starred/AdGuardHome

Fork 0

mirror of https://github.com/AdguardTeam/AdGuardHome.git synced 2026-03-04 00:01:12 -05:00

Permission denied when starting container after update from b.80 to b.81 #5898

New issue

Closed

opened 2026-03-04 06:43:24 -05:00 by deekerman · 6 comments

deekerman commented

2026-03-04 06:43:24 -05:00

Owner

Originally created by @Blacks-Army on GitHub (Feb 4, 2026).

Originally assigned to: @EugeneOne1 on GitHub.

Prerequisites

I have checked the Wiki and Discussions and found no answer
I have searched other issues and found no duplicates
I want to report a bug and not ask a question or ask for help
I have set up AdGuard Home correctly and configured clients to use it. (Use the Discussions for help with installing and configuring clients.)

Platform (OS and CPU architecture)

Linux, AMD64 (aka x86_64)

Installation

Docker

Setup

On one machine

AdGuard Home version

v0.108.0-b.81

Action

I updated my Docker container from version v0.108.0-b.80 to v0.108.0-b.81.
After the update, the container fails to start. The container is started via Docker Compose with a compose.yaml:

x-security-default: &security-default
  user: 1500:1500
  tty: false
  stdin_open: false
  security_opt:
    - no-new-privileges:true
  cap_drop:
    - ALL
  pids_limit: 512
  mem_limit: 1g
  cpus: 2.0
  tmpfs:
    - /tmp:rw,noexec,nosuid,nodev,size=512m
    - /run:rw,nosuid,nodev,size=512m
  env_file:
    - .env
  logging:
    driver: json-file
    options:
      max-size: "50m"
      max-file: "5"
  read_only: true
  restart: unless-stopped
  
services:
  adguardhome:
    <<: *security-default
    image: docker.io/adguard/adguardhome:v0.108.0-b.81@sha256:7516cbd1127b772d818fdd1915cef9d11eeaf34cfc523b5c4c5c7cc760db912f
    container_name: adguardhome
    hostname: adguardhome.$DOMAIN
    ports:
      - "53:53/udp"
      - "53:53/tcp"
    networks:
      - adguardhome
    volumes:
      - $DOCKERDIR/adguardhome/work:/opt/adguardhome/work
      - $DOCKERDIR/adguardhome/config:/opt/adguardhome/conf
    cap_add:
      - NET_BIND_SERVICE

networks:
  adguardhome:
    external: false
    name: adguardhome
    driver_opts:
      com.docker.network.enable_ipv6: "true"

Error output from Docker:
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: exec: "/opt/adguardhome/AdGuardHome": permission denied: unknown

Downgrading to v0.108.0-b.80 resolves the issue; the container starts normally.

Expected result

The container should start normally, as it did in version v0.108.0-b.80.

Actual result

The container fails to start immediately with a "permission denied" error for /opt/adguardhome/AdGuardHome.

Additional information and/or screenshots

No response

Originally created by @Blacks-Army on GitHub (Feb 4, 2026). Originally assigned to: @EugeneOne1 on GitHub. ### Prerequisites - [x] I have checked the [Wiki](https://github.com/AdguardTeam/AdGuardHome/wiki) and [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a) and found no answer - [x] I have searched other issues and found no duplicates - [x] I want to report a bug and not [ask a question or ask for help](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a) - [x] I have set up AdGuard Home correctly and [configured clients to use it](https://github.com/AdguardTeam/AdGuardHome/wiki/Clients). (Use the [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a) for help with installing and configuring clients.) ### Platform (OS and CPU architecture) Linux, AMD64 (aka x86_64) ### Installation Docker ### Setup On one machine ### AdGuard Home version v0.108.0-b.81 ### Action I updated my Docker container from version v0.108.0-b.80 to v0.108.0-b.81. After the update, the container fails to start. The container is started via Docker Compose with a compose.yaml: ```yaml x-security-default: &security-default user: 1500:1500 tty: false stdin_open: false security_opt: - no-new-privileges:true cap_drop: - ALL pids_limit: 512 mem_limit: 1g cpus: 2.0 tmpfs: - /tmp:rw,noexec,nosuid,nodev,size=512m - /run:rw,nosuid,nodev,size=512m env_file: - .env logging: driver: json-file options: max-size: "50m" max-file: "5" read_only: true restart: unless-stopped services: adguardhome: <<: *security-default image: docker.io/adguard/adguardhome:v0.108.0-b.81@sha256:7516cbd1127b772d818fdd1915cef9d11eeaf34cfc523b5c4c5c7cc760db912f container_name: adguardhome hostname: adguardhome.$DOMAIN ports: - "53:53/udp" - "53:53/tcp" networks: - adguardhome volumes: - $DOCKERDIR/adguardhome/work:/opt/adguardhome/work - $DOCKERDIR/adguardhome/config:/opt/adguardhome/conf cap_add: - NET_BIND_SERVICE networks: adguardhome: external: false name: adguardhome driver_opts: com.docker.network.enable_ipv6: "true" ``` Error output from Docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: exec: "/opt/adguardhome/AdGuardHome": permission denied: unknown Downgrading to v0.108.0-b.80 resolves the issue; the container starts normally. ### Expected result The container should start normally, as it did in version v0.108.0-b.80. ### Actual result The container fails to start immediately with a "permission denied" error for /opt/adguardhome/AdGuardHome. ### Additional information and/or screenshots _No response_

deekerman

2026-03-04 06:43:24 -05:00

closed this issue
added the
bug

P2: High
labels

deekerman commented

2026-03-04 06:43:49 -05:00

Author

Owner

@ainar-g commented on GitHub (Feb 4, 2026):

Thanks for reporting. We cannot immediately reproduce this. Does this also happen if you use a plain docker run?

@ainar-g commented on GitHub (Feb 4, 2026): Thanks for reporting. We cannot immediately reproduce this. Does this also happen if you use a plain `docker run`?

deekerman commented

2026-03-04 06:43:49 -05:00

Author

Owner

@Blacks-Army commented on GitHub (Feb 4, 2026):

Thanks for reporting. We cannot immediately reproduce this. Does this also happen if you use a plain docker run?

Thanks for your reply. I do not use docker run. I manage AdGuard Home via Docker Compose and would like to keep it that way. As I said this does not happen in b.80 with the same compose.yaml.

I’m wondering if something changed in the container’s init process, because the Docker error points to a permission issue when executing /opt/adguardhome/AdGuardHome (Notice that I did not mount that path). That’s my assumption for why it fails in b.81 but worked fine in b.80.

@Blacks-Army commented on GitHub (Feb 4, 2026): > Thanks for reporting. We cannot immediately reproduce this. Does this also happen if you use a plain `docker run`? Thanks for your reply. I do not use docker run. I manage AdGuard Home via Docker Compose and would like to keep it that way. As I said this does not happen in b.80 with the same compose.yaml. I’m wondering if something changed in the container’s init process, because the Docker error points to a permission issue when executing /opt/adguardhome/AdGuardHome (Notice that I did not mount that path). That’s my assumption for why it fails in b.81 but worked fine in b.80.

deekerman commented

2026-03-04 06:43:49 -05:00

Author

Owner

@EugeneOne1 commented on GitHub (Feb 5, 2026):

@Blacks-Army, we assume the bug has been fixed in the latest edge release. Could you please check if it works in your compose environment?

@EugeneOne1 commented on GitHub (Feb 5, 2026): @Blacks-Army, we assume the bug has been fixed in the latest [edge release](https://hub.docker.com/layers/adguard/adguardhome/edge/images/sha256-6ffda76f6c4e7261237727790f115621ac1ae83cb2046b373c19dd01f617f1f8). Could you please check if it works in your compose environment?

deekerman commented

2026-03-04 06:43:49 -05:00

Author

Owner

@Blacks-Army commented on GitHub (Feb 5, 2026):

@Blacks-Army, we assume the bug has been fixed in the latest edge release. Could you please check if it works in your compose environment?

Yes that fixed it for me, thanks!

@Blacks-Army commented on GitHub (Feb 5, 2026): > @Blacks-Army, we assume the bug has been fixed in the latest [edge release](https://hub.docker.com/layers/adguard/adguardhome/edge/images/sha256-6ffda76f6c4e7261237727790f115621ac1ae83cb2046b373c19dd01f617f1f8). Could you please check if it works in your compose environment? Yes that fixed it for me, thanks!

deekerman commented

2026-03-04 06:43:49 -05:00

Author

Owner

@EugeneOne1 commented on GitHub (Feb 9, 2026):

@Blacks-Army, FYI, we've released the fix in the latest beta (v0.108.0-b.82).

@EugeneOne1 commented on GitHub (Feb 9, 2026): @Blacks-Army, FYI, we've released the fix in the latest beta (`v0.108.0-b.82`).

deekerman commented

2026-03-04 06:43:49 -05:00

Author

Owner

@Blacks-Army commented on GitHub (Feb 9, 2026):

@Blacks-Army, FYI, we've released the fix in the latest beta (v0.108.0-b.82).

Thanks for the Info!

@Blacks-Army commented on GitHub (Feb 9, 2026): > @Blacks-Army, FYI, we've released the fix in the latest beta (`v0.108.0-b.82`). Thanks for the Info!

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/AdGuardHome#5898

No description provided.

Rows
Columns