I am attempting to run a Samba DC on a Resin OS instance inside a container. When I attempt to provision a domain controller I get the error “ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires. Try the mounting the filesystem with the ‘acl’ option.”
The error itself is pretty self explanatory but I have no idea what the correct way to enable posix ACLs on Resin is? According to mount it is running ext4 which means it is certainly possible but reviewing /etc/fstab none of the mounted filesystems correspond.
Thanks for the reply, I am running resin/beaglebone-black-alpine:3.6.
I am not currently running through the web console but remounting /mnt/data with acl doesnt seem to help but I am not sure if the base OS has the acl package or equivalent installed?
Also do you know if the error you are seeing is being caused by access to the /data volume or some other part of the filesystem? It’s unclear whether the default storage driver for docker (aufs) supports ACLs or not but /data should be a simple ext4 volume.
I am using the vanilla Beaglebone image found on the resin.io download page. It doesn’t have /data but does have /mnt/data which seems to contain the docker containers.
According to the aufs homepage it does support xattr and acls. I am unsure why the remount isn’t mounting with acls. According to dmesg the remount is occurring.
After remounting with the acl option do you see a change in /proc/mounts? It might be worth also trying stopping docker (systemctl stop docker) before remounting.
Hi. Can you use a .dev image and try logging into the host OS?
You can use the serial debug conenction to log in the host OS or ssh to port 22222 (-p 22222) if you are in the same network with the board. Once connected, you can check with “tune2fs -l /dev/mmcblk0p6” and see if acl is really enabled on that partition’s filesystem
@phoenixmage need some care with this, as the modifications to the system might prevent you from resin host upgrading the device in the future (or lose the modifications / data)
It would be interesting to see what’s the core issue that switching to overlay2 fixed compared to aufs, because if both has ACL enabled, then maybe the original reported issue is incorrect/incomplete… Do you have a project that you can share with us, and we can try on devices to try to reproduce the issue?
Overlay2 is already used for some of the devices but not the default for all, what’s the device type that you are using? (looks like haven’t asked that yet). We are working on some resinOS modifications that would allow you to make these changes reliably and in a “proper” way, but it’s still in the works…
@imrehg At the moment I am doing everything manually in an exec session as its easier to try things but ultimately my current project is to get samba running as a DC on Resin (in the larger goal of only spinning up my compute lab when needed).
I think the core issue is despite the fact that the latest versions of aufs support POSIX ACLs the version that is shipping with the ResinOS docker instance isn’t, and that may not be a ResinOS specific issue.
I switched to overlay2 because it definitely does support POSIX ACL in docker.
I am rolling with Beagle Bone Black for my current testing but will also be running with Raspberry Pi 3 once I have a working image.
I will share the working Dockerfile once I have that working. Ultimately an easy manual test inside a container is: touch test.txt setfacl -m g:adm:rwx test.txt getfacl test.txt
The output should be something like:
# file: test.txt
# owner: root
# group: root
user::rw-
group::r–
group:adm:rwx
mask::rwx
other::r–
Hi, how did you asses that the aufs version shipped in resinOS does not support aufs? I have double-checked and we do have the aufs version which has a fix for acl. I checked the upstream and haven’t found new acl related commits in aufs 4.9
Have you seen recent fixes in aufs that we do not ship?