Lsetxattr secuirty.capability /bin/ping: operation not supported

youngt2 · April 10, 2024, 5:32pm

Hoping someone here has some insight to this issue, even though it is not a specific pihole issue.

Trying to run pihole on openwrt. When pulling the pihole:latest image, the following error occurs:

root@OpenWrt:/mnt/docker# docker pull pihole/pihole
Using default tag: latest
latest: Pulling from pihole/pihole
5b16029f28c4: Pull complete
bfee919580cf: Extracting [==================================================>]  55.75MB/55.75MB
4f4fb700ef54: Download complete
e96c806aa072: Download complete
44bcc07472f9: Download complete
fde0fc002115: Download complete
2653524f373e: Download complete
c16fe7ea4f77: Download complete
5e7ffeb418c7: Download complete
failed to register layer: lsetxattr security.capability /bin/ping: operation not supported

This error has been seen elsewhere with other images.

github.com/AdguardTeam/AdGuardHome

docker pull failed to register layer: lsetxattr security.capability

opened 05:22AM - 11 Mar 24 UTC

closed 04:54AM - 16 Mar 24 UTC

dc-me

### Prerequisites - [X] I have checked the [Wiki](https://github.com/AdguardTea…m/AdGuardHome/wiki) and [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a) and found no answer - [X] I have searched other issues and found no duplicates - [X] I want to report a bug and not [ask a question or ask for help](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a) - [X] I have set up AdGuard Home correctly and [configured clients to use it](https://github.com/AdguardTeam/AdGuardHome/wiki/Clients). (Use the [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a) for help with installing and configuring clients.) ### Platform (OS and CPU architecture) Linux, ARM64 ### Installation Docker ### Setup On one machine ### AdGuard Home version latest ### Action docker pull adguard/adguardhome:latest ### Expected result pull the image ### Actual result failed to register layer: lsetxattr security.capability /opt/adguardhome/AdGuardHome: operation not supported ### Additional information and/or screenshots ![image](https://github.com/AdguardTeam/AdGuardHome/assets/8910772/002d1eea-c560-4dd3-94f0-8604d9cd8ea0) ![image](https://github.com/AdguardTeam/AdGuardHome/assets/8910772/67161572-5484-4fdc-a30e-d72281fd3d9a)

However, when pulling pihole/pihole:development-v6 there is no error. I am able to run pihole without issues. I do see the following in the log:

pihole  |   [i] Setting capabilities on pihole-FTL where possible
pihole  |   [i] Applying the following caps to pihole-FTL:
pihole  |         * CAP_CHOWN
pihole  |         * CAP_NET_BIND_SERVICE
pihole  |         * CAP_NET_RAW
pihole  | Failed to set capabilities on file '/usr/bin/pihole-FTL': Not supported

but it does not seem to affect anything and as far as I can tell Pi-hole is working.

Anyone have some insight into why latest won't pull, but the v6 would?

norimicry · May 30, 2024, 4:16am

running into this issue myself. did you ever find a solution to this? If the development image works but not the latest, something in the main branch is keeping it from being pulled. Do you happen to be pulling you images to an alternate file system or a mount? I'm trying to pull mine to an nfs mount. May be worth filing a bug report if one branch works and the other doesn't.

rdwebdesign · May 30, 2024, 6:47am

Both links posted by you are pointing to an issue in OpenWRT kernel.

youngt2 · May 30, 2024, 3:04pm

There has been some talk on the openwrt forum about using BTRFS mount for an external drive.
I didn't get a chance to try it yet, doesn't help when using overlay.