-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Permission Denied" error while running the script #3
Comments
Thanks for the thorough bug report. I'm working on a version that has yet even more debug logs, as I'm not completely certain as to what is causing this yet from these logs alone. Won't have this done today, but in the meantime, can you try the following (not mutually exclusive):
Also see issue #2 in which another Docker user reported having to use this hack to work around cgroupfs issues. I don't think you're running into this, but you may run into it as the next error after getting past this current one.
That would probably solve the problem too, but if you have the time to try out the above, this will help others who may run into the same issue. |
After re-running the command with the above flags, I got the same cgroup error as the other fella. Running the script he linked then allowed it to work 🫡. Many thanks :D |
Can you please check which of the flags was actually necessary to make it work? I want to edit the Docker setup instructions and would like to add the minimal set of flags (while avoiding So can you try just |
Will do in a couple hours when I'm back at my pc 🫡 |
I ran the same command, without the privileged, and got the same error as original. Could it be due to the permissions of the external filesystem that is mounted inside docker? |
Thanks for re-running. I'm still working on a new version that adds more debugging information in order to better diagnose this and will poke this bug again once it's available. In the meantime, I've updated the container runtime setup instructions to mention the |
Hello again, I uploaded a new version of the code runner tool and function that includes a lot more debug logging, and should remove the need to do the whole cgroup dance because it will do that automatically. It also has more a elaborate self-test mode. The tool is available here and the function is available here. In order to debug your issue, I'd recommend creating a new container identical to the OpenWebUI one (without
If it fails, also add |
This fixes self-re-execution thanks to Open WebUI having merged open-webui/open-webui#5511. It also works around more permission issues due to procfs mounts. Docs updated. Fixes #11 Fixes #12 Updates #2 Updates #3
I believe this is now fully fixed as of release 0.6.0, as long as the new setup instructions are followed. |
Description
Running any of the code execution tools or functions fails with varied permission denied errors. Pasted at the bottom is the complete log when I ran the code manually from inside the container. Additionally, cut off in the chat itself is:
Claude Web Version Sandbox runtime failed: Sandbox failed to start: Command '['/tmp/gvisor/runsc', '--rootless=true', '--directfs=false',
If needs be I think I will just run openwebui on the native machine rather than dockerised
Thanks!
General information
docker run
command: docker run -d -p 3000:8080 -v open-webui:/app/backend/data --name open-webui --restart always --security-opt=seccomp=unconfined ghcr.io/open-webui/open-webui:mainDebug logs
chat-export-1725440372552.json
Additional context
Full error log as copied from the console:
root@2db3359a4f55:/app/backend/data/tools# echo 'import datetime; print(datetime.datetime.now())' | python3 run_code.py --debug
Emitting status event: {'status': 'in_progress', 'description': 'Checking if environment supports sandboxing...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking if environment supports sandboxing...', 'done': False}}
Emitting status event: {'status': 'in_progress', 'description': 'Initializing sandbox configuration...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Initializing sandbox configuration...', 'done': False}}
Emitting status event: {'status': 'in_progress', 'description': 'Setting up sandbox environment...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Setting up sandbox environment...', 'done': False}}
Emitting status event: {'status': 'in_progress', 'description': 'Running Python code in gVisor sandbox...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Running Python code in gVisor sandbox...', 'done': False}}
Emitting status event: {'status': 'error', 'description': "Sandbox runtime failed: Sandbox failed to start: Command '['/tmp/gvisor/runsc', '--rootless=true', '--directfs=false', '--network=host', '--ignore-cgroups=true', '--root=/tmp/sandbox_p27w1bn_/runtime', '--debug=true', '--debug-log=/tmp/sandbox_p27w1bn_/logs/', 'run', '--bundle=/tmp/sandbox_p27w1bn_/bundle', 'sandbox']' returned non-zero exit status 128.; stderr: running container: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF; logs: defaultdict(<class 'list'>, {'runsc.log.20240904-090541.534274.run.txt': ['W0904 09:05:41.568031 626 util.go:64] FATAL ERROR: running container: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF', 'W0904 09:05:41.568204 626 main.go:231] Failure to execute command, err: 1'], 'runsc.log.20240904-090541.534274.gofer.txt': ['W0904 09:05:41.561393 1 util.go:64] FATAL ERROR: error converting mounts: permission denied'], 'runsc.log.20240904-090541.534274.boot.txt': ['W0904 09:05:41.566650 636 util.go:64] FATAL ERROR: error setting up chroot: error converting mounts: permission denied']})", 'done': True}
Event: {'type': 'status', 'data': {'status': 'error', 'description': "Sandbox runtime failed: Sandbox failed to start: Command '['/tmp/gvisor/runsc', '--rootless=true', '--directfs=false', '--network=host', '--ignore-cgroups=true', '--root=/tmp/sandbox_p27w1bn_/runtime', '--debug=true', '--debug-log=/tmp/sandbox_p27w1bn_/logs/', 'run', '--bundle=/tmp/sandbox_p27w1bn_/bundle', 'sandbox']' returned non-zero exit status 128.; stderr: running container: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF; logs: defaultdict(<class 'list'>, {'runsc.log.20240904-090541.534274.run.txt': ['W0904 09:05:41.568031 626 util.go:64] FATAL ERROR: running container: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF', 'W0904 09:05:41.568204 626 main.go:231] Failure to execute command, err: 1'], 'runsc.log.20240904-090541.534274.gofer.txt': ['W0904 09:05:41.561393 1 util.go:64] FATAL ERROR: error converting mounts: permission denied'], 'runsc.log.20240904-090541.534274.boot.txt': ['W0904 09:05:41.566650 636 util.go:64] FATAL ERROR: error setting up chroot: error converting mounts: permission denied']})", 'done': True}}
{"status": "ERROR", "output": "Sandbox runtime failed: Sandbox failed to start: Command '['/tmp/gvisor/runsc', '--rootless=true', '--directfs=false', '--network=host', '--ignore-cgroups=true', '--root=/tmp/sandbox_p27w1bn_/runtime', '--debug=true', '--debug-log=/tmp/sandbox_p27w1bn_/logs/', 'run', '--bundle=/tmp/sandbox_p27w1bn_/bundle', 'sandbox']' returned non-zero exit status 128.; stderr: running container: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF; logs: defaultdict(<class 'list'>, {'runsc.log.20240904-090541.534274.run.txt': ['W0904 09:05:41.568031 626 util.go:64] FATAL ERROR: running container: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF', 'W0904 09:05:41.568204 626 main.go:231] Failure to execute command, err: 1'], 'runsc.log.20240904-090541.534274.gofer.txt': ['W0904 09:05:41.561393 1 util.go:64] FATAL ERROR: error converting mounts: permission denied'], 'runsc.log.20240904-090541.534274.boot.txt': ['W0904 09:05:41.566650 636 util.go:64] FATAL ERROR: error setting up chroot: error converting mounts: permission denied']})"}
The text was updated successfully, but these errors were encountered: