Incus unable to start/run (docker) container natively: 'Error: stat /proc/-1: no such file or directory'

osch · July 22, 2024, 9:25am

Hello,

this is more or less a continuation of Incus unable to start/run (docker) container natively: ‘s6-overlay-suexec’ error. After the new build was available I migrated a few of my docker containers and hit another issue “Error: stat /proc/-1: no such file or directory” with some of them. Reviewing these docker containers in more detail all of them where using the S6-Overlay like PiHole does but won’t start even with the latest fix.

To keep things simple I followed their Quickstart guide and it returns the same error which confirms it has something to do with the S6-Overlay init start. As I didn’t found any useful information in the log files (properly need to learn a bit more) by comparing both rootfs I observed the following. In PiHole there is a /s6-init where as my test had a /init as a starting point. Reviewing PiHole Dockerfile showed they just move the /init to /s6-init and renamed the starting point accordingly.

After updating my Dockerfile to the following:

# Use your favorite image
FROM ubuntu
ARG S6_OVERLAY_VERSION=3.2.0.0

RUN apt-get update && apt-get install -y nginx xz-utils
RUN echo "daemon off;" >> /etc/nginx/nginx.conf
CMD ["/usr/sbin/nginx"]

ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz
RUN mv /init /s6-init
ENTRYPOINT ["/s6-init"]

Redeploy on incus the demo instance just stated like PiHole. SUCCESS!!!

Although this is a doable workaround I would rather prefer if Incus could handle this automatically to improve usability.

stgraber · July 22, 2024, 5:38pm

Do you have an example of an image in the Docker Hub that runs into this issue? Would make it easier to track down.

osch · July 23, 2024, 5:32am

I run into the issue migrating the Frigate docker image to Incus but it requires quite some configuration to make it work. As I was just looking at this topic Docker OCI Parameter Passing Incus 6.3 it actually has the same problem.

What I actually have forgotten to add is the discussion around this issue PiHole - 2022.08 S6 overlay bug #1176 which properly gives you much more input about the why and how. In a gist even other virtualisation are failing in a similar way like incus does.

To test this out I actually setup a local docker repository in an Incus instance. It actually helped me a lot to solve configuration issues with OCI images.

Janm84 · July 25, 2024, 9:13pm

Hi osch,

i ran into the some situation.

Can you give me more concret information how to get this frigate dockerimage to run?

I installed it via the frigate “docker hub” in an incus container with protocol OCI.

What are the next steps… or where to find that dockerfile?

Looking forward to your feedback.

Best regards

Jan

stgraber · July 25, 2024, 9:18pm

Good to know about Frigate as it’s one of the containers I need to move from Docker inside of Incus to Incus myself, so I’ll sort it out soon

Janm84 · July 25, 2024, 9:37pm

I would really appreciate that, Stephane

5 hours ago I tried to install frigate inside lxd/lxc and finally became aware of incus.

I quickly switched from lxd to incus (also because of the possibility to run dockerimages directly).

Now I’ve been stuck on this topic for a while

I really like incus, by the way!

osch · July 26, 2024, 5:27am

As mentioned Frigate and some other containers are not that straight forward.

What you need is to create your own docker registry, I followed one of the many examples on the web Configured SSL and proxied the port. In a second container I installed docker and all the dependencies like outlined on their homepage. On the docker instance you create a Dockerfile:

# Use your favorite image
FROM ghcr.io/blakeblackshear/frigate:stable

# install dhcp or other IP packages if you have more than one interface
RUN apt-get -qq install isc-dhcp-client
 # add a oneshot S6 service to initialize eth1 => check the docs


# enable this for testing use real mounts later
#RUN mkdir /config && mkdir -p /media/frigate
#COPY  config.yml /config => minimum example taken from frigate home page

RUN mv /init /s6-init

ENTRYPOINT ["/s6-init"]

Now it is time to build your local image and push it into your repository:

docker build -t frigate .
docker tag frigate <your registry>:8443/frigate
docker push <your registry>:8443/frigate

Frigate or any other S6 docker OCI is ready to launch. Let’s register our private registry:

incus remote add mydocker https://<your registry>:8443 --protocol=oci

Launch your container like usual:

incus launch mydocker:frigate frigate

Seconds later you have a running Frigate instance.

As mentioned, this is a workaround. On the other hand you can actually wrap a lot of other stuff into your own custom docker image. For example network related things or GPU driver, you name it.

One question I have is how to configure the shm size? I was able to get this working by editing the config.json file to increase it from 64MB default to 256MB. Without increasing you get a nice core dump if you have more than one camera…

Lastly Nvidia GPU statistics are not working but running nvidia-smi on the host confirms the usage.

Looking forward to hear other experiences about Frigate on Incus

stgraber · July 26, 2024, 7:20pm

In got Frigate to behave in today’s live stream which led to those changes: OCI related fixes by stgraber · Pull Request #1052 · lxc/incus · GitHub

For Frigate, it was really just the one line change to add /init to the paths we treat as being able to handle PID1 duties.

osch · July 27, 2024, 12:11pm

Sounds good and looking forward to use it in the next stable release.

Any pointer how I can increase shm_size during init/launch is it -c or -d option?

Janm84 · July 29, 2024, 6:51pm

Now its running on my server too.

It’s amazing to be able to run docker images with incus! Nice job

I’m also interessted how to inc shm size.

Janm84 · October 4, 2024, 6:59am

Yesterday I used to update my server and incus and since that, i’m not able to start frigate anymore. And I have that log entry:

root@homelab:/# cat /var/log/incus/frigate/console.log
/package/admin/s6-overlay-3.1.5.0/libexec/stage0: 87: exec: /run/s6/basedir/bin/init: Permission denied


root@homelab:/# uname -r
6.8.0-45-generic
root@homelab:/# incus --version
6.6

Has something changed?

jarrodu · October 4, 2024, 7:20am

Maybe this.

stgraber · October 4, 2024, 1:25pm

Gah, why is frigate putting executables in there now…
Anyway, I’ll send a fix to relax /run a bit.

stgraber · October 4, 2024, 1:28pm

Janm84 · October 4, 2024, 4:37pm

ok, thats pretty fast. then i will wait for the update of the repository

Thank you very much Stéphane!

stgraber · October 4, 2024, 8:56pm

The update is now available.

Janm84 · October 4, 2024, 9:13pm

And again, thank you!

Up and running:

 frigate       | RUNNING | 192.168.44.15 (eth0)  |      | CONTAINER (APP)

alex14641 · October 7, 2024, 12:39am

I was thinking, for security reasons, maybe this should be configurable on a per-instance basis.

stgraber · October 14, 2024, 3:24am

If an OCI image specifies other options for /run, those are used, this is just the fallback that’s hardcoded, so this should be fine.