exec /bin/entrypoint.sh: operation not permitted

I am trying to setup syncthing using docker-compose, behind traefik. I am able to get version 1.22.0 running if I create the container using Portainer, but when I run my docker-compose to get it setup, portainers logs (for syncthing) show the following: exec /bin/entrypoint.sh: operation not permitted

version: '3'

services:
  syncthing:
    image: 'syncthing/syncthing:${SYNCTHING_IMAGE_VERSION:-latest}'
    cap_add:
      - AUDIT_WRITE
      - CHOWN
      - DAC_OVERRIDE
      - FOWNER
      - FSETID
      - KILL
      - MKNOD
      - NET_BIND_SERVICE
      - NET_RAW
      - SETFCAP
      - SETGID
      - SETPCAP
      - SETUID
      - SYS_CHROOT
    container_name: syncthing
    environment:
      - 'TZ=America/New_York'
      - 'PUID=1000'
      - 'PGID=1000'
#    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.sync.entrypoints=web,websecure'
      - 'traefik.http.routers.sync.rule=Host(`sync.${SITE:-localhost}`)' # <== Setting the domain for the dashboard      - 'traefik.http.routers.sync.tls=true'
      - 'traefik.http.routers.sync.service=sync'
      - 'traefik.http.services.sync.loadbalancer.server.port=8384'
   #   - 'traefik.http.services.sync.loadbalancer_sync.server.port=22000'
   #   - 'traefik.http.services.sync.loadbalancer_sync_udp.server.port=21027/udp'
#    networks:
#      - 'traefik' # <== Placing this on the network
    network_mode: bridge
    ports:
      - '8384:8384'
      - '22000:22000'
      - '21027:21027/udp'
    restart: always
    security_opt:
      - 'no-new-privileges:true'
    volumes:
      - './syncthing/conf:/var/syncthing/config' # <== Volume to have the synchronized files available on the host
      - './syncthing/data:/var/syncthing/data' # <== Volume to have the synchronized files available on the host
      - '/etc/timezone:/etc/timezone:ro' # <== Volume for TIME ZONE
      - '/etc/localtime:/etc/localtime:ro' # <== Volume for TIME

#networks:
#  traefik:
#    name: traefik

There must be a permissions issue some where that I am missing. I am running docker-compose as root so you would think it would be able to access that entrypoint. but maybe its the UID and GID setting? Any ideas, Anyone?

Not really, I have no idea what would cause it. A potential problem with your yaml above is that labels: is commented out so what should be labels become environment variables, but I don’t think that’s related.

I have tried soo many docker-compose versions. Can someone provide a docker-compose.yml that works? I know I will need to make a minor tweek for volume, but the rest should just work. I am missing something

There’s one in the readme that appears to work for me at least.

However, I also tried your file from above and that worked for me too.

I have been beating my head over this for a while now and trying SOO many variations of the compose. Turns out it throws that error, if you include the

security_opt: - ‘no-new-privileges:true’

1 Like