Jellyfin docker container - Access to the path '/etc/resolv.conf' is denied

  • Hi


    I am trying install jellyfin on docker and I am getting a "Access to the path '/etc/resolv.conf' is denied" error (line 34 in code snippet 1) with both the official and linuxserver image.


    Code snippet 1


    An example of the stack i used in portainer is as follows;


    Code snippet 2


    With my setup i have a user called dockermgnr with PUID 1000 and in an applications group with PGID of 1001.

    I have a SSD on which the docker files and container data are kept. dockermgnr and the applications group have read/write access.

    When i check file permission for /etc/resolv.conf I get the result posted below. Any attempt to chown or chmod the file is unsuccessful and leaves the file as posted below.


    root@OMV:~# ls -l /etc/resolv.conf

    lrwxrwxrwx 1 root root 32 Apr 18 12:43 /etc/resolv.conf -> /run/systemd/resolve/resolv.conf


    Anyone know how i can solve this issue because at the moment I can't reach the jellyfin webui on any ports?

  • messier63

    Added the Label OMV 6.x (RC1)
    • Official Post

    i have a user called dockermgnr with PUID 1000 and in an applications group with PGID of 1001.

    Your PGID is wrong. I'm not sure if it is what is causing your problems, but it might be. I'm not sure what you mean by "applications group" but all of the PGID's I've seen in OMV is in the range 10x. Here are my user and group:

    Code
    $ id wayne
    uid=1000(wayne) gid=100(users) groups=100(users),27(sudo),115(ssh),996(openmediavault-webgui),994(docker)

    run id dockermgnr and see what your gid is. I bet it is 100 also.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

  • Your PGID is wrong. I'm not sure if it is what is causing your problems, but it might be. I'm not sure what you mean by "applications group" but all of the PGID's I've seen in OMV is in the range 10x. Here are my user and group:

    Code
    $ id wayne
    uid=1000(wayne) gid=100(users) groups=100(users),27(sudo),115(ssh),996(openmediavault-webgui),994(docker)

    run id dockermgnr and see what your gid is. I bet it is 100 also.

    You're right, my gid is 100. The "applications" group is a group i created via OMV gui to access various shared folders that contain app (such as docker) data


    I updated the jellyfin stack but the outcome is still the same, no access to the webgui and the same "Access to the path '/etc/resolv.conf' is denied" error.


    root@OMV:~# id dockermngr

    uid=1000(dockermngr) gid=100(users) groups=100(users),1001(applications)

    • Official Post

    What does ls -l /etc/resolv.conf return?

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

    Edited once, last by Agricola ().

    • Official Post

    Something you can do is comment out all the port lines except the first (8096) one. Also comment out the devices section. Then redeploy the stack. See what happens.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

  • What does ls -l /etc/resolv.conf return?

     root@OMV:~# ls -l /etc/resolv.conf

     lrwxrwxrwx 1 root root 32 Apr 18 12:43 /etc/resolv.conf -> /run/systemd/resolve/resolv.conf 


    Any attempt to chown or chmod the file is unsuccessful and leaves the file as posted above.


    Something you can do is comment out all the port lines except the first (8096) one. Also comment out the devices section. Then redeploy the stack. See what happens.

    Tried doing this as well and still the same error. I deployed nginx and qbittorrent and they both worked with no issues.

  • Your volumes are wrong.

    Read the github properly to set them.


    You don't touch the/etc/resolv.conf, that file belongs to the host, NOT the container.

  • Your volumes are wrong.

    Read the github properly to set them.


    You don't touch the/etc/resolv.conf, that file belongs to the host, NOT the container.

    I can access the webui now. I was making the mistake of running chmod on the /etc/resolv.conf file on OMV itself when i should be doing that command inside docker via jellyfin's Exec Console.


    Is this a regular issue/bug?


    I'll investigate my volume definition. It may be the reason behind the problem I am facing.

  • I corrected my volume definitions to the code below. I can see the folders in Jellyfin.

    However I do not think this was the reason behind the /etc/resolv.conf error.


    Code
        volumes:
          - /srv/dev-disk-by-uuid-ssd/dockerappdata/jellyfin:/config
          - /srv/mergerfs/datapool/TV-Shows:/tvshows  #previously /data/tvshows
          - /srv/mergerfs/datapool/Films:/movies  #previously /data/movies
  • Post the output of  docker logs -f jellyfin

    As a bandaid, I went into the container's exec console via portainer and ran the following to give me access to '/etc/resolv.conf'


    Code
    chmod 644 /etc/resolv.conf

    This allowed me to access Jellyfin's webui. However, that means i have to run the same command i redeploy the container.

  • Let's start from the top:


    Your volume for the config doesn't make any sense:

    Code
    /srv/dev-disk-by-uuid-ssd/dockerappdata/jellyfin:/config

    List the output of lsblk

    I'm pretty shure that there's no external drive with a UUID named ssd

    Which means that your config is beeing binded to the OS drive under /srv


    Post your latest docker-compose.yml here so we can edit it to a proper place.


    A sample working one is this (my own although I don't use it anymore.

    Just so you can compare.

  • The ssd was me just making an abbreviation which i guess on reflection will just cause confusion.

    The volume mounts are correct so I'll post all my config files exactly as I've set things up


    My docker files are on my OS SSD drive which has been partitioned into two volumes; one for OMV the other for docker.

    The partition for docker is nvme0n1p4 259:4 0 100G 0 part /srv/dev-disk-by-uuid-7655cb82-5790-4f01-a9a0-42688f930df5 from below.

    On nvme0n1p4 there are two folders/directories

    1. docker - for docker installation
    2. dockerappdata - for container data. This folder is a shared folder that i can access via smb

    I created a user called dockermgnr which as the following id details

    Code
    uid=1000(dockermngr) gid=100(users) groups=100(users),1001(applications)

    So for my latest docker.yaml file, i have the following

    I believe the above aligns with your yaml file with the exception that i don't use symlinks and all ports are active

  • OK, so what happens when you open a browser on another PC on the same LAN with http://IP of OMV:8096


    Just a remark: you can comment with a # lines 11, 18, 19 and 20.

    For LAN access, you only need port 8096

    If you intend on opening jellyfin to the web (strongly advise you not to) then it's better to reverse proxy it with SWAG.


    You can set the YML along side the SWAG service and a free DNS service like duckdns.

  • I just checked and in the container /etc/resolv.conf is 544, which is correct.


    Can you give me the output of these commands on your system:


    Code
    docker run --rm -it --entrypoint="/bin/sh" lscr.io/linuxserver/jellyfin
    ls -l /etc/resolv.conf
    exit

    Here it looks like this:


    Code
    $ docker run --rm -it --entrypoint="/bin/sh" lscr.io/linuxserver/jellyfin
    # ls -l /etc/resolv.conf
    -rw-r--r-- 1 root root 59 Apr 27 12:17 /etc/resolv.conf
    # exit
    $

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.


  • I get an unable to connect error on firefox and chrome on my laptop and phone.

    As did as you suggested in commenting out lines 11, 18, 19 and 20 and same result


    See below for output

    Code
    root@OMV:~# docker run --rm -it --entrypoint="/bin/sh" lscr.io/linuxserver/jellyfin
    # ls -l /etc/resolv.conf
    -rw-r----- 1 root root 618 Apr 27 12:24 /etc/resolv.conf
    # exit

    I see that my output is diffferent to yours, what could cause the issue?

  • So your image is broken. The permissions should be 644, not 640.

    File an issue at linuxserver.


    There is a workaround, as the linuxserver images allow to mount custom startup scripts if you bind them to the correct location.

    Check the docs.


    The script would be


    Bash
    #!/bin/sh
    
    chmod 644 /etc/resolv.conf

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

  • I've talking to linuxserver in parallel to this thread and the response is as follows


    Quote

    I have no idea why docker would be creating the resolv.conf with the wrong permissions. The only other reference to it I can find is someone also on OMV with a similar problem but no solution

    So it seems like I'll have to run the chmod 644 command

  • Bring the container down and delete the config folder.


    Launch again the container to recreate the config folder.


    Check the permissions again

  • Soma I do not think, /etc is bound to /config in the container. In the command I gave above, no volume was binded into the container and resolv.conf hab wrong permissions.


    Something weird must be going on.


    messier63 can you try with a different container:

    Code
    docker run --rm -it debian ls -lah /etc/resolv.conf

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!