You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Running version latest built on 2024-05-18T18:08:57.405Z (commit 4218dba)
What's the problem 🤔
I'm trying to run gluetun as a non-root user with DOT=off and all capabilities dropped except NET_ADMIN.
However, gluetun still tries to chown /etc/unbound despite disabling said Unbound server. This results in an error that shuts down the container.
ERROR chown /etc/unbound: operation not permitted
Therefore, I would like to disable this behaviour entirely when the DOT=off env var is present.
Adding --cap-add CHOWN, for now, would fix the issue.
Share your logs (at least 10 lines)
├── DNS settings:
| ├── Keep existing nameserver(s): no
| ├── DNS server address to use: 9.9.9.9
| └── DNS over TLS settings:
| └── Enabled: no
...
├── OS Alpine settings:
| ├── Process UID: 1001
| └── Process GID: 1001
...
2024-05-20T09:49:39Z WARN DNS address is set to 9.9.9.9 so the DNS over TLS (DoT) server will not be used. The default value changed to 127.0.0.1 so it uses the internal DoT serves. If the DoT server fails to start, the IPv4 address of the first plaintext DNS server corresponding to the first DoT provider chosen is used.
2024-05-20T09:49:39Z INFO using existing username 1001 corresponding to user id 1001
2024-05-20T09:49:39Z ERROR chown /etc/unbound: operation not permitted
2024-05-20T09:49:39Z INFO Shutdown successful
Share your configuration
version: "3.8"services:
gluetun:
image: qmcgaw/gluetun:latestcontainer_name: gluetunuser: "1001:1001"devices:
- /dev/net/tun:/dev/net/tunvolumes:
- ./gluetun:/gluetun/ # config inside /gluetun/wireguard/wg0.confenvironment:
- PGID=1001
- PUID=1001
- VPN_SERVICE_PROVIDER=custom
- VPN_TYPE=wireguard
- DNS_ADDRESS=1.1.1.1 # using plain-text DNS
- DOT=offsecurity_opt:
no-new-privileges: truecap_drop:
- ALLcap_add:
- NET_ADMIN# - CHOWN # adding this would fix the issue
The text was updated successfully, but these errors were encountered:
Is this urgent?
No
Host OS
Alpine
CPU arch
x86_64
VPN service provider
Custom
What are you using to run the container
Podman
What is the version of Gluetun
Running version latest built on 2024-05-18T18:08:57.405Z (commit 4218dba)
What's the problem 🤔
I'm trying to run gluetun as a non-root user with
DOT=off
and all capabilities dropped exceptNET_ADMIN
.However, gluetun still tries to chown
/etc/unbound
despite disabling said Unbound server. This results in an error that shuts down the container.Therefore, I would like to disable this behaviour entirely when the
DOT=off
env var is present.Adding
--cap-add CHOWN
, for now, would fix the issue.Share your logs (at least 10 lines)
Share your configuration
The text was updated successfully, but these errors were encountered: