Starting Docker Compose Tests - Mon Jan 5 02:20:29 UTC 2026 ========================================== File: docker-compose.missing-caps.yml ---------------------------------------- Testing: docker-compose.missing-caps.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations Running docker compose up... Volume "configurations_netalertx_data" Creating Volume "configurations_netalertx_data" Created Container netalertx-test-missing-caps Creating Container netalertx-test-missing-caps Created Attaching to netalertx-test-missing-caps netalertx-test-missing-caps | Ownership prepared for PUID=20211. netalertx-test-missing-caps | su-exec: setgroups(20211): Operation not permitted netalertx-test-missing-caps | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-missing-caps | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-missing-caps | Ownership prepared for PUID=20211. netalertx-test-missing-caps | su-exec: setgroups(20211): Operation not permitted netalertx-test-missing-caps | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-missing-caps |  netalertx-test-missing-caps | _ _ _ ___ _ _ __ __ netalertx-test-missing-caps | | \ | | | | / _ \| | | | \ \ / / netalertx-test-missing-caps | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-missing-caps | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-missing-caps | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-missing-caps | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-missing-caps |  Network intruder and presence detector. netalertx-test-missing-caps | https://netalertx.com netalertx-test-missing-caps | netalertx-test-missing-caps | netalertx-test-missing-caps | Startup pre-checks netalertx-test-missing-caps | --> data migration.sh netalertx-test-missing-caps | --> capabilities audit.sh netalertx-test-missing-caps | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-caps | 🚨 ALERT: Python execution capabilities (NET_RAW/NET_ADMIN) are missing. netalertx-test-missing-caps | netalertx-test-missing-caps | The Python binary in this image has file capabilities (+eip) that netalertx-test-missing-caps | require these bits in the container's bounding set. Without them, netalertx-test-missing-caps | the binary will fail to execute (Operation not permitted). netalertx-test-missing-caps | netalertx-test-missing-caps | Restart with: --cap-add=NET_RAW --cap-add=NET_ADMIN netalertx-test-missing-caps | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-caps | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-caps | ⚠️ WARNING: Reduced functionality (NET_BIND_SERVICE missing). netalertx-test-missing-caps | netalertx-test-missing-caps | Tools like nbtscan cannot bind to privileged ports (UDP 137). netalertx-test-missing-caps | This will reduce discovery accuracy for legacy devices. netalertx-test-missing-caps | netalertx-test-missing-caps | Consider adding: --cap-add=NET_BIND_SERVICE netalertx-test-missing-caps | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-caps | Security context: Operational capabilities (CHOWN SETGID SETUID) not granted. netalertx-test-missing-caps | See https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/missing-capabilities.md netalertx-test-missing-caps | --> mounts.py netalertx-test-missing-caps | env: can't execute 'python3': Operation not permitted netalertx-test-missing-caps | mounts.py: FAILED with 126 netalertx-test-missing-caps | Failure detected in: /entrypoint.d/15-mounts.py netalertx-test-missing-caps | --> first run config.sh netalertx-test-missing-caps | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-caps | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-missing-caps | netalertx-test-missing-caps | Review your settings in the UI or edit the file directly before trusting netalertx-test-missing-caps | this instance in production. netalertx-test-missing-caps | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-caps | --> first run db.sh netalertx-test-missing-caps | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-caps | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-missing-caps | netalertx-test-missing-caps | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-missing-caps | DB before onboarding sensitive or critical networks. netalertx-test-missing-caps | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-caps | --> mandatory folders.sh netalertx-test-missing-caps | --> apply conf override.sh netalertx-test-missing-caps | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-caps | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-missing-caps | netalertx-test-missing-caps | Make sure the JSON content is correct before starting the application. netalertx-test-missing-caps | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-caps | --> writable config.sh netalertx-test-missing-caps | --> nginx config.sh netalertx-test-missing-caps | --> expected user id match.sh netalertx-test-missing-caps |  netalertx-test-missing-caps | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-missing-caps | --> host mode network.sh netalertx-test-missing-caps | --> excessive capabilities.sh netalertx-test-missing-caps | --> appliance integrity.sh netalertx-test-missing-caps | --> ports available.sh netalertx-test-missing-caps | Container startup checks failed with exit code 126. netalertx-test-missing-caps | NETALERTX_DEBUG=1, continuing despite failed pre-checks. netalertx-test-missing-caps exited with code 0 File: docker-compose.missing-net-admin.yml ---------------------------------------- Testing: docker-compose.missing-net-admin.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations Running docker compose up... Volume "configurations_netalertx_data" Creating Volume "configurations_netalertx_data" Created Container netalertx-test-missing-net-admin Creating Container netalertx-test-missing-net-admin Created Attaching to netalertx-test-missing-net-admin netalertx-test-missing-net-admin | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-missing-net-admin | Ownership prepared for PUID=20211. netalertx-test-missing-net-admin | su-exec: setgroups(20211): Operation not permitted netalertx-test-missing-net-admin | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-missing-net-admin | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-missing-net-admin | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-missing-net-admin | Ownership prepared for PUID=20211. netalertx-test-missing-net-admin | su-exec: setgroups(20211): Operation not permitted netalertx-test-missing-net-admin | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-missing-net-admin |  netalertx-test-missing-net-admin | _ _ _ ___ _ _ __ __ netalertx-test-missing-net-admin | | \ | | | | / _ \| | | | \ \ / / netalertx-test-missing-net-admin | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-missing-net-admin | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-missing-net-admin | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-missing-net-admin | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-missing-net-admin |  Network intruder and presence detector. netalertx-test-missing-net-admin | https://netalertx.com netalertx-test-missing-net-admin | netalertx-test-missing-net-admin | netalertx-test-missing-net-admin | Startup pre-checks netalertx-test-missing-net-admin | --> data migration.sh netalertx-test-missing-net-admin | --> capabilities audit.sh netalertx-test-missing-net-admin | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-net-admin | 🚨 ALERT: Python execution capabilities (NET_RAW/NET_ADMIN) are missing. netalertx-test-missing-net-admin | netalertx-test-missing-net-admin | The Python binary in this image has file capabilities (+eip) that netalertx-test-missing-net-admin | require these bits in the container's bounding set. Without them, netalertx-test-missing-net-admin | the binary will fail to execute (Operation not permitted). netalertx-test-missing-net-admin | netalertx-test-missing-net-admin | Restart with: --cap-add=NET_RAW --cap-add=NET_ADMIN netalertx-test-missing-net-admin | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-net-admin | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-missing-net-admin | --> mounts.py netalertx-test-missing-net-admin | env: can't execute 'python3': Operation not permitted netalertx-test-missing-net-admin | mounts.py: FAILED with 126 netalertx-test-missing-net-admin | Failure detected in: /entrypoint.d/15-mounts.py netalertx-test-missing-net-admin | --> first run config.sh netalertx-test-missing-net-admin | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-net-admin | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-missing-net-admin | netalertx-test-missing-net-admin | Review your settings in the UI or edit the file directly before trusting netalertx-test-missing-net-admin | this instance in production. netalertx-test-missing-net-admin | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-net-admin | --> first run db.sh netalertx-test-missing-net-admin | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-net-admin | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-missing-net-admin | netalertx-test-missing-net-admin | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-missing-net-admin | DB before onboarding sensitive or critical networks. netalertx-test-missing-net-admin | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-net-admin | --> mandatory folders.sh netalertx-test-missing-net-admin | --> apply conf override.sh netalertx-test-missing-net-admin | --> writable config.sh netalertx-test-missing-net-admin | --> nginx config.sh netalertx-test-missing-net-admin | --> expected user id match.sh netalertx-test-missing-net-admin |  netalertx-test-missing-net-admin | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-missing-net-admin | --> host mode network.sh netalertx-test-missing-net-admin | --> excessive capabilities.sh netalertx-test-missing-net-admin | --> appliance integrity.sh netalertx-test-missing-net-admin | --> ports available.sh netalertx-test-missing-net-admin | Container startup checks failed with exit code 126. netalertx-test-missing-net-admin | NETALERTX_DEBUG=1, continuing despite failed pre-checks. netalertx-test-missing-net-admin | APP_CONF_OVERRIDE detected (set from GRAPHQL_PORT) netalertx-test-missing-net-admin exited with code 0 File: docker-compose.missing-net-raw.yml ---------------------------------------- Testing: docker-compose.missing-net-raw.