Error running flatpack in Dockerfile

gpopesc · August 13, 2021, 4:20pm

Hello

I am trying to install flatpak together with some apps in docker container and build the application in Dockerfile based on ubuntu 20.04.
I managed to install flatpak, but when I try to instrall WPS office or Spotify I get this warning:
bwrap: Creating new namespace failed: Operation not permitted
Warning: While trying to apply extra data: apply_extra script failed, exit status 256
then in next step I get:
error: Failed to install com.wps.Office: While trying to apply extra data: apply_extra script failed, exit status 256
The command '/bin/sh -c flatpak install flathub com.wps.Office -y' returned a non-zero code: 1
The same error i got if I try to install spotify.
On the other hand, if I install other apps like chess I got only the first warning and the apps was installed.

Any ideas how to solve this error?

Thanks

hub · August 15, 2021, 12:43am

Looks like Docker doesn’t like bwrap. Not surprising, it’s container-ception.

(maybe there is a trick, I don’t know,

wjt · August 15, 2021, 10:09am

IIRC you need to run the docker container with a modified seccomp filter. I found this which may or may not be up-to-date.

leamas · August 17, 2021, 8:04pm

Or run docker with the --privileged option. This is the simple, brute-force way. Similar as for modifying seccomp you typically cannot do this on some service in the cloud based on docker. But if you are running in a local machine or in a VM you should be fine.

gpopesc · August 18, 2021, 8:54am

thank you all for your messages.

what I discovered:
If I try to run container --privileged option, it doesn’t work if you try to run as user, I get some errors when I try to run sudo command. (probably works when you run as root, but in this case other apps are not working)

if I want to build flatpak in Dockerfile, it is working only for installing the main app flatpak, but not WPS office or spotify. It can be install only simple apps like flatpak Chess with Dockerfile.
after I build the container, running ubuntu, I can install WPS office with following setting in docker-compose. Only with NET_ADMIN and SYS_ADMIN is not enough. On top of that I had to execute following command in order to avoid bwrap error:
chmod u+s /usr/bin/bwrap

cap_add:
- NET_ADMIN
- SYS_ADMIN
- SYS_PTRACE
- SYS_CHROOT
security_opt:
- seccomp:unconfined
- apparmor:unconfined

Finally after installation I had to copy desktop icons and mount home inside flatpak
sudo cp /var/lib/flatpak/exports/share/applications/* wps*.desktop /usr/share/applications/

sudo flatpak override com.wps.Office --filesystem=home

I am not very happy with so many rights assigned to the container, but otherwise it is not working.
On the other hand it is self build and I know that it safe.