can't Using Keyring on headless ubuntu container.

[aquichita]

root@20a1a6640b11:/opt# dbus-run-session -- sh
# gnome-keyring-daemon --unlock
sh: 1: gnome-keyring-daemon: Operation not permitted
# exit
root@20a1a6640b11:/opt# uname -a
Linux 20a1a6640b11 4.15.0-101-generic #102-Ubuntu SMP Mon May 11 10:07:26 UTC 2020 x86_64 GNU/Linux

[jaraco]

Sorry to hear that. Have you followed the instructions? I guess it looks like you have the Gnome Keyring Daemon installed but for some reason the "Operation not permitted". I don't know why that is. I guess inquire with that project why you're getting that error and how to work around it.

[jaraco]

Let me know if there's anything keyring can do here. As stated, I don't think there's any action keyring can take, so I'm going to close, but happy to revisit when there's actionable updates.

[jaraco]

I noticed that keyring doesn't run any tests against secretservice or kwallet in CI, so I sought to run the tests with secret service enabled and followed the instructions in the readme, and I encountered the same issue reported here.

keyring main $ cat Dockerfile
FROM ubuntu:focal
RUN apt update -y -qqq
RUN apt install -y gnome-keyring
CMD dbus-run-session -- sh
keyring main $ docker run -it @($(docker build -q .).strip())
# gnome-keyring-daemon --unlock
sh: 1: gnome-keyring-daemon: Operation not permitted

@mitya57 Are the headless instructions not suitable for containers? Can you recommend anything for running Gnome Keyring in a container?

[mitya57]

@jaraco I googled and found this advice:

This image must have the capability IPC_LOCK or run as privilaged to properly operate. This can be done on the run command by adding --cap-add ipc_lock or --privileged respectively.

Can you try that?

[jaraco]

Good tip. Running with --cap-add ipc_lock avoids the "Operation not permitted" error.

Also, shame on me for not searching myself.

When I searched, I found this blog, which goes into detail about using keyring in Docker, delving into the details of keyring's guidance and describing how to implement it in a Docker environment. Interestingly, that blog doesn't mention cap-add or privileged.

I tried to piece together the steps to get keyring working in a container on Linux, but eventually gave up. It does appear to be quite complicated (as that blog illustrates).

In any case, thanks for the troubleshooting tips. It does appear if it can be made to work, but not simply, but that's just the nature of the beast. I don't think there's much more that keyring can do here.

[sigalsax]

@jaraco I also stumbled on this and this did the trick 👏 Can this be added to the docs?

[jaraco]

@jaraco I also stumbled on this and this did the trick 👏 Can this be added to the docs?

For sure. Would you be willing to draft the change, @sigalsax?

[sigalsax]

See the PR I opened here

[jaraco]

Fixed in #505.

[dosipyanCedrus]

Even with privileged: true and cap_add: - IPC_LOCK in docker-compose.yml for my ubuntu:18.04 image
I got an error :

RUN echo 'pass' | gnome-keyring-daemon --unlock
 ---> Running in d10fb44f4095
/bin/sh: 1: gnome-keyring-daemon: Operation not permitted
The command '/bin/sh -c echo 'pass' | gnome-keyring-daemon --unlock' returned a non-zero code: 2