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations Running docker compose up... Volume "configurations_netalertx_data" Creating Volume "configurations_netalertx_data" Created Container netalertx-test-missing-net-raw Creating Container netalertx-test-missing-net-raw Created Attaching to netalertx-test-missing-net-raw netalertx-test-missing-net-raw | Ownership prepared for PUID=20211. netalertx-test-missing-net-raw |  netalertx-test-missing-net-raw | _ _ _ ___ _ _ __ __ netalertx-test-missing-net-raw | | \ | | | | / _ \| | | | \ \ / / netalertx-test-missing-net-raw | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-missing-net-raw | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-missing-net-raw | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-missing-net-raw | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-missing-net-raw |  Network intruder and presence detector. netalertx-test-missing-net-raw | https://netalertx.com netalertx-test-missing-net-raw | netalertx-test-missing-net-raw | netalertx-test-missing-net-raw | Startup pre-checks netalertx-test-missing-net-raw | --> data migration.sh netalertx-test-missing-net-raw | --> capabilities audit.sh netalertx-test-missing-net-raw | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-net-raw | 🚨 ALERT: Python execution capabilities (NET_RAW/NET_ADMIN) are missing. netalertx-test-missing-net-raw | netalertx-test-missing-net-raw | The Python binary in this image has file capabilities (+eip) that netalertx-test-missing-net-raw | require these bits in the container's bounding set. Without them, netalertx-test-missing-net-raw | the binary will fail to execute (Operation not permitted). netalertx-test-missing-net-raw | netalertx-test-missing-net-raw | Restart with: --cap-add=NET_RAW --cap-add=NET_ADMIN netalertx-test-missing-net-raw | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-net-raw | --> mounts.py netalertx-test-missing-net-raw | env: can't execute 'python3': Operation not permitted netalertx-test-missing-net-raw | mounts.py: FAILED with 126 netalertx-test-missing-net-raw | Failure detected in: /entrypoint.d/15-mounts.py netalertx-test-missing-net-raw | --> first run config.sh netalertx-test-missing-net-raw | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-net-raw | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-missing-net-raw | netalertx-test-missing-net-raw | Review your settings in the UI or edit the file directly before trusting netalertx-test-missing-net-raw | this instance in production. netalertx-test-missing-net-raw | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-net-raw | --> first run db.sh netalertx-test-missing-net-raw | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-net-raw | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-missing-net-raw | netalertx-test-missing-net-raw | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-missing-net-raw | DB before onboarding sensitive or critical networks. netalertx-test-missing-net-raw | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-missing-net-raw | --> mandatory folders.sh netalertx-test-missing-net-raw | --> apply conf override.sh netalertx-test-missing-net-raw | --> writable config.sh netalertx-test-missing-net-raw | --> nginx config.sh netalertx-test-missing-net-raw | --> expected user id match.sh netalertx-test-missing-net-raw | --> host mode network.sh netalertx-test-missing-net-raw | --> excessive capabilities.sh netalertx-test-missing-net-raw | --> appliance integrity.sh netalertx-test-missing-net-raw | --> ports available.sh netalertx-test-missing-net-raw | Container startup checks failed with exit code 126. netalertx-test-missing-net-raw | NETALERTX_DEBUG=1, continuing despite failed pre-checks. netalertx-test-missing-net-raw | APP_CONF_OVERRIDE detected (set from GRAPHQL_PORT) netalertx-test-missing-net-raw | /services/scripts/update_vendors.sh: line 28: /tmp/run/tmp/ieee-oui.txt.tmp: Read-only file system netalertx-test-missing-net-raw | Starting /usr/sbin/php-fpm83 -y "/services/config/php/php-fpm.conf" -F (tee stderr to app.php_errors.log) netalertx-test-missing-net-raw | Starting supercronic --debug "/services/config/cron/crontab" >>"/tmp/log/cron.log" 2>&1 & netalertx-test-missing-net-raw | /services/start-cron.sh: line 37: /tmp/log/cron.log: Read-only file system netalertx-test-missing-net-raw | Supercronic stopped! (exit 1) netalertx-test-missing-net-raw | tee: /tmp/log/app.php_errors.log: Read-only file system netalertx-test-missing-net-raw | mktemp: : Read-only file system netalertx-test-missing-net-raw | Starting python3 -m server > /tmp/log/stdout.log 2> >(tee /tmp/log/stderr.log >&2) netalertx-test-missing-net-raw | /services/start-backend.sh: line 16: /tmp/log/stdout.log: Read-only file system netalertx-test-missing-net-raw | [04-Jan-2026 21:20:39] ERROR: failed to open error_log (/tmp/log/app.php_errors.log): Read-only file system (30) netalertx-test-missing-net-raw | [04-Jan-2026 21:20:39] ERROR: failed to post process the configuration netalertx-test-missing-net-raw | [04-Jan-2026 21:20:39] ERROR: FPM initialization failed netalertx-test-missing-net-raw | php-fpm stopped! (exit 78) netalertx-test-missing-net-raw | ERROR: Failed to download or process OUI data Gracefully stopping... (press Ctrl+C again to force) Container netalertx-test-missing-net-raw Stopping Container netalertx-test-missing-net-raw Stopped File: docker-compose.readonly.yml ---------------------------------------- Testing: docker-compose.readonly.