You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 7, 2023. It is now read-only.
For some reason tsnet can't create files in the default state folder: tsnet: open tsstate/tailscaled.state.tmp1170394514: permission denied
It still panics with both named volumes and a local binding
However, if you try to use the home folder for the state (TS_SIDECAR_STATEDIR: . & - tsstate:/home/nonroot), it works nicely
A part of the docker-compose.yml
sidecar:
image: "ghcr.io/markpash/tailscale-sidecar"environment:
TS_AUTHKEY: tskey-ke9WLg5CNTRL-jdE98Dyg8KiRrrBjnzLQZRTS_SIDECAR_NAME: proxima-mainvolumes:
- ./bindings.json:/etc/ts-sidecar/bindings.json# both these don't work#- tsstate:/home/nonroot/tsstate#- ./state:/home/nonroot/tsstate
Logs
tgs-sidecar-1 | 2022/09/30 15:48:28 [v1] using fake (no-op) tun device
tgs-sidecar-1 | 2022/09/30 15:48:28 [v1] using fake (no-op) OS network configurator
tgs-sidecar-1 | 2022/09/30 15:48:28 [v1] using fake (no-op) DNS configurator
tgs-sidecar-1 | 2022/09/30 15:48:28 dns: using dns.noopManager
tgs-sidecar-1 | 2022/09/30 15:48:28 link state: interfaces.State{defaultRoute=eth0 ifs={eth0:[172.19.0.2/16]} v4=true v6=false}
tgs-sidecar-1 | 2022/09/30 15:48:28 magicsock: disco key = d:86b7c08b46a052b2
tgs-sidecar-1 | 2022/09/30 15:48:28 Creating wireguard device...
tgs-sidecar-1 | 2022/09/30 15:48:28 Bringing wireguard device up...
tgs-sidecar-1 | 2022/09/30 15:48:28 [v2] UDP bind has been updated
tgs-sidecar-1 | 2022/09/30 15:48:28 [v2] Interface state was Down, requested Up, now Up
tgs-sidecar-1 | 2022/09/30 15:48:28 Bringing router up...
tgs-sidecar-1 | 2022/09/30 15:48:28 [v1] warning: fakeRouter.Up: not implemented.
tgs-sidecar-1 | 2022/09/30 15:48:28 Clearing router settings...
tgs-sidecar-1 | 2022/09/30 15:48:28 [v2] Routine: receive incoming v4 - started
tgs-sidecar-1 | 2022/09/30 15:48:28 [v1] warning: fakeRouter.Set: not implemented.
tgs-sidecar-1 | 2022/09/30 15:48:28 Starting link monitor...
tgs-sidecar-1 | 2022/09/30 15:48:28 [v2] Routine: receive incoming v6 - started
tgs-sidecar-1 | 2022/09/30 15:48:28 Engine created.
tgs-sidecar-1 | 2022/09/30 15:48:28 [v2] Routine: receive incoming receiveDERP - started
tgs-sidecar-1 | 2022/09/30 15:48:28 tsnet: open tsstate/tailscaled.state.tmp23198575: permission denied
tgs-sidecar-1 exited with code 0
The text was updated successfully, but these errors were encountered:
Seeing the same when using a volume. If i mount it over /home/nonroot it has no permission issues, but mounted on any other path it shows permission denied. I'm assuming it's because the process runs as user ID 65532 and there is no way to change ownership/access permissions of the mounted volume.
For some reason tsnet can't create files in the default state folder:
tsnet: open tsstate/tailscaled.state.tmp1170394514: permission denied
It still panics with both named volumes and a local binding
However, if you try to use the home folder for the state (
TS_SIDECAR_STATEDIR: .
&- tsstate:/home/nonroot
), it works nicelyA part of the docker-compose.yml
Logs
tgs-sidecar-1 | 2022/09/30 15:48:28 [v1] using fake (no-op) tun device
tgs-sidecar-1 | 2022/09/30 15:48:28 [v1] using fake (no-op) OS network configurator
tgs-sidecar-1 | 2022/09/30 15:48:28 [v1] using fake (no-op) DNS configurator
tgs-sidecar-1 | 2022/09/30 15:48:28 dns: using dns.noopManager
tgs-sidecar-1 | 2022/09/30 15:48:28 link state: interfaces.State{defaultRoute=eth0 ifs={eth0:[172.19.0.2/16]} v4=true v6=false}
tgs-sidecar-1 | 2022/09/30 15:48:28 magicsock: disco key = d:86b7c08b46a052b2
tgs-sidecar-1 | 2022/09/30 15:48:28 Creating wireguard device...
tgs-sidecar-1 | 2022/09/30 15:48:28 Bringing wireguard device up...
tgs-sidecar-1 | 2022/09/30 15:48:28 [v2] UDP bind has been updated
tgs-sidecar-1 | 2022/09/30 15:48:28 [v2] Interface state was Down, requested Up, now Up
tgs-sidecar-1 | 2022/09/30 15:48:28 Bringing router up...
tgs-sidecar-1 | 2022/09/30 15:48:28 [v1] warning: fakeRouter.Up: not implemented.
tgs-sidecar-1 | 2022/09/30 15:48:28 Clearing router settings...
tgs-sidecar-1 | 2022/09/30 15:48:28 [v2] Routine: receive incoming v4 - started
tgs-sidecar-1 | 2022/09/30 15:48:28 [v1] warning: fakeRouter.Set: not implemented.
tgs-sidecar-1 | 2022/09/30 15:48:28 Starting link monitor...
tgs-sidecar-1 | 2022/09/30 15:48:28 [v2] Routine: receive incoming v6 - started
tgs-sidecar-1 | 2022/09/30 15:48:28 Engine created.
tgs-sidecar-1 | 2022/09/30 15:48:28 [v2] Routine: receive incoming receiveDERP - started
tgs-sidecar-1 | 2022/09/30 15:48:28 tsnet: open tsstate/tailscaled.state.tmp23198575: permission denied
tgs-sidecar-1 exited with code 0
The text was updated successfully, but these errors were encountered: