[GH-ISSUE #3844] bookworm image fails to start without privileged mode #1688

New issue

Closed

opened 2026-03-03 02:11:15 +03:00 by kerem · 3 comments

kerem commented 2026-03-03 02:11:15 +03:00

Owner

Copy link

Originally created by @bjo81 on GitHub (Sep 4, 2023).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/3844

Subject of the issue

After uprading from 1.29.1 to 1.29.2 the image does not start.

Deployment environment

• Clients used: Web, Desktop
• Reverse proxy and version: nginx
• MySQL/MariaDB or PostgreSQL version: MySQL
• The issue does not appear with the alpine image

Steps to reproduce

Uprade from 1.29.1 to 1.29.2

Expected behaviour

The container starts.

Actual behaviour

The container does not start except "privileged: true" is set in the docker-compose file. Maybe it's the same issue as #3839 ?

Troubleshooting data

thread 'main' panicked at 'OS can't spawn worker thread: Operation not permitted (os error 1)', /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.31.0/src/runtime/scheduler/multi_thread/worker.rs:447:13
stack backtrace:
   0:     0x5635a9c71ca3 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::hbd7d55b7108d2ab8
   1:     0x5635a96ca3df - core::fmt::write::h6d54cd7c9e155ec5
   2:     0x5635a9c6e8d7 - std::io::Write::write_fmt::h6a453a71c692f63b
   3:     0x5635a9c71a75 - std::sys_common::backtrace::print::h4ddf81241a51b337
   4:     0x5635a9c734b0 - std::panicking::default_hook::{{closure}}::hff91f1f484ade5cd
   5:     0x5635a9c73274 - std::panicking::default_hook::h21f14afd59f7aef9
   6:     0x5635a9c73999 - std::panicking::rust_panic_with_hook::h45f66047b14c555c
   7:     0x5635a9c738a4 - std::panicking::begin_panic_handler::{{closure}}::h49d1a88ef0908eb4
   8:     0x5635a9c72096 - std::sys_common::backtrace::__rust_end_short_backtrace::hccebf9e57f8cc425
   9:     0x5635a9c73642 - rust_begin_unwind
  10:     0x5635a961d883 - core::panicking::panic_fmt::h54ec9d0e3180a83d
  11:     0x5635a9cac9f4 - tokio::runtime::blocking::pool::Spawner::spawn_blocking::h9e0ded7b77863876
  12:     0x5635a9cabd05 - tokio::runtime::blocking::pool::spawn_blocking::hb15e5178f17f818b
  13:     0x5635a9cc066b - tokio::runtime::scheduler::multi_thread::worker::Launch::launch::h6ce2d7d02be3860d
  14:     0x5635a9cd33f9 - tokio::runtime::builder::Builder::build::h6fb748647923ea1f
  15:     0x5635aa0ca52e - vaultwarden::main::h222f937f9ca88bfc
  16:     0x5635aa4c11d7 - std::sys_common::backtrace::__rust_begin_short_backtrace::h267d3b5af2cab27a
  17:     0x5635aa01bc38 - std::rt::lang_start::{{closure}}::h3ae0294076e6f9bb
  18:     0x5635a9c66f15 - std::rt::lang_start_internal::hf502095b101390bb
  19:     0x5635aa0ca895 - main
  20:     0x7fee074051ca - <unknown>
  21:     0x7fee07405285 - __libc_start_main
  22:     0x5635a96612b1 - _start
  23:                0x0 - <unknown>

Originally created by @bjo81 on GitHub (Sep 4, 2023). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/3844 ### Subject of the issue After uprading from 1.29.1 to 1.29.2 the image does not start. ### Deployment environment * Clients used: Web, Desktop * Reverse proxy and version: nginx * MySQL/MariaDB or PostgreSQL version: MySQL * The issue does not appear with the alpine image ### Steps to reproduce Uprade from 1.29.1 to 1.29.2 ### Expected behaviour The container starts. ### Actual behaviour The container does not start except "privileged: true" is set in the docker-compose file. Maybe it's the same issue as #3839 ? ### Troubleshooting data ``` thread 'main' panicked at 'OS can't spawn worker thread: Operation not permitted (os error 1)', /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.31.0/src/runtime/scheduler/multi_thread/worker.rs:447:13 stack backtrace: 0: 0x5635a9c71ca3 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::hbd7d55b7108d2ab8 1: 0x5635a96ca3df - core::fmt::write::h6d54cd7c9e155ec5 2: 0x5635a9c6e8d7 - std::io::Write::write_fmt::h6a453a71c692f63b 3: 0x5635a9c71a75 - std::sys_common::backtrace::print::h4ddf81241a51b337 4: 0x5635a9c734b0 - std::panicking::default_hook::{{closure}}::hff91f1f484ade5cd 5: 0x5635a9c73274 - std::panicking::default_hook::h21f14afd59f7aef9 6: 0x5635a9c73999 - std::panicking::rust_panic_with_hook::h45f66047b14c555c 7: 0x5635a9c738a4 - std::panicking::begin_panic_handler::{{closure}}::h49d1a88ef0908eb4 8: 0x5635a9c72096 - std::sys_common::backtrace::__rust_end_short_backtrace::hccebf9e57f8cc425 9: 0x5635a9c73642 - rust_begin_unwind 10: 0x5635a961d883 - core::panicking::panic_fmt::h54ec9d0e3180a83d 11: 0x5635a9cac9f4 - tokio::runtime::blocking::pool::Spawner::spawn_blocking::h9e0ded7b77863876 12: 0x5635a9cabd05 - tokio::runtime::blocking::pool::spawn_blocking::hb15e5178f17f818b 13: 0x5635a9cc066b - tokio::runtime::scheduler::multi_thread::worker::Launch::launch::h6ce2d7d02be3860d 14: 0x5635a9cd33f9 - tokio::runtime::builder::Builder::build::h6fb748647923ea1f 15: 0x5635aa0ca52e - vaultwarden::main::h222f937f9ca88bfc 16: 0x5635aa4c11d7 - std::sys_common::backtrace::__rust_begin_short_backtrace::h267d3b5af2cab27a 17: 0x5635aa01bc38 - std::rt::lang_start::{{closure}}::h3ae0294076e6f9bb 18: 0x5635a9c66f15 - std::rt::lang_start_internal::hf502095b101390bb 19: 0x5635aa0ca895 - main 20: 0x7fee074051ca - <unknown> 21: 0x7fee07405285 - __libc_start_main 22: 0x5635a96612b1 - _start 23: 0x0 - <unknown> ```

kerem closed this issue 2026-03-03 02:11:15 +03:00

kerem commented 2026-03-03 02:11:16 +03:00

Author

Owner

Copy link

@stefan0xC commented on GitHub (Sep 4, 2023):

If you are not using armv6 it's more likely that the issue is related to #3827

Can you provide the output of docker info?

<!-- gh-comment-id:1705170069 --> @stefan0xC commented on GitHub (Sep 4, 2023): If you are not using `armv6` it's more likely that the issue is related to #3827 Can you provide the output of `docker info`?

kerem commented 2026-03-03 02:11:16 +03:00

Author

Owner

Copy link

@bjo81 commented on GitHub (Sep 4, 2023):

Sure:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)

Server:
 Containers: 26
  Running: 11
  Paused: 0
  Stopped: 15
 Images: 38
 Server Version: 20.10.7
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: d71fcd7d8303cbf684402823e425e9dd2e99285d
 runc version: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 5.4.0-156-generic
 Operating System: Ubuntu 20.04.6 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 7.759GiB
 Name: docker
 ID: V6VG:redacted
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: true
 Insecure Registries:
  registry.redacted.tld
  127.0.0.0/8
 Live Restore Enabled: false

<!-- gh-comment-id:1705174355 --> @bjo81 commented on GitHub (Sep 4, 2023): Sure: ``` Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.5.1-docker) Server: Containers: 26 Running: 11 Paused: 0 Stopped: 15 Images: 38 Server Version: 20.10.7 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: d71fcd7d8303cbf684402823e425e9dd2e99285d runc version: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7 init version: de40ad0 Security Options: apparmor seccomp Profile: default Kernel Version: 5.4.0-156-generic Operating System: Ubuntu 20.04.6 LTS OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 7.759GiB Name: docker ID: V6VG:redacted Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: true Insecure Registries: registry.redacted.tld 127.0.0.0/8 Live Restore Enabled: false ```

kerem commented 2026-03-03 02:11:16 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Sep 5, 2023):

Please update docker to the latest version as @stefan0xC mentioned in his post linking to #3827

<!-- gh-comment-id:1705951258 --> @BlackDex commented on GitHub (Sep 5, 2023): Please update docker to the latest version as @stefan0xC mentioned in his post linking to #3827

kerem referenced this issue 2026-03-03 09:09:17 +03:00

[PR #1688] [MERGED] Add sends_allowed config setting #2995

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#1688

No description provided.