ResinOS - Docker - Edison Led Blink only works with -t flag

Product support
1

Hi,

I’m running ResinOS 2.0.5+rev1 on my Intel Edison. I’m running this docker image to get the built-in led to blink: https://github.com/shaunmulligan/edison-blink-node

I’m not using the resin.io platform at the moment, just SSH-ing directly to the device and issuing the commands there.

The problem I’m running into is that the led only blinks if I pass the -t flag to the docker command:
$ docker run -t --privileged edison-blink-node

However, if I don’t pass this flag the led doesn’t blink:
$ docker run --privileged edison-blink-node

Is there a reasonable explanation for this, or is it some strange bug, perhaps having to do with the MRAA library?

In both cases docker logs <container id> shows the same message:

Failed to initialize automounter: Permission denied
Unit proc-sys-fs-binfmt_misc.automount entered failed state.

Secondly, let’s say I don’t want to run the container in privileged mode, would access to read/write on GPIO pins be possible by mounting the appropriate device files (e.g. /sys/class/gpio) as a volume in the container. I tried this, but it isn’t working:
$ docker run -t -v /sys:/sys edison-blink-node

Thanks for any insight you can give me.

3

Hello daniel,

I am not sure why the -t flag is needed, as you mentioned it might be because of some interaction with the MRAA library but I will have to investigate this further.

Regarding your second issue I believe you should be able to run the container without privileged mode; could you try running
docker run --cap-add SYS_RAWIO --device /dev/mem edison-blink-node and let us know if it works for you.

4

Thanks Giovanni for the quick response. I tried running the command you mention and it doesn’t work. I get the following error:
Failed to mount tmpfs at /run: Operation not permitted

I was under the suspicion that libmraa was checking that the EUID was 0, so in that case it would only work in privileged mode (correct me if I’m wrong). However, grep-ing the source code of libmraa (https://github.com/intel-iot-devkit/mraa) I’m not able to find any such check:

$ grep -inr 'euid' . 
./src/mraa.c:112:    uid_t proc_euid = geteuid();
./src/mraa.c:113:    struct passwd* proc_user = getpwuid(proc_euid);
./src/mraa.c:122:    syslog(LOG_NOTICE, "libmraa version %s initialised by user '%s' with EUID %d",
./src/mraa.c:123:           mraa_get_version(), (proc_user != NULL) ? proc_user->pw_name : "<unknown>", proc_euid);

I also notice that the blink example has ENV INITSYSTEM ON, but I don’t know if that requires to be run in privileged mode as well.

That said, I must say that the major issue is that I want to use ResinOS with Docker swarm. But Docker v17.03.1 doesn’t support running containers in privileged mode when deployed to a swarm (docker create service), nor adding capabilities. I though a possible workaround would be to mount the gpio /sys files. I guess this is an issue you must also be facing at Resin.io as well. Maybe you know something about this?

5

@daniel what about mounting /run too?

6

Hi craig,

Mounting the /run I get a more peculiar error:

$ docker run -t -v /run --cap-add SYS_RAWIO --device /dev/mem edison-blink-node
Systemd init system enabled.
Failed to mount tmpfs at /run/lock: Operation not permitted

So I mounted a few more things:

$ docker run -t -v /run -v /run/lock -v /sys/fs/cgroup/systemd --cap-add SYS_RAWIO --device /dev/mem  edison-blink-node
Systemd init system enabled.
systemd 215 running in system mode. (+PAM +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ -SECCOMP -APPARMOR)
Detected virtualization 'other'.
Detected architecture 'x86'.
Failed to set hostname to <fb611cae27e5>: Operation not permitted
Failed to install release agent, ignoring: No such file or directory
/usr/src/app/main.js:4
var myOnboardLed = new mraa.Gpio(13); //LED hooked up to digital pin 13
                   ^

Error: Illegal arguments for construction of _exports_Gpio
    at Error (native)
    at Object.<anonymous> (/usr/src/app/main.js:4:20)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10)
    at Module.load (module.js:487:32)
    at tryModuleLoad (module.js:446:12)
    at Function.Module._load (module.js:438:3)
    at Module.runMain (module.js:604:10)
    at run (bootstrap_node.js:394:7)
    at startup (bootstrap_node.js:149:9)

Checking the journalctl of the running container I get this:

Jun 19 11:14:56 fb611cae27e5 systemd-journal[25]: Runtime journal is using 8.0M (max allowed 288.3M, trying to leave 432.5M free of 2.0G 
Jun 19 11:14:56 fb611cae27e5 systemd-journal[25]: Runtime journal is using 8.0M (max allowed 288.3M, trying to leave 432.5M free of 2.0G 
Jun 19 11:14:56 fb611cae27e5 systemd-journal[25]: Journal started
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Started Various fixups to make systemd work better on Debian.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Mounting Debug File System...
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Started udev Coldplug all Devices.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Started Create list of required static device nodes for the current kernel.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Started Create Static Device Nodes in /dev.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Started Set Up Additional Binary Formats.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Starting Load/Save Random Seed...
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Started udev Kernel Device Manager.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Starting Copy rules generated while the root was ro...
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Starting Slices.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Reached target Slices.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Reached target Local File Systems.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Starting Create Volatile Files and Directories...
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Starting Remote File Systems.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Starting Trigger Flushing of Journal to Persistent Storage...
Jun 19 11:14:56 fb611cae27e5 systemd[1]: sys-kernel-debug.mount mount process exited, code=exited status=32
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Failed to mount Debug File System.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Unit sys-kernel-debug.mount entered failed state.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Started Load/Save Random Seed.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Started Copy rules generated while the root was ro.
Jun 19 11:14:56 fb611cae27e5 systemd-journal[25]: Runtime journal is using 8.0M (max allowed 288.3M, trying to leave 432.5M free of 2.0G 
Jun 19 11:14:56 fb611cae27e5 mount[26]: mount: permission denied
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Started Create Volatile Files and Directories.
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Starting Update UTMP about System Boot/Shutdown...
Jun 19 11:14:56 fb611cae27e5 systemd[1]: Starting LSB: Raise network interfaces....
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Started Update UTMP about System Boot/Shutdown.
Jun 19 11:14:57 fb611cae27e5 networking[32]: Configuring network interfaces...done.
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Started LSB: Raise network interfaces..
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Starting Network.
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Reached target Network.
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Starting System Initialization.
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Reached target System Initialization.
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Starting Daily Cleanup of Temporary Directories.
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Started Daily Cleanup of Temporary Directories.
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Starting Timers.
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Reached target Timers.
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Starting Basic System.
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Reached target Basic System.
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Starting Resin.io User Application...
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Started Resin.io User Application.
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Starting /etc/rc.local Compatibility...
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Starting Cleanup of Temporary Directories...
Jun 19 11:14:57 fb611cae27e5 systemd[1]: Started /etc/rc.local Compatibility.
Jun 19 11:14:58 fb611cae27e5 libmraa[68]: libmraa version v1.1.1 initialised by user 'root' with EUID 0**
Jun 19 11:14:58 fb611cae27e5 libmraa[68]: edison: Arduino board detected**
Jun 19 11:14:58 fb611cae27e5 libmraa[68]: gpio214: Failed to open 'value': Read-only file system**
Jun 19 11:14:58 fb611cae27e5 libmraa[68]: libmraa initialised for platform 'Intel Edison' of type 2**
Jun 19 11:14:58 fb611cae27e5 libmraa[68]: gpio229: dir: Failed to open 'direction' for writing: Read-only file system**
Jun 19 11:14:58 fb611cae27e5 libmraa[68]: gpio13: init: unable to setup muxes**
Jun 19 11:14:58 fb611cae27e5 systemd[1]: launch.service: main process exited, code=exited, status=1/FAILURE

I noticed that the example I am using from github is based on FROM resin/edison-node:latest which is not the latest (was replaced by intel-edison-node). However, the new version doesn’t seem to have libmraa available (Resin/intel-edison-node + MRAA, Module did not self-register opened 2d ago). Maybe we should wait until that issue is resolved?