s6-overlay services doesn't work

[nkitsaini]

s6 cannot execute service scripts because it first copies them to /run and /run is mounted as noexec.
Here's a very simple Dockerfile to reproduce the issue. If ran without x11docker s6 works and creates /tmp/did_word, but with x11docker the file is not present. Modifing --tmpfs /run to --tmpfs /run:exec in x11docker script fixes the issue.

FROM debian

RUN apt-get update
RUN apt-get install -y stterm

ADD https://github.com/just-containers/s6-overlay/releases/download/v2.2.0.1/s6-overlay-amd64-installer /tmp/
RUN chmod +x /tmp/s6-overlay-amd64-installer && /tmp/s6-overlay-amd64-installer /

RUN mkdir -p /etc/services.d/write-to-tmp
RUN echo '#!/bin/bash' > /etc/services.d/write-to-tmp/run
RUN echo 'while true; do echo works > /tmp/did_work; sleep 1; done' >> /etc/services.d/write-to-tmp/run

# NOTE: uncomment if running without x11docker
# ENTRYPOINT ["/init"]
CMD /usr/bin/st

commands used:
x11docker --init=s6-overlay img
docker run -it img bash

[mviereck]

Thank you for the report and already pointing out the fix!
I've uploaded a fixed version, please update to current master version (--update-master) and test if the fix works as expected.

[nkitsaini]

Thanks, that works on the example Dockerfile provided. But in the actual usage I'm getting errors that look like this. It doesn't seem like they are related to this issue. If not we can close this.

...
find: cannot delete ‘/tmp/guacamole-server-1.3.0/bin/guacctl’: Permission denied
find: cannot delete ‘/tmp/guacamole-server-1.3.0/bin’: Permission denied
find: cannot delete ‘/tmp/guacamole-server-1.3.0/config.log’: Permission denied
find: cannot delete ‘/tmp/guacamole-server-1.3.0/a’: Permission denied
find: cannot delete ‘/tmp/guacamole-server-1.3.0/config.h.in’: Permission denied
find: cannot delete ‘/tmp/guacamole-server-1.3.0/NOTICE’: Permission denied
find: cannot delete ‘/tmp/guacamole-server-1.3.0’: Operation not permitted
find: cannot delete ‘/tmp/gua.sh’: Operation not permitted

[mviereck]

This looks like a different issue.
Maybe during the init these files are created as root, but later an unprivileged process tries to remove them. (x11docker runs the final command unprivileged. However, some images expect to be run as root.)
Likely this would not occur with --user=root. Though, another fix would be preferable.

[nkitsaini]

Yeah these are created by root in Dockerfile. For now I'll remove /tmp contents in Dockerfile itself. I don't know which script tries to delete these but anyway doesn't seem like it's related to s6-overlay. So the original issue is resolved. I'll open another issue if I find something related. Thanks for quick responses.

[mviereck]

Side note:

# NOTE: uncomment if running without x11docker
# ENTRYPOINT ["/init"]

x11docker works as well if ENTRYPOINT ["/init"] is enabled. Is there a reason why you've disabled this?
It's a long time since I've implemented s6-overlay support, but IIRC this is a default setup?

[nkitsaini]

Yes this is the default setup. So after I had struggled with s6-overlay services a few times I tried not to change anything from the Dockerfile. But yeah it works even with the ENTRYPOINT. Thanks for mentioning otherwise it would've been hanging in all of my projects lol.

[mviereck]

:-)