django-DefectDojo: docker-compose up fails with execution permission denied
Be informative After following the docker installation instructions from github I am able to succesfully run the “docker-compose build” command, however the “docke-compose up” fails.
Bug description I am receiving a “standard_init_linux.go:228: exec user process caused: permission denied” error message while running the “docke-compose up” command.
Expected behavior No execution permission errors.
Deployment method (select with an X)
- Docker Compose
- Kubernetes
- GoDojo
Environment information
- Operating System: Linux Centos8 4.18.0-348.7.1.el8_5.x86_64 #1 SMP Wed Dec 22 13:25:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
- DefectDojo version (see footer) or commit message: #5869 from DefectDojo/release/2.7.1 [ (HEAD -> master, tag: 2.7.1, origin/master, origin/HEAD)]
Logs –==LOGS==– mysql_1 | 2022-03-01T08:10:16.743633Z 0 [Note] Event Scheduler: Loaded 0 events mysql_1 | 2022-03-01T08:10:16.743893Z 0 [Note] mysqld: ready for connections. mysql_1 | Version: ‘5.7.37’ socket: ‘/var/run/mysqld/mysqld.sock’ port: 3306 MySQL Community Server (GPL) celerybeat_1 | standard_init_linux.go:228: exec user process caused: permission denied initializer_1 | standard_init_linux.go:228: exec user process caused: permission denied celeryworker_1 | standard_init_linux.go:228: exec user process caused: permission denied uwsgi_1 | standard_init_linux.go:228: exec user process caused: permission denied django-defectdojo_uwsgi_1 exited with code 1 django-defectdojo_celerybeat_1 exited with code 1 django-defectdojo_initializer_1 exited with code 1 django-defectdojo_celeryworker_1 exited with code 1 nginx_1 | Basic auth is off (HTTP_AUTH_PASSWORD not provided) nginx_1 | 2022/03/01 08:10:23 [emerg] 1#1: host not found in upstream “uwsgi:3031” in /run/defectdojo/uwsgi_server:1 nginx_1 | nginx: [emerg] host not found in upstream “uwsgi:3031” in /run/defectdojo/uwsgi_server:1 django-defectdojo_nginx_1 exited with code 1 rabbitmq_1 | 2022-03-01 08:10:25.909229+00:00 [info] <0.228.0> Feature flags: list of feature flags found: rabbitmq_1 | 2022-03-01 08:10:25.931627+00:00 [info] <0.228.0> Feature flags: [ ] implicit_default_bindings rabbitmq_1 | 2022-03-01 08:10:25.931679+00:00 [info] <0.228.0> Feature flags: [ ] maintenance_mode_status rabbitmq_1 | 2022-03-01 08:10:25.931707+00:00 [info] <0.228.0> Feature flags: [ ] quorum_queue rabbitmq_1 | 2022-03-01 08:10:25.931743+00:00 [info] <0.228.0> Feature flags: [ ] stream_queue rabbitmq_1 | 2022-03-01 08:10:25.931823+00:00 [info] <0.228.0> Feature flags: [ ] user_limits –==SNIP==–
Additional context (optional)
I noteiced that in the ouput of “mount | grep noexec” is the following: shm on /var/lib/docker/containers/42f3dff802d120a4c8b7d76bdaff72cd2ef6520cdd29a4a71f40a1344335a049/mounts/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k) shm on /var/lib/docker/containers/4c202c3d5387bf5f2ead05154bb6c87c167d1a93aedd610d60f4702ecde7ff13/mounts/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)
I do not know why are these containers mounted as noexec, but I guess it is connected with the error above.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 33 (29 by maintainers)
I guess this can be closed @mtesauro
Red Hat Enterprise Linux release 8.7 (Ootpa) Docker version 20.10.23, build 7155243 Docker Compose version v2.15.1
The first thing I’ve checked was to try with selinux disabled… and it didn’t help. Now I use it in permissive mode so it doesn’t block anything, for me that is not the case. I’d rather say this might have something to do with rootless docker mode in which I run my containers. This is how execution files look like for me inside running container:
I’ve only changed owner, without it defectdojo user simply have no execution rights. If changing owner is so bad practice we can also add the “x” right for Others column and it will also do the trick (already tested it).