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations Running docker compose up... Volume "configurations_netalertx_data" Creating Volume "configurations_netalertx_data" Created Container netalertx-test-readonly Creating Container netalertx-test-readonly Created Attaching to netalertx-test-readonly netalertx-test-readonly | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-readonly | Ownership prepared for PUID=20211. netalertx-test-readonly | su-exec: setgroups(20211): Operation not permitted netalertx-test-readonly | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-readonly | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-readonly | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-readonly | Ownership prepared for PUID=20211. netalertx-test-readonly | su-exec: setgroups(20211): Operation not permitted netalertx-test-readonly | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-readonly |  netalertx-test-readonly | _ _ _ ___ _ _ __ __ netalertx-test-readonly | | \ | | | | / _ \| | | | \ \ / / netalertx-test-readonly | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-readonly | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-readonly | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-readonly | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-readonly |  Network intruder and presence detector. netalertx-test-readonly | https://netalertx.com netalertx-test-readonly | netalertx-test-readonly | netalertx-test-readonly | Startup pre-checks netalertx-test-readonly | --> data migration.sh netalertx-test-readonly | --> capabilities audit.sh netalertx-test-readonly | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-readonly | --> mounts.py netalertx-test-readonly | --> first run config.sh netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-readonly | netalertx-test-readonly | Review your settings in the UI or edit the file directly before trusting netalertx-test-readonly | this instance in production. netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | --> first run db.sh netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-readonly | netalertx-test-readonly | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-readonly | DB before onboarding sensitive or critical networks. netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | --> mandatory folders.sh netalertx-test-readonly | --> apply conf override.sh netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-readonly | netalertx-test-readonly | Make sure the JSON content is correct before starting the application. netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | --> writable config.sh netalertx-test-readonly | --> nginx config.sh netalertx-test-readonly | --> expected user id match.sh netalertx-test-readonly |  netalertx-test-readonly | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-readonly | --> host mode network.sh netalertx-test-readonly | --> excessive capabilities.sh netalertx-test-readonly | --> appliance integrity.sh netalertx-test-readonly | --> ports available.sh netalertx-test-readonly exited with code 0 netalertx-test-readonly | --> capabilities audit.sh netalertx-test-readonly | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-readonly | --> mounts.py netalertx-test-readonly | --> first run config.sh netalertx-test-readonly | --> first run db.sh netalertx-test-readonly | --> mandatory folders.sh netalertx-test-readonly | --> apply conf override.sh netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-readonly | netalertx-test-readonly | Make sure the JSON content is correct before starting the application. netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | --> writable config.sh netalertx-test-readonly | --> nginx config.sh netalertx-test-readonly | --> expected user id match.sh netalertx-test-readonly |  netalertx-test-readonly | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-readonly | --> host mode network.sh netalertx-test-readonly | --> excessive capabilities.sh netalertx-test-readonly | --> appliance integrity.sh netalertx-test-readonly | --> ports available.sh netalertx-test-readonly exited with code 0 netalertx-test-readonly | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-readonly | --> mounts.py netalertx-test-readonly | --> first run config.sh netalertx-test-readonly | --> first run db.sh netalertx-test-readonly | --> mandatory folders.sh netalertx-test-readonly | --> apply conf override.sh netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-readonly | netalertx-test-readonly | Make sure the JSON content is correct before starting the application. netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | --> writable config.sh netalertx-test-readonly | --> nginx config.sh netalertx-test-readonly | --> expected user id match.sh netalertx-test-readonly |  netalertx-test-readonly | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-readonly | --> host mode network.sh netalertx-test-readonly | --> excessive capabilities.sh netalertx-test-readonly | --> appliance integrity.sh netalertx-test-readonly | --> ports available.sh netalertx-test-readonly exited with code 0 netalertx-test-readonly |  netalertx-test-readonly | _ _ _ ___ _ _ __ __ netalertx-test-readonly | | \ | | | | / _ \| | | | \ \ / / netalertx-test-readonly | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-readonly | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-readonly | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-readonly | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-readonly |  Network intruder and presence detector. netalertx-test-readonly | https://netalertx.com netalertx-test-readonly | netalertx-test-readonly | netalertx-test-readonly | Startup pre-checks netalertx-test-readonly | --> data migration.sh netalertx-test-readonly | --> capabilities audit.sh netalertx-test-readonly | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-readonly | --> mounts.py netalertx-test-readonly | --> first run config.sh netalertx-test-readonly | --> first run db.sh netalertx-test-readonly | --> mandatory folders.sh netalertx-test-readonly | --> apply conf override.sh netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-readonly | netalertx-test-readonly | Make sure the JSON content is correct before starting the application. netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | --> writable config.sh netalertx-test-readonly | --> nginx config.sh netalertx-test-readonly | --> expected user id match.sh netalertx-test-readonly |  netalertx-test-readonly | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-readonly | --> host mode network.sh netalertx-test-readonly | --> excessive capabilities.sh netalertx-test-readonly | --> appliance integrity.sh netalertx-test-readonly | --> ports available.sh netalertx-test-readonly exited with code 0 netalertx-test-readonly | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-readonly | --> mounts.py netalertx-test-readonly | --> first run config.sh netalertx-test-readonly | --> first run db.sh netalertx-test-readonly | --> mandatory folders.sh netalertx-test-readonly | --> apply conf override.sh netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-readonly | netalertx-test-readonly | Make sure the JSON content is correct before starting the application. netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | --> writable config.sh netalertx-test-readonly | --> nginx config.sh netalertx-test-readonly | --> expected user id match.sh netalertx-test-readonly |  netalertx-test-readonly | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-readonly | --> host mode network.sh netalertx-test-readonly | --> excessive capabilities.sh netalertx-test-readonly | --> appliance integrity.sh netalertx-test-readonly | --> ports available.sh netalertx-test-readonly exited with code 0 netalertx-test-readonly | --> first run config.sh netalertx-test-readonly | --> first run db.sh netalertx-test-readonly | --> mandatory folders.sh netalertx-test-readonly | --> apply conf override.sh netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-readonly | netalertx-test-readonly | Make sure the JSON content is correct before starting the application. netalertx-test-readonly | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-readonly | --> writable config.sh netalertx-test-readonly | --> nginx config.sh netalertx-test-readonly | --> expected user id match.sh netalertx-test-readonly |  netalertx-test-readonly | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-readonly | --> host mode network.sh netalertx-test-readonly | --> excessive capabilities.sh netalertx-test-readonly | --> appliance integrity.sh netalertx-test-readonly | --> ports available.sh netalertx-test-readonly exited with code 0 Gracefully stopping... (press Ctrl+C again to force) Container netalertx-test-readonly Stopping Container netalertx-test-readonly Stopped File: docker-compose.writable.yml ---------------------------------------- Testing: docker-compose.writable.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations Running docker compose up... Volume "configurations_netalertx_data" Creating Volume "configurations_netalertx_data" Created Container netalertx-test-writable Creating Container netalertx-test-writable Created Attaching to netalertx-test-writable netalertx-test-writable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-writable | Ownership prepared for PUID=20211. netalertx-test-writable | su-exec: setgroups(20211): Operation not permitted netalertx-test-writable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-writable | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-writable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-writable | Ownership prepared for PUID=20211. netalertx-test-writable | su-exec: setgroups(20211): Operation not permitted netalertx-test-writable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-writable |  netalertx-test-writable | _ _ _ ___ _ _ __ __ netalertx-test-writable | | \ | | | | / _ \| | | | \ \ / / netalertx-test-writable | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-writable | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-writable | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-writable | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-writable |  Network intruder and presence detector. netalertx-test-writable | https://netalertx.com netalertx-test-writable | netalertx-test-writable | netalertx-test-writable | Startup pre-checks netalertx-test-writable | --> data migration.sh netalertx-test-writable | --> capabilities audit.sh netalertx-test-writable | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-writable | --> mounts.py netalertx-test-writable | --> first run config.sh netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-writable | netalertx-test-writable | Review your settings in the UI or edit the file directly before trusting netalertx-test-writable | this instance in production. netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | --> first run db.sh netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-writable | netalertx-test-writable | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-writable | DB before onboarding sensitive or critical networks. netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | --> mandatory folders.sh