Docker nameserver resolution only as root

[aigarius]

I have just reinstalled TNAS with the latest 5.1.41 software, created a new superuser (i.e. not root), installed latest docker and immediately see this issue:

Code: Select all

[aigarius@TNAS-6056 ~]# docker run -it --rm debian:stable /bin/bash
root@TNAS-6056:/# apt update
Ign:1 http://deb.debian.org/debian stable InRelease
Ign:2 http://deb.debian.org/debian stable-updates InRelease
Ign:3 http://deb.debian.org/debian-security stable-security InRelease
Ign:1 http://deb.debian.org/debian stable InRelease
Ign:2 http://deb.debian.org/debian stable-updates InRelease
Ign:3 http://deb.debian.org/debian-security stable-security InRelease
Ign:1 http://deb.debian.org/debian stable InRelease
Ign:2 http://deb.debian.org/debian stable-updates InRelease
Ign:3 http://deb.debian.org/debian-security stable-security InRelease
Err:1 http://deb.debian.org/debian stable InRelease
  Temporary failure resolving 'deb.debian.org'

Running the `setfacl -R -d -m o::r /Volume1/DockerData` command as posted in this thread fixes everything.

[davidecavestro]

Running the `setfacl -R -d -m o::r /Volume1/DockerData` command as posted in this thread fixes everything.

I confirm I issued the setfacl on 01st of august and since then I never experienced the issue... clearly because the root cause was related to the enforcing of read rights on resolv.conf files within folders providing storage for containers, as tommi2day explained from his initial post.
Probably limiting the setfacl to /Volume1/DockerData/containers would suffice.

That said, I consider this a workaround. Also check viewtopic.php?f=43&t=5077

[davidecavestro]

I updated the Docker Manager app to version 1.2.6... and I read the release notes just when - after the update - the docker socket was not available: any docker command issued from CLI failed.

Release notes lists the resolv.conf issue as solved, and - among other things - informs that the DockerData folder has been moved to @DockerData.

So instead of simply upgrading, the proper way to proceed was:

• uninstall the app
• delete/move /Volume1/DockerData
• install the app from scratch.

To make a long story short I had to:

• uninstall Docker Manager
• umount /Volume1/@DockerData/btrfs
• umount /Volume1/@DockerData
• mv /Volume1/@DockerData /Volume1/@DockerData.bak
• install Docker Manager

so that docker is now available again.
Since I'm not using volumes I'm happy with it, anyway - to my understading - deleting the DockerData dir implies loosing any docker volume persisted into it.

I didn't go any deeper into the issue, but I suppose the @DockerData directory was migrated with my previous contents, so I got into troubles as per the ACL I previously set on it.

[Bipe]

Everything seems to be working OK now, didn't have to do anything but wait for few minutes after docker was updated

Did immich update which pulled new containers and everything was working OK without need to run chmod as before.

Checked perms on /etc/hosts and /etc/resolv.conf, both now have permissions 644

[tommi2day]

Looks like installing DockerManager 1.2.6 really solved the name resolution problem. Need to reconfigure my monitoring to the new @DockerData directory

Thomas