open /run/10-dev.mqsc: permission denied in docker-compose setup #601
Description
My container keeps rebooting with this sequence:
2025-08-20T18:25:33.666Z CPU architecture: amd64
2025-08-20T18:25:33.666Z Linux kernel version: 4.4.302+
2025-08-20T18:25:33.666Z Base image: Red Hat Enterprise Linux 9.6 (Plow)
2025-08-20T18:25:33.666Z Running as user ID 1043 with primary group 65543, and supplementary groups 65543
2025-08-20T18:25:33.666Z Capabilities (bounding set): chown,dac_override,fowner,fsetid,kill,setgid,setuid,setpcap,net_bind_service,net_raw,sys_chroot,mknod,audit_write,setfcap
2025-08-20T18:25:33.666Z seccomp enforcing mode: disabled
2025-08-20T18:25:33.666Z Process security attributes: docker-default (enforce)
2025-08-20T18:25:33.666Z Detected 'btrfs' volume mounted to /mnt/mqm
2025-08-20T18:25:33.667Z open /run/10-dev.mqsc: permission denied
Container stopped
I do not mount /run/ so that's something internal.
When i do not use a custom user ID, and instead use a supplementary group, then it works fine, so Running as user ID 1001 with primary group 0, and supplementary groups 0,65543 .
This is my full container configuration:
{
"CapAdd" : null,
"CapDrop" : null,
"cmd" : "",
"cmd_v2" : "",
"cpu_priority" : 0,
"enable_publish_all_ports" : false,
"enable_restart_policy" : false,
"enabled" : false,
"env_variables" : [
{
"key" : "LICENSE",
"value" : "accept"
},
{
"key" : "MQ_QMGR_NAME",
"value" : "QM1"
},
{
"key" : "DOCKER_API_VERSION",
"value" : "1.43"
},
{
"key" : "TZ",
"value" : "Europe/Amsterdam"
},
{
"key" : "PATH",
"value" : "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/mqm/bin"
},
{
"key" : "container",
"value" : "oci"
},
{
"key" : "MQ_OVERRIDE_DATA_PATH",
"value" : "/mnt/mqm/data"
},
{
"key" : "MQ_OVERRIDE_INSTALLATION_NAME",
"value" : "Installation1"
},
{
"key" : "MQ_USER_NAME",
"value" : "mqm"
},
{
"key" : "MQ_GRACE_PERIOD",
"value" : "30"
},
{
"key" : "LANG",
"value" : "C"
},
{
"key" : "AMQ_DIAGNOSTIC_MSG_SEVERITY",
"value" : "1"
},
{
"key" : "AMQ_ADDITIONAL_JSON_LOG",
"value" : "1"
},
{
"key" : "MQ_LOGGING_CONSOLE_EXCLUDE_ID",
"value" : "AMQ5041I,AMQ5052I,AMQ5051I,AMQ5037I,AMQ5975I"
},
{
"key" : "WLP_LOGGING_MESSAGE_FORMAT",
"value" : "json"
},
{
"key" : "MQ_CONNAUTH_USE_HTP",
"value" : "true"
},
{
"key" : "MQ_DEV",
"value" : "true"
},
{
"key" : "MQ_ENABLE_EMBEDDED_WEB_SERVER",
"value" : "1"
},
{
"key" : "MQ_GENERATE_CERTIFICATE_HOSTNAME",
"value" : "localhost"
},
{
"key" : "LD_LIBRARY_PATH",
"value" : "/opt/mqm/lib64"
},
{
"key" : "MQS_PERMIT_UNKNOWN_ID",
"value" : "true"
}
],
"exporting" : false,
"id" : "9df6ab31bb193a4d3dffc71e5c5eedb66bbd9f5fffc8ee21f3543e8fde41bf41",
"image" : "icr.io/ibm-messaging/mq:latest",
"is_ddsm" : false,
"is_package" : false,
"labels" : {
"architecture" : "amd64",
"authoritative-source-url" : "https://www.ibm.com/software/passportadvantage/",
"base-image" : "registry.access.redhat.com/ubi9/ubi-minimal",
"base-image-release" : "9.6-1752069876",
"build-date" : "2025-07-15T08:45:40+0000",
"caddy_0" : "http://ibmmq.nasi.guanchen.nl",
"caddy_0.import" : "tinyauth_forwarder *",
"caddy_0.reverse_proxy" : "{{upstreams 9443}}",
"caddy_1.layer4.:1414" : "",
"caddy_1.layer4.:1414.@a" : "remote_ip 192.168.50.0/24",
"caddy_1.layer4.:1414.route" : "@a",
"caddy_1.layer4.:1414.route.proxy" : "{{ upstreams 1414 }}",
"com.docker.compose.config-hash" : "12528dcfd7f70ad5cbb87a0c3ea1e2aa25d32508971249c714a990cea25886f0",
"com.docker.compose.container-number" : "1",
"com.docker.compose.depends_on" : "",
"com.docker.compose.image" : "sha256:9e36370b93ae719d0098b7e0c71f2dd65a5c3717dc185fc94e41bd403fdf8d93",
"com.docker.compose.oneoff" : "False",
"com.docker.compose.project" : "garden",
"com.docker.compose.project.config_files" : "/volume1/docker/projects/garden/docker-compose.yaml",
"com.docker.compose.project.working_dir" : "/volume1/docker/projects/garden",
"com.docker.compose.replace" : "59979b293b8a508e8ab6a2d1d02ec7378a5df3f226085bab7896e9feca120043",
"com.docker.compose.service" : "ibm-mq",
"com.docker.compose.version" : "2.20.1",
"com.redhat.component" : "ubi9-minimal-container",
"com.redhat.license_terms" : "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description" : "Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises",
"distribution-scope" : "private",
"io.buildah.version" : "1.41.0-dev",
"io.k8s.description" : "Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises",
"io.k8s.display-name" : "IBM MQ Advanced for Developers Server",
"io.openshift.expose-services" : "",
"io.openshift.tags" : "mq messaging",
"maintainer" : "IBM",
"mq-build" : "p943-L250527",
"name" : "ibm-mqadvanced-server-dev",
"release" : "r2",
"run" : "podman run -d -e LICENSE=accept ibm-mqadvanced-server-dev:9.4.3.0-r2.20250715084208.7be81c6-amd64",
"summary" : "IBM MQ Advanced for Developers Server",
"url" : "https://www.ibm.com/products/mq/advanced",
"vcs-ref" : "7be81c6ea1b9e5a25f3432517362ac5a402bf024",
"vcs-type" : "git",
"vcs-url" : "git@github.ibm.com:mq-cloudpak/mq-container.git",
"vendor" : "IBM",
"version" : "9.4.3.0"
},
"links" : [],
"memory_limit" : 0,
"name" : "ibmmq",
"network" : [
{
"driver" : "bridge",
"name" : "eden"
}
],
"network_mode" : "eden",
"port_bindings" : [],
"privileged" : false,
"shortcut" : {
"enable_shortcut" : false,
"enable_status_page" : false,
"enable_web_page" : false,
"web_page_url" : ""
},
"use_host_network" : false,
"version" : 2,
"volume_bindings" : [
{
"host_volume_file" : "/docker/projects/garden/docker-ibmmq/config",
"is_directory" : true,
"mount_point" : "/mnt/mqm",
"type" : "rw"
},
{
"host_volume_file" : "/docker/projects/garden/docker-ibmmq/mykey",
"is_directory" : true,
"mount_point" : "/etc/mqm/pki/keys/mykey",
"type" : "rw"
}
]
}