netalertx-test-writable | * Creating Plugins log. netalertx-test-writable | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating System services run log. netalertx-test-writable | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating System services run tmp. netalertx-test-writable | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating DB locked log. netalertx-test-writable | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating Execution queue log. netalertx-test-writable | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-writable | --> apply conf override.sh netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-writable | netalertx-test-writable | Make sure the JSON content is correct before starting the application. netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | --> writable config.sh netalertx-test-writable | --> nginx config.sh netalertx-test-writable | --> expected user id match.sh netalertx-test-writable |  netalertx-test-writable | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-writable | --> host mode network.sh netalertx-test-writable | --> excessive capabilities.sh netalertx-test-writable | --> appliance integrity.sh netalertx-test-writable | --> ports available.sh netalertx-test-writable exited with code 0 netalertx-test-writable | --> first run config.sh netalertx-test-writable | --> first run db.sh netalertx-test-writable | --> mandatory folders.sh netalertx-test-writable | * Creating Plugins log. netalertx-test-writable | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating System services run log. netalertx-test-writable | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating System services run tmp. netalertx-test-writable | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating DB locked log. netalertx-test-writable | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating Execution queue log. netalertx-test-writable | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-writable | --> apply conf override.sh netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-writable | netalertx-test-writable | Make sure the JSON content is correct before starting the application. netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | --> writable config.sh netalertx-test-writable | --> nginx config.sh netalertx-test-writable | --> expected user id match.sh netalertx-test-writable |  netalertx-test-writable | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-writable | --> host mode network.sh netalertx-test-writable | --> excessive capabilities.sh netalertx-test-writable | --> appliance integrity.sh netalertx-test-writable | --> ports available.sh netalertx-test-writable exited with code 0 netalertx-test-writable | --> first run config.sh netalertx-test-writable | --> first run db.sh netalertx-test-writable | --> mandatory folders.sh netalertx-test-writable | * Creating Plugins log. netalertx-test-writable | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating System services run log. netalertx-test-writable | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating System services run tmp. netalertx-test-writable | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating DB locked log. netalertx-test-writable | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating Execution queue log. netalertx-test-writable | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-writable | --> apply conf override.sh netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-writable | netalertx-test-writable | Make sure the JSON content is correct before starting the application. netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | --> writable config.sh netalertx-test-writable | --> nginx config.sh netalertx-test-writable | --> expected user id match.sh netalertx-test-writable |  netalertx-test-writable | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-writable | --> host mode network.sh netalertx-test-writable | --> excessive capabilities.sh netalertx-test-writable | --> appliance integrity.sh netalertx-test-writable | --> ports available.sh netalertx-test-writable exited with code 0 netalertx-test-writable | --> first run config.sh netalertx-test-writable | --> first run db.sh netalertx-test-writable | --> mandatory folders.sh netalertx-test-writable | * Creating Plugins log. netalertx-test-writable | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating System services run log. netalertx-test-writable | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating System services run tmp. netalertx-test-writable | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating DB locked log. netalertx-test-writable | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating Execution queue log. netalertx-test-writable | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-writable | --> apply conf override.sh netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-writable | netalertx-test-writable | Make sure the JSON content is correct before starting the application. netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | --> writable config.sh netalertx-test-writable | --> nginx config.sh netalertx-test-writable | --> expected user id match.sh netalertx-test-writable |  netalertx-test-writable | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-writable | --> host mode network.sh netalertx-test-writable | --> excessive capabilities.sh netalertx-test-writable | --> appliance integrity.sh