Skip to content

Permission error while trying to open the lock file /var/lib/openvas/feed-update.lock #559

New issue
New issue
Open
Open
Permission error while trying to open the lock file /var/lib/openvas/feed-update.lock#559
Labels
bugSomething isn't working
@tschaepe-secuvera

Description

@tschaepe-secuvera
tschaepe-secuvera
opened on Mar 6, 2025

Expected behavior

The feed update will start after running the following command:

❯ docker compose run --rm greenbone-feed-sync greenbone-feed-sync --type all

Actual behavior

I got an error message when I try to update the feeds.

❯ docker compose run --rm greenbone-feed-sync greenbone-feed-sync --type all
❌Error: Permission error while trying to open the lock file /var/lib/openvas/feed-update.lock

Steps to reproduce

Run

docker compose run --rm greenbone-feed-sync greenbone-feed-sync --type all

Additional Information

I checked the dir and file permissions in /var/lib in the docker container:

❯ docker compose run --rm greenbone-feed-sync ls -la /var/lib/
total 52
drwxr-xr-x 1 gvm  gvm  4096 Mar  3 13:10 .
drwxr-xr-x 1 root root 4096 Feb  3 00:00 ..
drwxr-xr-x 1 gvm  gvm  4096 Feb 11 11:23 apt
drwxr-xr-x 1 gvm  gvm  4096 Feb 11 11:24 dpkg
drwxr-xr-x 6 gvm  gvm  4096 Feb 28 16:24 gvm
drwxr-xr-x 1 gvm  gvm  4096 Dec 31 10:25 misc
drwxr-xr-x 4 gvm  gvm  4096 Mar  3 10:23 notus
drwxr-xr-x 3 root root 4096 Mar  3 13:10 openvas
drwxr-xr-x 1 gvm  gvm  4096 Feb  3 00:00 pam
drwxr-xr-x 1 gvm  gvm  4096 Feb 11 11:23 python
-rw-r--r-- 1 gvm  gvm    94 Feb  3 00:00 shells.state
drwxr-xr-x 1 gvm  gvm  4096 Feb  3 00:00 systemd

❯ docker compose run --rm greenbone-feed-sync id
uid=1001(gvm) gid=1001(gvm) groups=1001(gvm)

So the error message is right, I am not root but the gvm user.

My compose file content:

[...]
  greenbone-feed-sync:
    image: registry.community.greenbone.net/community/greenbone-feed-sync
    volumes:
      - vt_data_vol:/var/lib/openvas/plugins
      - notus_data_vol:/var/lib/notus
      - gvmd_data_vol:/var/lib/gvm
      - scap_data_vol:/var/lib/gvm/scap-data
      - cert_data_vol:/var/lib/gvm/cert-data
      - data_objects_vol:/var/lib/gvm/data-objects/gvmd
[...]

Using an alternative lock file works like expected:

❯ docker compose run --rm greenbone-feed-sync greenbone-feed-sync --openvas-lock-file /tmp/feed-update.lock
Trying to acquire lock on /tmp/feed-update.lock
Acquired lock on /tmp/feed-update.lock
⠴ Downloading Notus files from rsync://feed.community.greenbone.net/community/vulnerability-feed/24.10/vt-data/notus/ to /var/lib/notus
⠼ Downloading NASL files from rsync://feed.community.greenbone.net/community/vulnerability-feed/24.10/vt-data/nasl/ to /var/lib/openvas/plugins
Releasing lock on /tmp/feed-update.lock

 [...]

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions