Error on start: can not run the container

[mauriva]

Behaviour

I am trying to start Samba in a container using the latest version of your image, but the container doesn't start properly.

Steps to reproduce this issue

1. Place the docker-compose.yml and config.yml in the proper directory
2. Give the command docker compose up -d

Expected behaviour

The container should start without error.

Actual behaviour

The container doesn't start (see below for log).
The same behaviour happens also after the cache and lib folders and prune the system.

Configuration

• Docker version (type docker --version) : Docker version 24.0.4, build 3713ee1
• Docker compose version if applicable (type docker-compose --version) : Docker Compose version v2.19.1
• Platform (Debian 9, Ubuntu 18.04, ...) : Debian Linux 12 (is a LXC container that runs in Proxmox 8.0.3)
• System info (type uname -a) : Linux pxdocker 6.2.16-4-pve #1 SMP PREEMPT_DYNAMIC PVE 6.2.16-5 (2023-07-14T17:53Z) x86_64 GNU/Linux
• Include all necessary configuration files : docker-compose.yml, .env, ...
  docker-compose.yml

version: "3.5"

services:
  samba:
    image: crazymax/samba
    container_name: samba
    network_mode: host
    volumes:
      - "./data:/data"
      - "/mnt:/samba/share"
    environment:
      - "TZ=Europe/Rome"
      - "SAMBA_LOG_LEVEL=0"
    restart: always

config.yml

auth:
  - user: myuser
    group: mygroup
    uid: 1000
    gid: 1000
    password: mypwd

global:
  - "force user = myuser"
  - "force group = mygroup"

share:
  - name: pxv
    path: /samba/share
    browsable: yes
    readonly: no
    guestok: no
    validusers: myuser
    writelist: myuser
    veto: no

ENV

PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
SAMBA_LOG_LEVEL: 0
TZ: Europe/Rome

Docker info

Client: Docker Engine - Community
 Version:    24.0.4
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.19.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 2
  Running: 2
  Paused: 0
  Stopped: 0
 Images: 2
 Server Version: 24.0.4
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: false
  userxattr: true
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: active
  NodeID: x5q8ghhnpx9ohgc5awn539t0d
  Is Manager: true
  ClusterID: pr62potg0aufrqzhzzulr5o7n
  Managers: 1
  Nodes: 1
  Default Address Pool: 10.0.0.0/8  
  SubnetSize: 24
  Data Path Port: 4789
  Orchestration:
   Task History Retention Limit: 5
  Raft:
   Snapshot Interval: 10000
   Number of Old Snapshots to Retain: 0
   Heartbeat Tick: 1
   Election Tick: 10
  Dispatcher:
   Heartbeat Period: 5 seconds
  CA Configuration:
   Expiry Duration: 3 months
   Force Rotate: 0
  Autolock Managers: false
  Root Rotation In Progress: false
  Node Address: 192.168.0.84
  Manager Addresses:
   192.168.0.84:2377
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
 runc version: v1.1.7-0-g860f061
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.2.16-4-pve
 Operating System: Debian GNU/Linux 12 (bookworm)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 8GiB
 Name: pxdocker
 ID: bb34b978-5962-44f8-95fe-a4721bbc6fad
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Logs

Setting timezone to Europe/Rome
Initializing files and folders
Setting global configuration
Creating user myuser/mygroup (1000:1000)
addgroup: group 'mygroup' in use
Add global option: force user = myuser
Add global option: force group = mygroup
Creating share pxv
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)
Server role: ROLE_STANDALONE
# Global parameters
[global]
	disable netbios = Yes
	disable spoolss = Yes
	dns proxy = No
	local master = No
	map to guest = Bad User
	pam password change = Yes
	printcap name = /dev/null
	security = USER
	server role = standalone server
	server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
	server string = Docker Samba Server
	smb1 unix extensions = No
	smb ports = 445
	usershare allow guests = Yes
	winbind scan trusted domains = Yes
	fruit:time machine = yes
	fruit:delete_empty_adfiles = yes
	fruit:wipe_intentionally_left_blank_rfork = yes
	fruit:veto_appledouble = no
	fruit:posix_rename = yes
	fruit:model = MacSamba
	fruit:metadata = stream
	idmap config * : backend = tdb
	create mask = 0664
	directory mask = 0775
	force create mode = 0664
	force directory mode = 0775
	force group = mygroup
	force user = myuser
	hosts allow = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
	hosts deny = 0.0.0.0/0
	printing = bsd
	strict locking = No
	vfs objects = fruit streams_xattr
	wide links = Yes
[pxv]
	delete veto files = Yes
	path = /samba/share
	read only = No
	valid users = myuser
	veto files = /._*/.apdisk/.AppleDouble/.DS_Store/.TemporaryItems/.Trashes/desktop.ini/ehthumbs.db/Network Trash Folder/Temporary Items/Thumbs.db/
	write list = myuser
smbd version 4.18.3 started.
Copyright Andrew Tridgell and the Samba Team 1992-2023
===============================================================
INTERNAL ERROR: sys_setgroups failed in pid 246 (4.18.3)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
===============================================================
PANIC (pid 246): sys_setgroups failed in 4.18.3
unable to produce a stack trace on this platform
dumping core in /var/log/samba/cores/smbd
===============================================================
INTERNAL ERROR: sys_setgroups failed in pid 254 (4.18.3)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
===============================================================
PANIC (pid 254): sys_setgroups failed in 4.18.3
unable to produce a stack trace on this platform
dumping core in /var/log/samba/cores/smbd

[crazy-max]

INTERNAL ERROR: sys_setgroups failed in pid 246 (4.18.3)

I don't think it's a bug with Samba. It might be an issue with your LXC container configuration that has limited capabilities. Maybe you need to enable nesting and keyctl. Not quite sure.

Also running docker in LXC is advised against by Proxmox devs. Any update on the Proxmox host can change how docker in LXC behaves. Suggest to run docker in a VM. If you are resource constraint, use an Alpine VM.

See also https://webcache.googleusercontent.com/search?q=cache:E2FEgd2CBigJ:https://techblog.devlat.eu/2016/10/05/ubuntu-lxd-samba-and-the-dreaded-sys_setgroups-failed-error/&cd=9&hl=en&ct=clnk&gl=us