netalertx-test-writable | --> ports available.sh netalertx-test-writable exited with code 0 netalertx-test-writable | --> first run config.sh netalertx-test-writable | --> first run db.sh netalertx-test-writable | --> mandatory folders.sh netalertx-test-writable | * Creating Plugins log. netalertx-test-writable | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating System services run log. netalertx-test-writable | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating System services run tmp. netalertx-test-writable | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating DB locked log. netalertx-test-writable | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating Execution queue log. netalertx-test-writable | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-writable | --> apply conf override.sh netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-writable | netalertx-test-writable | Make sure the JSON content is correct before starting the application. netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | --> writable config.sh netalertx-test-writable | --> nginx config.sh netalertx-test-writable | --> expected user id match.sh netalertx-test-writable |  netalertx-test-writable | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-writable | --> host mode network.sh netalertx-test-writable | --> excessive capabilities.sh netalertx-test-writable | --> appliance integrity.sh netalertx-test-writable | --> ports available.sh netalertx-test-writable exited with code 0 netalertx-test-writable | --> first run config.sh netalertx-test-writable | --> first run db.sh netalertx-test-writable | --> mandatory folders.sh netalertx-test-writable | * Creating Plugins log. netalertx-test-writable | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating System services run log. netalertx-test-writable | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating System services run tmp. netalertx-test-writable | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating DB locked log. netalertx-test-writable | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-writable | * Creating Execution queue log. netalertx-test-writable | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-writable | --> apply conf override.sh netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-writable | netalertx-test-writable | Make sure the JSON content is correct before starting the application. netalertx-test-writable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-writable | --> writable config.sh netalertx-test-writable | --> nginx config.sh netalertx-test-writable | --> expected user id match.sh netalertx-test-writable |  netalertx-test-writable | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-writable | --> host mode network.sh netalertx-test-writable | --> excessive capabilities.sh netalertx-test-writable | --> appliance integrity.sh netalertx-test-writable | --> ports available.sh netalertx-test-writable exited with code 0 Gracefully stopping... (press Ctrl+C again to force) Container netalertx-test-writable Stopping Container netalertx-test-writable Stopped File: docker-compose.mount-test.active_config_mounted.yml ---------------------------------------- Expected outcome: Container starts successfully with proper nginx config mount - SYSTEM_SERVICES_ACTIVE_CONFIG shows as writable and mounted - No configuration warnings for nginx config path - Custom PORT configuration should work when nginx config is writable Testing: docker-compose.mount-test.active_config_mounted.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_system_services_active_config" Creating Volume "mount-tests_test_system_services_active_config" Created Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-active_config_mounted Creating Container netalertx-test-mount-active_config_mounted Created Attaching to netalertx-test-mount-active_config_mounted netalertx-test-mount-active_config_mounted | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-active_config_mounted | Ownership prepared for PUID=20211. netalertx-test-mount-active_config_mounted | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-active_config_mounted | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-active_config_mounted | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-active_config_mounted | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-active_config_mounted | Ownership prepared for PUID=20211. netalertx-test-mount-active_config_mounted | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-active_config_mounted | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-active_config_mounted |  netalertx-test-mount-active_config_mounted | _ _ _ ___ _ _ __ __ netalertx-test-mount-active_config_mounted | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-active_config_mounted | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-active_config_mounted | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-active_config_mounted | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-active_config_mounted | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-active_config_mounted |  Network intruder and presence detector. netalertx-test-mount-active_config_mounted | https://netalertx.com netalertx-test-mount-active_config_mounted | netalertx-test-mount-active_config_mounted | netalertx-test-mount-active_config_mounted | Startup pre-checks netalertx-test-mount-active_config_mounted | --> data migration.sh netalertx-test-mount-active_config_mounted | --> capabilities audit.sh netalertx-test-mount-active_config_mounted | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-active_config_mounted | --> mounts.py netalertx-test-mount-active_config_mounted | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-active_config_mounted | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-active_config_mounted | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-active_config_mounted | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-active_config_mounted | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-active_config_mounted | /tmp/run/tmp | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_mounted | /tmp/api | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_mounted | /tmp/log | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_mounted | /tmp/run | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_mounted | /tmp/nginx/active-config | ✅| ✅| ✅ | ❌ | ❌ | ✅ netalertx-test-mount-active_config_mounted | netalertx-test-mount-active_config_mounted | netalertx-test-mount-active_config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_mounted | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-active_config_mounted | netalertx-test-mount-active_config_mounted | * /tmp/run/tmp error writing netalertx-test-mount-active_config_mounted | * /tmp/api error writing netalertx-test-mount-active_config_mounted | * /tmp/log error writing netalertx-test-mount-active_config_mounted | * /tmp/run error writing netalertx-test-mount-active_config_mounted | * /tmp/nginx/active-config performance issue netalertx-test-mount-active_config_mounted | netalertx-test-mount-active_config_mounted | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-active_config_mounted | configuration can be quite complex. netalertx-test-mount-active_config_mounted | netalertx-test-mount-active_config_mounted | Review the documentation for a correct setup: netalertx-test-mount-active_config_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-active_config_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-active_config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_mounted |  netalertx-test-mount-active_config_mounted | --> first run config.sh netalertx-test-mount-active_config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_mounted | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-active_config_mounted | netalertx-test-mount-active_config_mounted | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-active_config_mounted | this instance in production. netalertx-test-mount-active_config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_mounted | --> first run db.sh netalertx-test-mount-active_config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_mounted | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-active_config_mounted | netalertx-test-mount-active_config_mounted | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-active_config_mounted | DB before onboarding sensitive or critical networks. netalertx-test-mount-active_config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_mounted | --> mandatory folders.sh netalertx-test-mount-active_config_mounted | * Creating Plugins log. netalertx-test-mount-active_config_mounted | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_mounted | * Creating System services run log. netalertx-test-mount-active_config_mounted | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_mounted | * Creating System services run tmp. netalertx-test-mount-active_config_mounted | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_mounted | * Creating DB locked log. netalertx-test-mount-active_config_mounted | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_mounted | * Creating Execution queue log. netalertx-test-mount-active_config_mounted | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_mounted | --> apply conf override.sh netalertx-test-mount-active_config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_mounted | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-active_config_mounted | netalertx-test-mount-active_config_mounted | Make sure the JSON content is correct before starting the application. netalertx-test-mount-active_config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_mounted | --> writable config.sh netalertx-test-mount-active_config_mounted | --> nginx config.sh netalertx-test-mount-active_config_mounted | --> expected user id match.sh netalertx-test-mount-active_config_mounted |  netalertx-test-mount-active_config_mounted | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-active_config_mounted | --> host mode network.sh netalertx-test-mount-active_config_mounted | --> excessive capabilities.sh netalertx-test-mount-active_config_mounted | --> appliance integrity.sh netalertx-test-mount-active_config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_mounted | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-active_config_mounted | netalertx-test-mount-active_config_mounted | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-active_config_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-active_config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_mounted | --> ports available.sh netalertx-test-mount-active_config_mounted exited with code 0 File: docker-compose.mount-test.active_config_no-mount.yml ---------------------------------------- