pleroma.debian.social

pleroma.debian.social

zhenech zhenech@chaos.social

"Failed to connect"

AND WHYYYYYYYYYYYYYYYYYYYYYYYYYYYYY?!

zhenech zhenech@chaos.social

"[Errno 13] Permission denied: '/dev/ttyUSB0'"

Okay, but, WHYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY?!

tokudan tokudan@chaos.social

@zhenech check the group. serial devices are often in an extra group not given to all users by default

towo towo@chaos.social

@zhenech
AppArmor, SELinux, group not imported into container

zhenech zhenech@chaos.social

@towo no, no, no.
podman with --group-add keep-groups
if I exec into the container, I can read and write to the device

Jonathan Dowland jmtd
@zhenech @towo I ended up tunnelling tty over a socket with socat for reliable sharing into a container

towo towo@chaos.social

@zhenech
Seccomp?

Alexander Janßen itnomad@ruhr.social

@zhenech
setenforce 0
chmod 777 /dev/*
touch /etc/y_u_mad

zhenech zhenech@chaos.social

@jmtd @towo It worked before I switched the setup from CentOS to Debian…

chmod 777 on the device makes it work. WHY?!

zhenech zhenech@chaos.social

@itnomad

towo towo@chaos.social

@zhenech
@jmtd Rootless?

zhenech zhenech@chaos.social

@towo @jmtd what else?

Jonathan Dowland jmtd
@zhenech @towo I’m still starting mine via root. Been meaning to revisit the pros and cons of
replies
0
announces
0
likes
0

towo towo@chaos.social

@zhenech
podman info --debug | yq .host.ociRuntime.name? runc doesn't do group keep
@jmtd

zhenech zhenech@chaos.social

@towo @jmtd crun it is

towo towo@chaos.social

@zhenech
@jmtd I'm feeling stumped.

zhenech zhenech@chaos.social

@towo @jmtd same.

zhenech zhenech@chaos.social

@towo @jmtd and the winner is: fucking inheritance.

The containers are started by systemd.
The user got the dialout group only recently.
The systemd process didn't have that group yet, so the container launched by it did neither.
My "podman exec" was launched by my shell, which DID have the new group.

tableflip.gif