[BUG] Docker-in-Docker problem/question

[Jorman]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Running a Docker-in-Docker I can't get access to the root folder

Expected Behavior

I would like to run the Docker-in-Docker correctly.

Steps To Reproduce

I specified

DOCKER_MODS=linuxserver/mods:universal-docker-in-docker
privileged: true

to enable the mod
Then inside the script that is called I run

docker run \
-v /config:/config \
-v /data:/data \
-it dockername \
command_to_execute

However, I get this error:

WARNING: Error loading config file: /root/.docker/config.json: open /root/.docker/config.json: permission denied
the input device is not a TTY

test

Environment

- OS: debian 11
- How docker service was installed: official docker guide for debian 11 distro

CPU architecture

x86-64

Docker creation

version: "3"
services:
    radarr:
        image: ghcr.io/linuxserver/radarr
        container_name: radarr
        privileged: true
        environment:
            - DOCKER_MODS=linuxserver/mods:universal-docker-in-docker
            - PUID=65534
            - PGID=65534
            - TZ=Europe/Rome
        volumes:
            - /docker-config/AppData/Config/Radarr:/config
            - /data:/data
            - /data/Sharing/ftp:/ftp
            #- /data/Varie/Scripts/docker/DockerScripts:/custom-cont-init.d:ro
        ports:
            - 7878:7878
        restart: unless-stopped
        healthcheck:
            test: curl --fail http://localhost:7878 || exit 1
            interval: 5m
            retries: 5
            start_period: 1m
            timeout: 1m

Container logs

If, from a console, I run `docker exec -it radarr /bin/bash` and I execute the same command inside the script, the command run correctly, first as if the docker run command was never executed, it downloads all the images and then successfully executes the command, but if radarr execute the inside docker won't run
Maybe is not a bug, maybe is my configuration problem, I don't know how to see or find the real problem.
This's the debug log from radarr
https://pastebin.com/FsVAnEf0

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[j0nnymoe]

The script is being ran ABC within the container so that's why it can't access that root file path.

[Jorman]

I figured so, if I'm not mistaken though the dind mod is compatible and available for *Arr environments, how come this happens?
If I run radarr as root do you think the problem would be solved?
I thought of also trying via custom-cont-init.d, I have to install python pip and all the necessary, I think though that I will have the same problems if everything is installed as root

[thespad]

You can't invoke a TTY on a container inside a container that doesn't have a TTY assigned.

If you exec into the radarr container assigning a TTY then run the the inner container with a TTY it should work, but it won't work as an automated process where there's no TTY.

[j0nnymoe]

Hard to say, I don't know what container you're attempting to call.

[Jorman]

@thespad
Make sense for the TTY, this means I can't run the docker run command via a script but only if I connect to the docker, right?
But I normally run bash script with custom script functionality and all seems fine. So if I make a script with echo "hello" this will fail because print on TTY? What is the limit? The problem is docker run itself?
What alternatives do you think I can use?

[thespad]

Either start the outer container with a TTY allocated or rework the script/inner container so it doesn't need a TTY.

[Jorman]

@thespad
I'm not so expert so sorry if I ask again, but all my scripts, which I use every day on *Arr programs, run without any problem.
Correct me if I'm wrong but a TTY script is normally an interactive script, right?
While a non-interactive script should be handled properly by Radarr, or am I wrong?
I did three quick tests and I don't understand if it is my mistake or there is really a problem or limitation.
I created this simple script, then ran it in both tests, taking advantage of the Test event.
Script:

#!/bin/bash
docker_executable="$(command -v docker)"
if [[ $sonarr_eventtype == "Test" ]] || [[ $radarr_eventtype == "Test" ]] || [[ $readarr_eventtype == "Test" ]]; then
	[ -t 0 ] && echo "TTY available" || echo "No TTY available"
	if [[ -z $docker_executable ]]; then
		echo "Docker not installed or not found"
	else
		docker run hello-world
	fi
fi

Test 1: I enabled the universal-docker-in-docker mod following the directions, when the script is called this is the log:

2024-01-13 18:52:21.5|Debug|CustomScript|Executing external script: /data/Varie/Scripts/Test_Bot.sh
2024-01-13 18:52:21.5|Debug|Test_Bot.sh|Starting /data/Varie/Scripts/Test_Bot.sh 
2024-01-13 18:52:21.5|Debug|Test_Bot.sh|No TTY available
2024-01-13 18:52:21.6|Error|Test_Bot.sh|WARNING: Error loading config file: /root/.docker/config.json: open /root/.docker/config.json: permission denied
2024-01-13 18:52:21.6|Error|Test_Bot.sh|docker: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create": dial unix /var/run/docker.sock: connect: permission denied.
2024-01-13 18:52:21.6|Error|Test_Bot.sh|See 'docker run --help'.
2024-01-13 18:52:21.6|Debug|CustomScript|Executed external script: /data/Varie/Scripts/Test_Bot.sh - Status: 126
2024-01-13 18:52:21.6|Debug|CustomScript|Script Output: 
01/13/2024 17:52:21 - Standard - No TTY available
01/13/2024 17:52:21 - Error - WARNING: Error loading config file: /root/.docker/config.json: open /root/.docker/config.json: permission denied
01/13/2024 17:52:21 - Error - docker: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create": dial unix /var/run/docker.sock: connect: permission denied.
01/13/2024 17:52:21 - Error - See 'docker run --help'.
2024-01-13 18:52:21.6|Warn|RadarrErrorPipeline|Invalid request Validation failed: 
 -- : Script exited with code: 126

If I go into docker and run docker run hello-world, this is what happens:

docker exec -it radarr /bin/bash
root@178e88505bf8:/# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c1ec31eb5944: Pull complete
Digest: sha256:4bd78111b6914a99dbc560e6a20eab57ff6655aea4a80c50b0c5491968cbc2e6
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

Test 2: In the second test I disabled the mod and called the script again, this is the result:

2024-01-13 18:59:11.7|Debug|CustomScript|Executing external script: /data/Varie/Scripts/Test_Bot.sh
2024-01-13 18:59:11.7|Debug|Test_Bot.sh|Starting /data/Varie/Scripts/Test_Bot.sh 
2024-01-13 18:59:11.8|Debug|Test_Bot.sh|No TTY available
2024-01-13 18:59:11.8|Debug|Test_Bot.sh|Docker not installed or not found
2024-01-13 18:59:11.8|Debug|CustomScript|Executed external script: /data/Varie/Scripts/Test_Bot.sh - Status: 0
2024-01-13 18:59:11.8|Debug|CustomScript|Script Output: 
01/13/2024 17:59:11 - Standard - No TTY available
01/13/2024 17:59:11 - Standard - Docker not installed or not found

Test 3: I re-enabled the mod but I don't call docker run via script, I just perform a check on the variable, this the log:

2024-01-13 19:17:40.6|Debug|Test_Bot.sh|Starting /data/Varie/Scripts/Test_Bot.sh 
2024-01-13 19:17:40.6|Debug|Test_Bot.sh|No TTY available
2024-01-13 19:17:40.6|Debug|Test_Bot.sh|Docker found
2024-01-13 19:17:40.6|Debug|CustomScript|Executed external script: /data/Varie/Scripts/Test_Bot.sh - Status: 0
2024-01-13 19:17:40.6|Debug|CustomScript|Script Output: 
01/13/2024 18:17:40 - Standard - No TTY available
01/13/2024 18:17:40 - Standard - Docker found

Sorry to ask again, is this normal?
Why if I call docker run from script it doesn't work, Is it possible that docker requires a TTY?

[Jorman]

A little progress, as assumed at the beginning I tried to run radarr docker by removing PGID and PUID but I got the same thing even setting them to 1000, I got this result, the docker is called and executed by the script:

2024-01-13 19:48:21.5|Debug|CustomScript|Executing external script: /data/Varie/Scripts/Test_Bot.sh
2024-01-13 19:48:21.5|Debug|Test_Bot.sh|Starting /data/Varie/Scripts/Test_Bot.sh 
2024-01-13 19:48:21.5|Debug|Test_Bot.sh|No TTY available
2024-01-13 19:48:21.5|Debug|Test_Bot.sh|Docker found
2024-01-13 19:48:21.5|Error|Test_Bot.sh|WARNING: Error loading config file: /root/.docker/config.json: open /root/.docker/config.json: permission denied
2024-01-13 19:48:22.2|Debug|Test_Bot.sh|Hello from Docker!
2024-01-13 19:48:22.2|Debug|Test_Bot.sh|This message shows that your installation appears to be working correctly.
2024-01-13 19:48:22.2|Debug|Test_Bot.sh|To generate this message, Docker took the following steps:
2024-01-13 19:48:22.2|Debug|Test_Bot.sh| 1. The Docker client contacted the Docker daemon.
2024-01-13 19:48:22.2|Debug|Test_Bot.sh| 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
2024-01-13 19:48:22.3|Debug|Test_Bot.sh|    (amd64)
2024-01-13 19:48:22.3|Debug|Test_Bot.sh| 3. The Docker daemon created a new container from that image which runs the
2024-01-13 19:48:22.3|Debug|Test_Bot.sh|    executable that produces the output you are currently reading.
2024-01-13 19:48:22.3|Debug|Test_Bot.sh| 4. The Docker daemon streamed that output to the Docker client, which sent it
2024-01-13 19:48:22.3|Debug|Test_Bot.sh|    to your terminal.
2024-01-13 19:48:22.3|Debug|Test_Bot.sh|To try something more ambitious, you can run an Ubuntu container with:
2024-01-13 19:48:22.3|Debug|Test_Bot.sh| $ docker run -it ubuntu bash
2024-01-13 19:48:22.3|Debug|Test_Bot.sh|Share images, automate workflows, and more with a free Docker ID:
2024-01-13 19:48:22.3|Debug|Test_Bot.sh| https://hub.docker.com/
2024-01-13 19:48:22.3|Debug|Test_Bot.sh|For more examples and ideas, visit:
2024-01-13 19:48:22.3|Debug|Test_Bot.sh| https://docs.docker.com/get-started/
2024-01-13 19:48:22.4|Debug|CustomScript|Executed external script: /data/Varie/Scripts/Test_Bot.sh - Status: 0
2024-01-13 19:48:22.4|Debug|CustomScript|Script Output: 
01/13/2024 18:48:21 - Standard - No TTY available
01/13/2024 18:48:21 - Standard - Docker found
01/13/2024 18:48:21 - Error - WARNING: Error loading config file: /root/.docker/config.json: open /root/.docker/config.json: permission denied
01/13/2024 18:48:22 - Standard - Hello from Docker!
01/13/2024 18:48:22 - Standard - This message shows that your installation appears to be working correctly.
01/13/2024 18:48:22 - Standard - To generate this message, Docker took the following steps:
01/13/2024 18:48:22 - Standard -  1. The Docker client contacted the Docker daemon.
01/13/2024 18:48:22 - Standard -  2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
01/13/2024 18:48:22 - Standard -     (amd64)
01/13/2024 18:48:22 - Standard -  3. The Docker daemon created a new container from that image which runs the
01/13/2024 18:48:22 - Standard -     executable that produces the output you are currently reading.
01/13/2024 18:48:22 - Standard -  4. The Docker daemon streamed that output to the Docker client, which sent it
01/13/2024 18:48:22 - Standard -     to your terminal.
01/13/2024 18:48:22 - Standard - To try something more ambitious, you can run an Ubuntu container with:
01/13/2024 18:48:22 - Standard -  $ docker run -it ubuntu bash
01/13/2024 18:48:22 - Standard - Share images, automate workflows, and more with a free Docker ID:
01/13/2024 18:48:22 - Standard -  https://hub.docker.com/
01/13/2024 18:48:22 - Standard - For more examples and ideas, visit:
01/13/2024 18:48:22 - Standard -  https://docs.docker.com/get-started/

Now I try to run more tests with the original script, I know I will have problems with permissions on the files, because before everything was saved as nobody:nogroup
Any ideas?

[aptalca]

Why don't you tell us your end goal here so we can avoid the xy problem?

Spad already mentioned that you can't run tty inside if non-tty. So remove -it in the docker argument of your script.

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[Jorman]

Thank you for your support!
Like I said I'm not so familiar with docker, but you're right, removing -it it works, my bad, I had to search the meaning of those arguments because I was playing without knowledge!

[github-actions]

This issue is locked due to inactivity