Up to now I’ve run docker containers inside Incus LXC containers via passing PUID=0/PGID=0
as environment variables in the docker compose file so that in conjunction with a incus config set <container> raw.idmap
call so that the docker container can read/write the external folders I give it.
As far as I understand it, with the raw.idmap
call I’m saying my external uid/gid of 1000/1000 is linked to the container’s internal root user of uid/gid of 0/0. From there, I tell docker to use the uid/gid of 0/0 for its internal user with PUID=0/PGID=0
and I’m good to go, I guess.
Unfortunately, Automatic Ripping Machine seems to use something else for the uid/gid alignment than the other docker containers I’ve ran into and it cannot set its internal arm
user uid/gid to 0/0 because a root user already apparently exists in the docker container already. It gives this error when trying to start the docker container:
*** Running /etc/my_init.d/arm_user_files_setup.sh...
Updating arm user id from 1000 to 0...
usermod: UID '0' already exists
*** /etc/my_init.d/arm_user_files_setup.sh failed with status 4
How can I map my external uid/gid of 1000/1000 to not the container’s root user of 0/0 so that I can give the docker container an - ARM_UID=# - ARM_GID=#
of not 0/0?
I am not sure how to even go about it - do I make a new user in the container and try to go from there? Is there a direct way via incus config
calls?
Also, if there is a better way to achieve read/write access from within a container - let me know. I found the raw.idmap
way via searching and it may be old or not the best for security or something.
I am running on Debian 12 so I do not have access to the shift=true
option, also.
Here are the config calls I make to set up the instance “autoripper”, just in case any after are relevant.
printf "uid $(id -u) 0\ngid $(id -g) 0" | sudo incus config set autoripper raw.idmap -
sudo incus config device add autoripper config disk source=/config/autoripper path=/config/autoripper
sudo incus config device add autoripper compose disk source=/compose/autoripper path=/compose/autoripper
sudo incus config device add autoripper cache disk source=/cache/autoripper path=/cache/autoripper
sudo incus config device add autoripper media disk source=/mnt/rips/Media path=/rips/Media
sudo incus config device add autoripper music disk source=/mnt/rips/Music path=/rips/Music
sudo incus config device add autoripper http-forward proxy listen=tcp:0.0.0.0:8099 connect=tcp:127.0.0.1:8099
And here is the docker compose file for Automatic Ripping Machine, in case it is relevant:
services:
autoripper:
image: automaticrippingmachine/automatic-ripping-machine:latest
container_name: autoripper
environment:
- PUID=0
- PGID=0
- ARM_UID=0
- ARM_GID=0
- TZ=America/Los_Angeles
ports:
- '8099:8080'
devices:
- '/dev/sr0:/dev/sr0'
volumes:
- '/config/autoripper:/etc/arm/config:rw'
- '/cache/autoripper:/home/arm:rw'
- '/cache/autoripper/logs:/home/arm/logs:rw'
- '/rips/Music:/home/arm/Music:rw'
- '/rips/Media:/home/arm/media:rw'
privileged: true
restart: unless-stopped
Thanks to the friendly community!