Synology tmpfs is write-protected

[Veldkornet]

Any idea how to get around the tmpfs error on a Synology NAS via the GUI?

mount: tmpfs is write-protected, mounting read-only mount: cannot mount tmpfs read-only

[Saik0Shinigami]

through GUI, no idea off-hand.

If you add --security-opt apparmor:unconfined to your command when you make the docker container that error should be resolved.

[Veldkornet]

Yup, indeed that fixes it. Was just checking ;)

[jurajs5]

for "--security-opt apparmor:unconfined" - how it should be added? what is variable and what is value?

[thoschworks]

It's a parameter for the docker createor docker run command. The double hyphen ("--") indicates, that it is an option (--security-opt). The part after the blank (apparmor:unconfined) is the argument for the option.

You add this option like the others:

docker run \
        --name unifi-video \
        --cap-add DAC_READ_SEARCH \
        --security-opt apparmor:unconfined \
        …

[Saik0Shinigami]

In this specific instance Veldkornet was running Docker on their Synology unit.

From what you say jurajs5, it sounds like you're trying to add it under the environmental variables tab. That doesn't work. In my instance I manually ran the docker command in SSH through PuTTY.

This guide is old, but likely still relevant to getting you a solution as it looks about right at first glance. https://community.ui.com/questions/Setup-Guide-Unifi-Video-in-Docker-on-Synology/dfe7a8a6-5045-4643-86ae-408ac4059264

I no longer have a Synology unit so I'm really unable to help more.

[amdjml]

Sorry if I am replying to a closed topic, but I cannot figure out how to add --security-opt apparmor:unconfined to the run command. Could someone please tell me step by step how to do this?

Thanks

[markusd1984]

@amdjml are you looking to add this in the GUI as per this topic? Then unfortunately there doesn't seem to be a way to add this, unless @Veldkornet did find a way in the GUI? (He said the command fixed it but not whether he ended up running it via shel or GUI somehow?!?)

This guide here also explained this limitation/issue https://medium.com/@ctindel/running-unifi-video-controller-in-docker-on-synology-ab8c09f7ff97

How to get this bad boy installed? It’s much more complex than the unifi network controller because the unifi video package does things like mounting a tmpfs filesystem, which requires some elevated privileges inside the docker container. Also, it doesn’t play nice with the apparmor that is running on synology DSM 6 and so you need to start the container with apparmor unconfined mode. The Synology DSM Docker GUI does not give you the sort of fine grain control necessary to specify exact minimum privileges that are required by this software;

Perhaps the image itself needs to support this command via the Environment Variables to become configurable/to enable this in the GUI setup?

Looks like only possible to run this via ssh terminal... but even using the official run commands I'm running into issues #187 Exception in thread "EmsInitTask" java.lang.NullPointerException

[Veldkornet]

Indeed I did it via SSH, not the GUI.

[markusd1984]

@pducharme could we possibly add such run command parameters to the docker image that are triggered based on the docker file setup using the environment variables in the GUI that are set to true/false?

Looks to me that's how other docker images do it, e.g. the unifi controller one https://github.com/jacobalberty/unifi-docker/search?q=CERT_IS_CHAIN

UPDATE: Saw the EOL announcement and your post re leaving this "AS IS" thus I take there won't be any changes to the images, if at all perhaps last version v3.10.14 to be made available (that ubiquit refered to).
https://forums.unraid.net/topic/35393-support-pducharmes-dockers-support-thread/page/28/