2

I am trying to control the bluetooth interaction from a docker java app. I have used the library com.github.hypfvieh.bluetooth which works like a charm. But once I run this app inside a docker I cannot interact with the system DBus. The best state I have reached is to run the container using this command line

podman run --rm -it --privileged -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket --name NAME  IMAGE

It seems that I am able to contact the DBus, but authentication is refused.

org.freedesktop.dbus.exceptions.DBusException: Failed to connect to bus: Failed to auth
        at org.freedesktop.dbus.connections.AbstractConnection.<init>(AbstractConnection.java:166) ~[dbus-java-3.2.1.jar:3.2.1]
        at org.freedesktop.dbus.connections.impl.DBusConnection.<init>(DBusConnection.java:334) ~[dbus-java-3.2.1.jar:3.2.1]
        at org.freedesktop.dbus.connections.impl.DBusConnection.getConnection(DBusConnection.java:149) ~[dbus-java-3.2.1.jar:3.2.1]
        at org.freedesktop.dbus.connections.impl.DBusConnection.getConnection(DBusConnection.java:169) ~[dbus-java-3.2.1.jar:3.2.1]
        at org.freedesktop.dbus.connections.impl.DBusConnection.getConnection(DBusConnection.java:219) ~[dbus-java-3.2.1.jar:3.2.1]
        at org.freedesktop.dbus.connections.impl.DBusConnection.getConnection(DBusConnection.java:184) ~[dbus-java-3.2.1.jar:3.2.1]
        at com.github.hypfvieh.bluetooth.DeviceManager.createInstance(DeviceManager.java:74) ~[bluez-dbus-0.1.2.jar:0.1.2]
        at package.dbus.BluetoothDBus.<init>(BluetoothDBus.java:24) ~[run.jar:1.0-SNAPSHOT]
        at package.dbus.BluetoothDBus.createInstance(BluetoothDBus.java:28) ~[run.jar:1.0-SNAPSHOT]
        at package.dbus.DBusInteractionWebSocket.onMessage(DBusInteractionWebSocket.java:46) [run.jar:1.0-SNAPSHOT]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:564) ~[?:?]
        at org.apache.tomcat.websocket.pojo.PojoMessageHandlerWholeBase.onMessage(PojoMessageHandlerWholeBase.java:80) [tomcat-embed-websocket-9.0.38.jar:9.0.38]
        at org.apache.tomcat.websocket.WsFrameBase.sendMessageText(WsFrameBase.java:402) [tomcat-embed-websocket-9.0.38.jar:9.0.38]
        at org.apache.tomcat.websocket.server.WsFrameServer.sendMessageText(WsFrameServer.java:119) [tomcat-embed-websocket-9.0.38.jar:9.0.38]
        at org.apache.tomcat.websocket.WsFrameBase.processDataText(WsFrameBase.java:502) [tomcat-embed-websocket-9.0.38.jar:9.0.38]
        at org.apache.tomcat.websocket.WsFrameBase.processData(WsFrameBase.java:301) [tomcat-embed-websocket-9.0.38.jar:9.0.38]
        at org.apache.tomcat.websocket.WsFrameBase.processInputBuffer(WsFrameBase.java:133) [tomcat-embed-websocket-9.0.38.jar:9.0.38]
        at org.apache.tomcat.websocket.server.WsFrameServer.onDataAvailable(WsFrameServer.java:82) [tomcat-embed-websocket-9.0.38.jar:9.0.38]
        at org.apache.tomcat.websocket.server.WsFrameServer.doOnDataAvailable(WsFrameServer.java:171) [tomcat-embed-websocket-9.0.38.jar:9.0.38]
        at org.apache.tomcat.websocket.server.WsFrameServer.notifyDataAvailable(WsFrameServer.java:151) [tomcat-embed-websocket-9.0.38.jar:9.0.38]
        at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.upgradeDispatch(WsHttpUpgradeHandler.java:148) [tomcat-embed-websocket-9.0.38.jar:9.0.38]
        at org.apache.coyote.http11.upgrade.UpgradeProcessorInternal.dispatch(UpgradeProcessorInternal.java:54) [tomcat-embed-core-9.0.38.jar:9.0.38]
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:59) [tomcat-embed-core-9.0.38.jar:9.0.38]
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-embed-core-9.0.38.jar:9.0.38]
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) [tomcat-embed-core-9.0.38.jar:9.0.38]
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.38.jar:9.0.38]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.38.jar:9.0.38]
        at java.lang.Thread.run(Thread.java:832) [?:?]
Caused by: java.io.IOException: Failed to auth
        at org.freedesktop.dbus.connections.transports.AbstractTransport.authenticate(AbstractTransport.java:114) ~[dbus-java-3.2.1.jar:3.2.1]
        at org.freedesktop.dbus.connections.transports.UnixSocketTransport.connect(UnixSocketTransport.java:68) ~[dbus-java-3.2.1.jar:3.2.1]
        at org.freedesktop.dbus.connections.transports.TransportFactory.createTransport(TransportFactory.java:44) ~[dbus-java-3.2.1.jar:3.2.1]
        at org.freedesktop.dbus.connections.AbstractConnection.<init>(AbstractConnection.java:161) ~[dbus-java-3.2.1.jar:3.2.1]
        ... 32 more

The Dockerfile looks like this:

FROM IMAGE:latest

COPY target/dependency-jars/ /app/dependency-jars/
COPY target/run.jar /app

WORKDIR /app

CMD [ "/bin/sh", "run.sh" ]

I have tried to add a user in the docker file like so

RUN groupadd -g 1000 yves
RUN useradd -u 1000 -g 1000 yves -s /sbin/nologin -d /
USER yves

which does not help. I also have tried to add the docker command -u 1000:1000 with the uid and gid of the localhost user. Nothing worked.

So I don't understand why authentication fails, and what are the rules behind it in order to setup the container as needed?

Yvus
  • 338
  • 1
  • 20
  • Why does this need to run in a container? – David Maze Sep 24 '20 at 11:38
  • We have a software suite that is deployed via containers. Having only one software which does not belong to a container would imply some hacks to have a versioning system, storage management, etc ... – Yvus Sep 24 '20 at 11:55

1 Answers1

0

Have you tried -v /run:/run?

-v /run:/run: The -v /run:/run option mounts the /run directory from the host on the /run directory inside the container. This allows processes within the container to talk to the host’s dbus service and talk directly to the systemd service. Processes within the container can even communicate with the docker daemon.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/managing_containers/running_super_privileged_containers

You need to run container in the rootful mode due to mounting of rootfs.

Muzammil
  • 417
  • 1
  • 4
  • 20