Get mDNS responses from inside the Docker container.

[brnrc]

Hi @icblenke ,
I was messing around with your image and tried to replicate the steps on your Dockerfile to install the avahi-daemon on my Dockerfile.
I was able to do it, however when I tried to run avahi-daemon

root@5ae2f1534968:~# avahi-daemon                                                                                           
Found user 'avahi' (UID 103) and group 'avahi' (GID 110).
Successfully dropped root privileges.
avahi-daemon 0.6.31 starting up.
dbus_bus_get_private(): An AppArmor policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_rep
WARNING: Failed to contact D-Bus daemon.
avahi-daemon 0.6.31 exiting.

and with --no-drop-root

root@5ae2f1534968:~# avahi-daemon --no-drop-root
avahi-daemon 0.6.31 starting up.
dbus_bus_get_private(): An AppArmor policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_rep
WARNING: Failed to contact D-Bus daemon.
avahi-daemon 0.6.31 exiting.

I did map the volume /var/run/dbus:/var/run/dbus, however I'm not very familiar with AppArmor.

I'm trying to get the broadcasted services using Python's https://pypi.python.org/pypi/zeroconf implementation.

Have you done anything similar?
Thank you very much.

[ianblenke]

This works with CoreOS and the included service. Have you tried disabling AppArmor first with invoke-rc.d apparmor kill or similar? Another thing to try is to run the docker container with --privileged to see if that helps at all.

[cristian-recoseanu]

@brucardoso2
You can prevent the AppArmor policy from affecting your container in this case by running it with --privileged modifier.

I'm stuck one step further than you. I successfully mount dbus but the message I see is this:

avahi-daemon 0.6.31 starting up.
Failed to acquire D-Bus name 'org.freedesktop.Avahi'
WARNING: Failed to contact D-Bus daemon.
avahi-daemon 0.6.31 exiting.

Does this policy file need to be set up on the host or inside the container?

`cat < /etc/dbus-1/system.d/avahi.conf

EOF`

Any thoughts @ianblenke?

[muelli]

I'm also unable to run this image successfully on a 16.04. host.
I'm getting "dbus_bus_get_private(): An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destinatio".

[smithkyle]

Think I figured it out finally. Needed to use --net=host --privileged -v /var/run/dbus:/var/run/dbus in my docker run. Haven't fully tested yet, but now I can at least avahi-browse from inside the contailer and run the gcp-cups-connector.

[arno01]

You could probably also try turning off apparmor confinement for the container --security-opt apparmor:unconfined

[osdemah]

I know this thread is old but Failed to acquire D-Bus name 'org.freedesktop.Avahi' error is due to running an avahi-daemon in host machine. So the running daemon in host machine already acquired org.freedesktop.Avahi D-Bus name. You could solve it by stopping avahi-daemon on host machine.

Also if we mount dbus on docker container and have avahi on host machine why should we run another instance of it on the container? As it has access to host daemon it could use it.

@cristian-recoseanu
@ianblenke

[jab5263]

@hamed1soleimani any suggestions on how to access the host daemon from inside the docker container ? I have mounted the dbus and i am unable to find any way to be able to discover ".local" addresses present in the network from inside the docker container apart from running a separate daemon inside the container , and in which case it gives an error : 'multiple mdns stack present on this machine . which makes mdns unreliable' .
what i want is that both the host as well as the docker container be able to discover ".local" addresses in the network but only host advertises it's name.

[amalnanavati]

@jab5263 (and others) have you figured this out yet? I have a Docker running Ubuntu 18.04, on a host running Ubuntu 14.04. By default, the avahi-daemon service is running on the host. There are three relevant cases here:

1. [Default] If I launch my docker container without docker-avahi (i.e., without following the instructions in the README), I can ping ".local" addresses from the host but not from the docker container.
2. If I follow the instructions in the README, run sudo service avahi-daemon stop on the host machine, launch the docker, and then run avahi-daemon --no-drop-root & in the docker, I am able to ping ".local" addresses from within the docker container but not on the host machine.
3. If I keep the avahi-daemon service running on the host machine and then launch the docker container and run avahi-daemon --no-drop-root, I get the following error.

avahi-daemon 0.7 starting up.
Failed to acquire D-Bus name 'org.freedesktop.Avahi'
WARNING: Failed to contact D-Bus daemon.
avahi-daemon 0.7 exiting.

Is anyone aware of a way to enable the host and docker container to access ".local" addresses? (Note that in all of the above cases, I run the docker with --network host. I have tried with and without --privileged and the problem persists in both cases.)

[karstentellingnielsen]

Hi @amalnanavati

I have the same problem. I have a partial solution, by setting enable-dbus=warn.
This gets the system up and running, but i get an error every 30 sec. However it works - more or less.