Unable to start Kestrel. System.Net.Sockets.SocketException (13): Permission denied while running alpine as non root user #765
Description
Steps to reproduce the issue
1.Use the below Dockerfile to build image
FROM microsoft/dotnet:2.1-aspnetcore-runtime-alpine3.7
EXPOSE 5000
WORKDIR /app
COPY ./app/* /app/
RUN adduser -D buildadmin
RUN chown buildadmin:buildadmin /app /app/*
USER buildadmin
ENTRYPOINT ["dotnet", "Template.Sample.dll"]
- Building and running the image gives below error
18:10:59 INF] Starting web host
[18:10:59 INF] User profile is available. Using '/home/buildadmin/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
[18:10:59 INF] Creating key {c07b8334-0237-48ed-817e-9dcb73382d0e} with creation date 2018-10-22 18:10:59Z, activation date 2018-10-22 18:10:59Z, and expiration date 2019-01-20 18:10:59Z.
[18:10:59 WRN] No XML encryptor configured. Key {c07b8334-0237-48ed-817e-9dcb73382d0e} may be persisted to storage in unencrypted form.
[18:10:59 INF] Writing data to file '/home/buildadmin/.aspnet/DataProtection-Keys/key-c07b8334-0237-48ed-817e-9dcb73382d0e.xml'.
[18:10:59 FTL] Unable to start Kestrel.
System.Net.Sockets.SocketException (13): Permission denied
at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName)
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketTransport.BindAsync()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.<>c__DisplayClass22_01.<<StartAsync>g__OnBind|0>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.BindAsync(AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.AnyIPListenOptions.BindAsync(AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func2 createBinding)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication1 application, CancellationToken cancellationToken) [18:10:59 FTL] Host terminated unexpectedly System.Net.Sockets.SocketException (13): Permission denied at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName) at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Bind(EndPoint localEP) at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketTransport.BindAsync() at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.<>c__DisplayClass22_01.<g__OnBind|0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindEndpointAsync(ListenOptions endpoint, AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.AnyIPListenOptions.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func2 createBinding) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.Internal.WebHost.StartAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String shutdownMessage)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(IWebHost host)
at Template.Sample.Program.Main(String[] args) in /repo/src/production/Template.Sample/Program.cs:line 20
Application is shutting down...
Expected behavior
It should start the webserver successuflly
Actual behavior
Additional information (e.g. issue happens only occasionally)
When i run dotnet as root user, everything works as expected
Output of docker version
docker info
Containers: 20
Running: 0
Paused: 0
Stopped: 20
Images: 37
Server Version: 18.06.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-1023-azure
Operating System: Ubuntu 16.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 6.807GiB
Name: actaz-prod-lbf3
ID: 2SKW:7Y6P:KJBW:RAON:HGZ4:TDLT:2M5J:NWAF:EMSL:ZYHW:TZAO:L736
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
(paste your output here)
Output of docker info
(paste your output here)