ...
Unpacking libseccomp2:armhf (2.5.4-1) over (2.3.3-4) ...
Setting up libseccomp2:armhf (2.5.4-1) ...
Processing triggers for libc-bin (2.28-10+rpt2+rpi1) ..

After that i pulled the last image (latest) and everything works fine again

OS
Linux raspberrypi 5.10.103-v7l+ #1529 SMP Tue Mar 8 12:24:00 GMT 2022 armv7l GNU/Linux

@artjom83
Copy link

@oznu I don't have init: true and it doesn't work for me either. Had to roll back to oznu/homebridge:2022-04-14 this is wat happens when i use :latest
homebridge_1 | s6-svscan: warning: unable to iopause: Operation not permitted homebridge_1 | s6-svscan: warning: executing into .s6-svscan/crash homebridge_1 | s6-supervise s6-linux-init-shutdownd: fatal: unable to iopause: Operation not permitted homebridge_1 | s6-svscan crashed. Killing everything and exiting. homebridge_1 | s6-linux-init-shutdownd: fatal: unable to iopause: Operation not permitted homebridge_1 | s6-linux-init-hpr: fatal: unable to reboot(): Operation not permitted

I solved the problem by updating libseccomp2 to version 2.5.4-1. First i downloaded libseccomp2_2.5.4-1_armhf.deb from here http://ftp.debian.org/debian/pool/main/libs/libseccomp/ and moved it to the Rpi in my case to the homebridge directory and followed the step below:

pi@raspberrypi:~/homebridge $ sudo dpkg -i libseccomp2_2.5.4-1_armhf.deb (Reading database ... 51531 files and directories currently installed.) Preparing to unpack libseccomp2_2.5.4-1_armhf.deb ... Unpacking libseccomp2:armhf (2.5.4-1) over (2.3.3-4) ... Setting up libseccomp2:armhf (2.5.4-1) ... Processing triggers for libc-bin (2.28-10+rpt2+rpi1) ..

After that i pulled the last image (latest) and everything works fine again

OS Linux raspberrypi 5.10.103-v7l+ #1529 SMP Tue Mar 8 12:24:00 GMT 2022 armv7l GNU/Linux

That solved it for me as well! Cheers

@DannyBoyKN
Copy link

@stefan1957
I solved the problem by updating libseccomp2 to version 2.5.4-1. First i downloaded libseccomp2_2.5.4-1_armhf.deb from here http://ftp.debian.org/debian/pool/main/libs/libseccomp/ and moved it to the Rpi in my case to the homebridge directory and followed the step below:

pi@raspberrypi:~/homebridge $ sudo dpkg -i libseccomp2_2.5.4-1_armhf.deb (Reading database ... 51531 files and directories currently installed.) Preparing to unpack libseccomp2_2.5.4-1_armhf.deb ... Unpacking libseccomp2:armhf (2.5.4-1) over (2.3.3-4) ... Setting up libseccomp2:armhf (2.5.4-1) ... Processing triggers for libc-bin (2.28-10+rpt2+rpi1) ..

After that i pulled the last image (latest) and everything works fine again

OS Linux raspberrypi 5.10.103-v7l+ #1529 SMP Tue Mar 8 12:24:00 GMT 2022 armv7l GNU/Linux

I'm using latest buster image on my raspberry pi 4 and libseccomp2:armhf (2.5.4-1) ist not officially available. Instead of downloading the package manually and installing it I would suggest to go the back ports way, which might also update / correct dependency packages:

In
sudo vi /etc/apt/sources.list
or
sudo vi /etc/apt/sources.list.d/buster-backports.list
add the following line
deb http://deb.debian.org/debian buster-backports main
and add the keys from Ubuntu's (!) key server (Debian's keyring doesn't contain the backports for buster!?):

sudo bash
gpg --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC
gpg --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138

gpg --export 04EE7237B7D453EC | sudo apt-key add -
gpg --export 648ACFD622F3D138 | sudo apt-key add -
exit

After next sudo apt update the package can be update per

$ sudo apt install libseccomp2/buster-backports
Reading package lists... Done
Building dependency tree
Reading state information... Done
Selected version '2.5.1-1~bpo10+1' (Debian Backports:buster-backports [armhf]) for 'libseccomp2'
The following packages will be upgraded:
  libseccomp2
1 upgraded, 0 newly installed, 0 to remove and 8 not upgraded.
Need to get 45.9 kB of archives.
After this operation, 32.8 kB disk space will be freed.
Get:1 http://deb.debian.org/debian buster-backports/main armhf libseccomp2 armhf 2.5.1-1~bpo10+1 [45.9 kB]
Fetched 45.9 kB in 0s (335 kB/s)
Reading changelogs... Done
(Reading database ... 128503 files and directories currently installed.)
Preparing to unpack .../libseccomp2_2.5.1-1~bpo10+1_armhf.deb ...
Unpacking libseccomp2:armhf (2.5.1-1~bpo10+1) over (2.3.3-4) ...
Setting up libseccomp2:armhf (2.5.1-1~bpo10+1) ...
Processing triggers for libc-bin (2.28-10+rpt2+rpi1) ...

After that the latest container starts normally again, well, not completely, there's one problem right after start:

$ docker-compose -f docker-compose.homebridge.yml up

Starting homebridge ... done
Attaching to homebridge
homebridge    | s6-rc: info: service s6rc-oneshot-runner: starting
homebridge    | s6-rc: info: service s6rc-oneshot-runner successfully started
homebridge    | s6-rc: info: service fix-attrs: starting
homebridge    | s6-rc: info: service fix-attrs successfully started
homebridge    | s6-rc: info: service legacy-cont-init: starting
homebridge    | cont-init: info: running /etc/cont-init.d/10-adduser
homebridge    |
homebridge    | -------------------------------------
homebridge    | GID/UID
homebridge    | -------------------------------------
homebridge    | User uid:    1000
homebridge    | User gid:    1000
homebridge    | -------------------------------------
homebridge    |
homebridge    | cont-init: info: /etc/cont-init.d/10-adduser exited 0
homebridge    | cont-init: info: running /etc/cont-init.d/20-set-timezone
homebridge    | Process Process-1:
homebridge    | Traceback (most recent call last):
homebridge    |   File "/usr/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap
homebridge    |     self.run()
homebridge    |   File "/usr/lib/python3.8/multiprocessing/process.py", line 108, in run
homebridge    |     self._target(*self._args, **self._kwargs)
homebridge    |   File "/usr/local/lib/python3.8/dist-packages/tzupdate.py", line 89, in get_timezone_for_ip
homebridge    |     api_response = json.loads(api_response_obj.read().decode("utf8"))
homebridge    |   File "/usr/lib/python3.8/json/__init__.py", line 357, in loads
homebridge    |     return _default_decoder.decode(s)
homebridge    |   File "/usr/lib/python3.8/json/decoder.py", line 337, in decode
homebridge    |     obj, end = self.raw_decode(s, idx=_w(s, 0).end())
homebridge    |   File "/usr/lib/python3.8/json/decoder.py", line 355, in raw_decode
homebridge    |     raise JSONDecodeError("Expecting value", s, err.value) from None
homebridge    | json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

However, everything seems to work normally.

Any ideas about this?

@stefan1957
Copy link

stefan1957 commented Apr 29, 2022 via email

@DannyBoyKN
Copy link

Seems to be a one-time-problem from my testings ... it's gone ... everything's fine.

Back to original issue:
I suppose the root cause is the differences in the OSes used on the host and in the Homebridge container: the container identifies my Host as being Ubuntu 20.04 in the System Information :
image
which is not correct:

$ lsb_release -a                                                                                                                                              
No LSB modules are available.
Distributor ID:	Raspbian
Description:	Raspbian GNU/Linux 10 (buster)
Release:	10
Codename:	buster  

The last version of libseccomp2 for Buster is 2.3...
Using the Buster backport as shown above makes version 2.5... available from Bullseye.

@oznu
Copy link
Member

oznu commented May 2, 2022

I reverted the s6-overlay version back to 2.x - this should fix the issues people are seeing.

@YPyltiai
Copy link

YPyltiai commented May 2, 2022

@oznu , it now errors again in new image but with different error:
Node.js[610]: ../src/util.cc:188:double node::GetCurrentTimeInMicroseconds(): Assertion `(0) == (uv_gettimeofday(&tv))' failed. Aborted (core dumped)

Quick search leads to https://forum.inductiveautomation.com/t/docker-container-does-not-start/43915/4 where they refer to requiring to update libseccomp2 again.


Update: gave up and updated to Bullseye - everything works fine on Deb11. I guess it was just time to bump the Debian version.

@sommo
Copy link

sommo commented May 2, 2022

Hi all,
I damn update to the lastest and having issue with the docker image that doesn't start.
I read that it could be resolving by pulling the oznu/homebridge:2022-04-14 someone could help me by giving the command to do so.. I usually run the update and never the downgrade to a previous version.. thank you!

@sommo
Copy link

sommo commented May 2, 2022

Hi all,
I damn update to the lastest and having issue with the docker image that doesn't start.
I read that it could be resolved by pulling the oznu/homebridge:2022-04-14 someone could help me by giving the command to do so.. I usually run the update and never the downgrade to a previous version.. thank you!

@oznu
Copy link
Member

oznu commented May 3, 2022

Update: gave up and updated to Bullseye - everything works fine on Deb11. I guess it was just time to bump the Debian version.

This might be the solution for people then. You can stay on the 2022-04-14 release, or update your OS. I've not been able to replicate the issues on any of the environments I test on.

As mentioned in: https://forum.inductiveautomation.com/t/docker-container-does-not-start/43915/10

This particular issue isn’t anything wrong with the container itself, but rather the system-level libraries that the container runtime uses.

I can't feasibly keep the base image on a 4 year old OS release long term. A base image of Ubuntu 20.04 is required for Node.js 18 that is coming in October.

@whitslar
Copy link

whitslar commented May 7, 2022

If you're on a Raspberry Pi and in a pickle (can't backport via libseccomp2/buster-backports), the Alpine 3.13.0 release notes (https://wiki.alpinelinux.org/w/index.php?title=Release_Notes_for_Alpine_3.13.0&oldid=19609) has an alternative temporary solution:

In order to run under old Docker or libseccomp versions, the moby default seccomp profile should be downloaded and on line 2, defaultAction changed to SCMP_ACT_TRACE, then --seccomp-profile=default.json can be passed to dockerd, or --security-opt=seccomp=default.json passed to docker create or docker run. This will cause the system calls to return ENOSYS instead of EPERM, allowing the container to fall back to 32-bit time system calls. In this case, the container will not be compatible with dates past 2038.

Alternatively, --security-opt=seccomp=unconfined can be passed with no default.json required, but note that this will reduce the security of the host against malicious code in the container.

This worked for me:

  1. Download the default docker seccomp profile:
    $ wget https://raw.githubusercontent.com/moby/moby/master/profiles/seccomp/default.json -O custom-seccomp-profile.json

  2. Replace first occurrence of SCMP_ACT_ERRNO with SCMP_ACT_TRACE:
    $ sed -i '0,/SCMP_ACT_ERRNO/{s/SCMP_ACT_ERRNO/SCMP_ACT_TRACE/}' custom-seccomp-profile.json

  3. Modify your docker-compose.yml to include:

services:
  homebridge:
    security_opt:
      - seccomp:path/to/custom-seccomp-profile.json

@khurrraam
Copy link

Update: gave up and updated to Bullseye - everything works fine on Deb11. I guess it was just time to bump the Debian version.

This might be the solution for people then. You can stay on the 2022-04-14 release, or update your OS. I've not been able to replicate the issues on any of the environments I test on.

As mentioned in: https://forum.inductiveautomation.com/t/docker-container-does-not-start/43915/10

This particular issue isn’t anything wrong with the container itself, but rather the system-level libraries that the container runtime uses.

I can't feasibly keep the base image on a 4 year old OS release long term. A base image of Ubuntu 20.04 is required for Node.js 18 that is coming in October.

If I could politely ask how do I resolve the same issue on Synology with DSM 7.1? Any workarounds perhaps? I see Oznu point and it is fair enough. Does that mean, at least for now, I'm stuck with 2022-04-14.

I see that the PUID and PGID are being used by the latest Homebridge image, are not the same as what I've defined as the env variables being PUID = 100 and PGID = 101. It has worked perfectly for years now.

However, the new image generates different PUID and PGID on its own. So, it cannot read the files on my volume storage /homebridge. Which is what the log shows and gets stuck in a loop.

@baandab
Copy link

baandab commented May 7, 2022

I am able to run this latest version just fine in Docker on a Synology using DSM 7.1.

I just rebulit the container last night and it started just fine using these commands:

/usr/local/bin/docker-compose pull
/usr/local/bin/docker-compose stop
/usr/local/bin/docker-compose down
/usr/local/bin/docker-compose up -d

Here is my docker-compose.yml. The key for me was changing "init" to "false"

version: "3.3"
services:
  
  homebridge:
    container_name: oznu-homebridge
    init: false
    volumes:
      - /volume1/docker/homebridge:/homebridge:rw
    deploy:
      restart_policy:
        condition: on-failure
        max_attempts: 3
    environment:
      - QEMU_ARCH=x86_64
      - S6_KEEP_ENV=1
      - HOMEBRIDGE_CONFIG_UI=1
      - HOMEBRIDGE_CONFIG_UI_PORT=54159
      - ENABLE_AVAHI=0
      - HOMEBRIDGE_INSECURE=1
      - PACKAGES=ffmpeg
      - PUID=1016
      - PGID=100
      - TZ=America/Los_Angeles
      - DSM_HOSTNAME=MyNAS
    image: "oznu/homebridge:latest"

To set the PUID and PGID, I ran this command on the Synology, where the USERNAME is the owner of the folder where I store the homebridge variables:

id <USERNAME>

@khurrraam
Copy link

I am able to run this latest version just fine in Docker on a Synology using DSM 7.1.

I just rebulit the container last night and it started just fine using these commands:

/usr/local/bin/docker-compose pull
/usr/local/bin/docker-compose stop
/usr/local/bin/docker-compose down
/usr/local/bin/docker-compose up -d

Here is my docker-compose.yml. The key for me was changing "init" to "false"

version: "3.3"
services:
  
  homebridge:
    container_name: oznu-homebridge
    init: false
    volumes:
      - /volume1/docker/homebridge:/homebridge:rw
    deploy:
      restart_policy:
        condition: on-failure
        max_attempts: 3
    environment:
      - QEMU_ARCH=x86_64
      - S6_KEEP_ENV=1
      - HOMEBRIDGE_CONFIG_UI=1
      - HOMEBRIDGE_CONFIG_UI_PORT=54159
      - ENABLE_AVAHI=0
      - HOMEBRIDGE_INSECURE=1
      - PACKAGES=ffmpeg
      - PUID=1016
      - PGID=100
      - TZ=America/Los_Angeles
      - DSM_HOSTNAME=MyNAS
    image: "oznu/homebridge:latest"

To set the PUID and PGID, I ran this command on the Synology, where the USERNAME is the owner of the folder where I store the homebridge variables:

id <USERNAME>

Thanks for your reply. Much appreciated. And yes, setting init: false worked.

@oznu
Copy link
Member

oznu commented May 21, 2022

As there seem to be multiple solutions to this issue, and not much I can do on my end, I have referenced it in the readme under troubleshooting.

@oznu oznu closed this as completed May 21, 2022
@edm00se
Copy link

edm00se commented Jul 5, 2022

For anyone looking for that solution, I had to add the security_opt block with seccomp:unconfined as discussed in this comment.

security_opt: # this option
    - seccomp:unconfined

@woodyard
Copy link

Mine is starting up like this, and I am so much of a Linux newbie, that I can't imagine what to do next:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service tzupdate: starting
s6-rc: info: service setup: starting
s6-rc: info: service credits: starting

Thank you for using the oznu/homebridge docker image!

If you find this project useful please STAR it on GitHub:

     https://github.com/oznu/docker-homebridge

            Or donate to the project:

        https://github.com/sponsors/oznu
              https://paypal.me/oznu

s6-rc: info: service credits successfully started
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
Set system timezone to Europe/Copenhagen.
s6-rc: info: service tzupdate successfully started
Installing Homebridge and user plugins, please wait...

up to date in 2s
s6-rc: info: service setup successfully started
s6-rc: info: service userdata: starting
s6-rc: info: service dbus: starting
Executing user startup script /homebridge/startup.sh
s6-rc: info: service userdata successfully started
s6-rc: info: service dbus successfully started
s6-rc: info: service avahi: starting
Starting dbus-daemon
s6-rc: info: service avahi successfully started
s6-rc: info: service homebridge: starting
s6-rc: info: service homebridge successfully started
s6-rc: info: service homebridge-log: starting
s6-rc: info: service homebridge-log successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
/run/s6/basedir/scripts/rc.init: 60: -e: not found
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service tzupdate: stopping
s6-rc: info: service credits: stopping
s6-rc: info: service homebridge-log: stopping
s6-rc: info: service tzupdate successfully stopped
s6-rc: info: service credits successfully stopped
s6-rc: info: service homebridge-log successfully stopped
s6-rc: info: service homebridge: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service homebridge successfully stopped
s6-rc: info: service userdata: stopping
s6-rc: info: service avahi: stopping
s6-rc: info: service userdata successfully stopped
s6-rc: info: service avahi successfully stopped
s6-rc: info: service dbus: stopping
s6-rc: info: service dbus successfully stopped
s6-rc: info: service setup: stopping
s6-rc: info: service setup successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

@alex-eri
Copy link

alex-eri commented Oct 8, 2022

....
Executing user startup script /homebridge/startup.sh
....
/run/s6/basedir/scripts/rc.init: 60: -e: not found
s6-rc: info: service legacy-services: stopping
....

@woodyard you fixed this?

@obrassard
Copy link

For anyone else having this issue with Raspberry PI 4 + Raspberry Pi OS updating libseccomp2 using the latest version from buster-backports seems to fix this issue !

# Get signing keys to verify the new packages, otherwise they will not install
rpi ~$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138

# Add the Buster backport repository to apt sources.list
rpi ~$ echo 'deb http://httpredir.debian.org/debian buster-backports main contrib non-free' | sudo tee -a /etc/apt/sources.list.d/debian-backports.list

rpi ~$ sudo apt update
rpi ~$ sudo apt install libseccomp2 -t buster-backports

(Source https://blog.samcater.com/fix-workaround-rpi4-docker-libseccomp2-docker-20/)

You might also have to update Docker using apt update / apt upgrade and you should be good to go !

@ajrnz
Copy link

ajrnz commented Oct 22, 2023

In case it helps someone searching for this issue:

Make sure as well that you don't have

"init": true

In your daemon.conf file. I wasted a lot of time on this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests