Raspberry Pi - SO_RCVBUFFORCE: Operation not Permitted

[JoeIzzard]

I am using this image in a Raspberry Pi environment, and am getting the following error repeating continuously. Everything seems to be working but the log is just full of this as log level 3.

starting.
open_ep: SO_RCVBUFFORCE: Operation not permitted
cannot read additional dns hostnames from testparm
cannot read netbios aliases from testparm

[MarvAmBass]

thanks - I'll look into it - is it a arm64 or arm32 bit image? what kind of raspi are you using?

thanks :)

does it work other than this error? or did you experience anything strange

[MarvAmBass]

seems to be an issue with the new shipped wsdd2 daemon (the new zeroconf stuff)

Netgear/wsdd2#26

can you try to give wsdd2 the required net_cap?

just add the following to your docker-compose.yml

    cap_add:
      - CAP_NET_ADMIN

[MarvAmBass]

if it helps I'll update the README and maybe I'll make wsdd2 optional - so that people can choose to disable this service

thanks and kind regards

Marvin

[seebaer1976]

I have the same problem since today, suddenly appeared.

cap_add: - CAP_NET_ADMIN
didn't need any change

use docker swarm with 4 pi's

[MarvAmBass]

problem confirmed - evaluating... (rpi4 - 64bit bullseye)

[MarvAmBass]

error was reproduced, just add the following to your docker-compose.yml to solve problem

    cap_add:
      - CAP_NET_ADMIN

[pavelriha]

I tried to disable WSD by adding
WSDD2_DISABLE: 1

but it end with repeated error in log:
runsv wsdd2: fatal: unable to start ./run: file does not exist

and samba not working

[MarvAmBass]

thanks - I'll look into it

[MarvAmBass]

@pavelriha I've just pushed a fix, can you repull and retry?

[pavelriha]

I've just pushed a fix, can you repull and retry?

wow, that was super fast :)

BTW I tried adding the CAP_NET_ADMIN but it doesnt help, I still get
open_ep: SO_RCVBUFFORCE: Operation not permitted

WSDD2_DISABLE: 1
now works better, no error in log, but the container freeze in state "starting", last log entry is
Service "SambaBackupServer" (/services/samba.service) successfully established.

any idea?

[MarvAmBass]

you're just lucky I'm online.

super strange, I tested the open_ep: SO_RCVBUFFORCE: Operation not permitted and it worked on my raspberry pi 4 without problems after I added CAP_NET_ADMIN

to be honest, wsdd2 was a feature request - I never used it and I don't know if it works - if it doesn't even work I will remove it - but right now it only looks like this small warning/error appears

but does samba work? can you connect to it?

samba_1  | >> EXTERNAL AVAHI: found external avahi, now maintaining avahi service file 'samba.service'
samba_1  | >> EXTERNAL AVAHI: internal avahi gets disabled
samba_1  | >> EXTERNAL AVAHI: list of services
samba_1  | -rw-rw-rw-    1 root     root           521 Dec 30 08:40 /external/avahi/samba.service
samba_1  | >> CMD: exec docker CMD
samba_1  | runsvdir -P /container/config/runit
samba_1  | cannot read additional dns hostnames from testparm
samba_1  | cannot read netbios aliases from testparm
samba_1  | starting.
samba_1  | open_ep: SO_RCVBUFFORCE: Operation not permitted

those are the logs if I start it locally using the default docker-compose.yml from this repo - it seems to work fine

[MarvAmBass]

samba_1  | >> WSDD2 - DISABLED
samba_1  | >> EXTERNAL AVAHI: found external avahi, now maintaining avahi service file 'samba.service'
samba_1  | >> EXTERNAL AVAHI: internal avahi gets disabled
samba_1  | >> EXTERNAL AVAHI: list of services
samba_1  | -rw-rw-rw-    1 root     root           521 Dec 30 08:42 /external/avahi/samba.service
samba_1  | >> CMD: exec docker CMD
samba_1  | runsvdir -P /container/config/runit

those are my logs when I disable wsdd2 like you did - but samba is working

[pavelriha]

I will try the default compose .. I'm using the image for a few months with some user/shares config, it worked fine, but after I accidentaly pulled new version, it stoped working :(

would be fine if you could use TAGs, so we could go back to working version..

[MarvAmBass]

yeah I'm already working on a automated build which sets TAGs etc - should be ready in a few days

cause one time I accidently broke the container for 10 minutes - which is really bad with that many users depending on it

[pavelriha]

I tried the default compose (with commented the volumes part) and the result is the same
the container keep "starting", samba not working .. and after some timeout docker restart it

adding CAP_NET_ADMIN and WSDD2_DISABLE: 1 doesnt help

log look good I think

WSDD2 - DISABLED
CMD: exec docker CMD
runsvdir -P /container/config/runit
Found user 'avahi' (UID 86) and group 'avahi' (GID 86).
Successfully dropped root privileges.
avahi-daemon 0.8 starting up.
WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Successfully called chroot().
Successfully dropped remaining capabilities.
Loading service file /services/samba.service.
Joining mDNS multicast group on interface eth1.IPv4 with address 172.18.0.7.
New relevant interface eth1.IPv4 for mDNS.
Joining mDNS multicast group on interface eth0.IPv4 with address 10.0.11.3.
New relevant interface eth0.IPv4 for mDNS.
Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
New relevant interface lo.IPv4 for mDNS.
Network interface enumeration completed.
Registering new address record for 172.18.0.7 on eth1.IPv4.
Registering new address record for 10.0.11.3 on eth0.IPv4.
Registering new address record for 127.0.0.1 on lo.IPv4.
Server startup complete. Host name is 6867754c27c0.local. Local service cookie is 2477488976.
Service "StorageServer" (/services/samba.service) successfully established.

[MarvAmBass]

I'll have a deeper look, can you sent me some kind of anonyzed docker-compse.yml of yours? so I'll check it locally

thanks

• super strange behaviour -

[MarvAmBass]

ahh maybe it has something todo with avahi - I will look into the combinations of the three available services

[pavelriha]

even manualy
docker run --rm -it servercontainers/samba

look good (no visible error), but docker says "unhealthy"

docker ps|grep samba
30eaf9f057b3 servercontainers/samba "/container/scripts/…" 17 minutes ago Up 17 minutes (unhealthy) 139/tcp, 445/tcp heuristic_jang

[pavelriha]

may be only the HEALTHCHECK is problem?
I'm on docker swarm, maybe the manager needs the healthy status to open the service..

docker run --rm -it servercontainers/samba
from other console exec /bin/sh and
ps aux | grep '[0-9] root' | grep '[0-9] [s]mbd |/[w]sdd2|[a]vahi-daemon|[r]unsvdir'
1 root 0:00 runsvdir -P /container/config/runit
29 root 0:00 smbd --foreground
32 root 0:00 /usr/sbin/wsdd2
but the healtcheck script except 4

oh yes, as you said, the avahi is missing

[Hadatko]

Still an issue

[MarvAmBass]

@Hadatko can you describe it a bit more? what works and what doesn't?

[Hadatko]

@MarvAmBass sorry not much. As it behaves really weird. I was using full featured image. Then i switched to samba only. Never was able to get access to my files. But at some point i saw this:
open_ep: SO_RCVBUFFORCE: Operation not permitted
So i decided to do my own container.