I have an alpine container deployed to an Orange pi Zero using the local deployment method. The compose file contains privileged access for the container and UDEV is set in my dockerfile yet I am still getting the error:
Unable to start udev, container must be run in privileged mode to start udev in the logs and USB drives won’t mount.
I have done a
balena inspect on the running container and can confirm from the output that it has privileged mode enabled:
In the container I have run a printenv and can see:
I had a look at an example script that returns this error message: https://github.com/balena-io-library/base-images/blob/7f7d932e3b9349639a633ba75c44338b9aed0ca2/balena-base-images/i386/alpine/3.11/run/Dockerfile
It looks like it identifies whether the privileged access is granted by executing:
mount -t devtmpfs none /tmp/_balena.
When I execute this command in my container I get the following error message:
mount: /tmp/_balena: must be superuser to use mount.
This is presumably because in my Alpine Dockerfile I set the user to ‘nobody’ which provides limited access for security reasons:
This is the only reason I can think of that the mount -t devtmpfs none /tmp/_balena would be failing despite it having permission. When I connect to my container with root privileges (
balena exec -it --user root nginx_3_1 sh) the same mount command executes fine.
Am I barking up the wrong tree here or likely on to the issue. And if on to the issue, any suggestions to overcome the restriction without having to give full admin privileges to the container?