ApolloX ROOT privileges in Docker Container

I’m currently trying to get the ApolloX VSCode IDE to work. While trying to use the libsocketcan library and setting up the CAN Interface with

can_set_bitrate("can0", 500000);
can_do_start("can0");

I am not getting any compiler or linker error but these two lines are not doing anything when starting debugging and I am not able to use the CAN Interface.
When I set up the CAN Interface and Bitrate over SSH prior, I can send CAN Messages.
I am guessing this is due to missing root privileges in the Docker container:

I set my docker-compose.yml up like this:

version: "3.9"
services:
  cppapollotestcontainer-debug:
    build:
      context: .
      dockerfile: Dockerfile.debug
    user: root
    cap_add:
    - SYS_NICE
    - CAP_NET_ADMIN
    network_mode: "host"
    volumes:
    - /dev:/dev
    image: ${LOCAL_REGISTRY}:5002/cppapollotestcontainer-debug:${TAG}
    # ports:
    #  - 2230:2230

And my dockerfile.debug like this:


[...]

# SSH for remote debug
EXPOSE ${SSH_DEBUG_PORT}
ARG SSHUSERNAME=torizon

# Make sure we don't get notifications we can't answer during building.
ENV DEBIAN_FRONTEND="noninteractive"

# your regular RUN statements here
# Install required packages
RUN apt-get -q -y update && \
    apt-get -q -y install \
    openssl \
    openssh-server \
    rsync \
    file \
    curl \
    libsocketcan2 libmodbus5 \
    gdb && \
    apt-get clean && apt-get autoremove && \
    rm -rf /var/lib/apt/lists/*
    
[...]
    
CMD [ "/usr/sbin/sshd", "-D"]

I tried changing the ARG SSHUSERNAME to root but it threw me an error.

How can I use the Docker container as root?

I’m working on Colibri IMX6ULL 1GB IT on the Colibri Eval Board.

Greetings @xlukem,

In order to run a container with a certain user you typically need to set this in the Dockerfile. There’s a property called USER you can set like so:

USER root

Whatever the user set here will be the user used when the container is ran. More information about this property can be found here: Dockerfile reference | Docker Documentation

Best Regards,
Jeremias

Hey Jeremias!

Thank you for your help. Unfortunately this did not help. I put “USER root” at different points in the Dockerfile but the outcome was still the same.
I am still guessing this may work by changing the $SSHUSERNAME Variable in the Dockerfile.debug file.

It prompts me to input a password but the default password doesnt work.
This is the console log when I try to change it to “root”:

 *  Executing task: ssh -i /home/xlukem/cppapollotest/.conf/id_rsa -p 2230 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no torizon@192.168.178.104 rm -rf ~/app 

Warning: Permanently added '[192.168.178.104]:2230' (ECDSA) to the list of known hosts.
torizon@192.168.178.104's password: 

Thank you very much!
Lukas

Hi @xlukem

thanks for trying the ApolloX!
We updated our templates to be possible to run the application in debug mode with other user than the default torizon user.

:warning: For now it is not possible to update projects created with previous versions of the templates. Then create a new cppConsole project and copy only the code from your old project into this new one. We are working in a mechanism to do this template update from created projects automatically. Thank you for understanding.

With the new project you should have the following properties in the .vscode/settings.json file:

  "torizon_run_as": "torizon",
  "torizon_app_root": "/home/torizon"

Change these to:

  "torizon_run_as": "root",
  "torizon_app_root": "/root"

torizon_run_as store the default user to run the application and the torizon_app_root store the home folder for the user.

Let us know if this works for you.

Best Regards,

Hey @matheus.castello

Thank you very much for your help and fast reply!
I set up a new project, changed the parameters and can now use root privileges inside of my Docker container and the libsocketcan library accordingly.

Best Regards,
Lukas

1 Like