Acessing /sys/fs/cgroup

I’m trying to run the RaspAp project, which needs access to /sys/fs/cgroup:ro. Here’s the example Docker run command:

docker run --name raspap -it -d --privileged --network=host -v /sys/fs/cgroup:/sys/fs/cgroup:ro --cap-add SYS_ADMIN jrcichra/raspap-docker

But there seems to be no way of adding absolute path volumes to Balena. Is there a way to mitigate this?

Hi @luandro,

Thanks for reaching out. Can you help with a bit more details on what you mean by absolute path volumes (is this a custom path?) and what is the error you see on balenaOS ? We support named volumes which generally reside at /var/lib/docker/volumes/<APP ID>_resin-data/_data.

Ref: Communicate outside the container - Balena Documentation


Thanks for the reply @nitish! It seems the project needs access to the host machine´s /sys/fs/cgroup, and that is done my mapping thru volumes. It’s different from the named volume which keeps data.

I’m not exactly sure how/why the projects needs it. Would like to know if someone has trailed similar paths before diving deeper into the code.

Hi @luandro! Are you creating a multicontainer app? In that case, I believe you just need to set the io.balena.features.sysfslabel on your docker-compose.yml to achieve what you need. See here for details: Multiple containers - Balena Documentation

Please give it a try and let us know if it worked!

1 Like

That must be it, thanks @lmbarros! But I’m still getting errors:

 Cannot determine cgroup we are running in: No medium found
 Failed to allocate manager object: No medium found
 [!!!!!!] Failed to allocate manager object.
 Exiting PID 1...

This is what my docker-compose looks like:

version: '2.1'

    image: jrcichra/raspap-docker:latest  
    restart: always
    privileged: true
    network_mode: host
      io.balena.features.sysfs: '1'
      TZ: 'America/Sao_Paulo'
      - SYS_ADMIN

Any idea what could be missing?

@lmbarros @mpous @klutchell any tips on how I should be doing this?

@luandro Do you know why sysfs is required from the host? There is very little documentation on the containerization of the RaspAP application.

Does it run without mounting sysfs from the host? What if you also added procfs from the host with io.balena.features.procfs? I think we need to understand what the requirements are to run this application properly in a container.

1 Like

Thanks for the response @klutchell. Tried adding io.balena.features.procfs but started getting:

Cannot be run in a chroot() environment.

Guess I’ll have to investigate the RasAP project further to understand it’s requirements.

Found some related stuff:

Hey @luandro, something I ran into recently when trying to run systemd in a container made me think of this. Have you tried adding pid: host to your docker-compose file? I found this enabled systemd to run in a chroot for something I was testing and it might help you here.

Do you ever get around this issue?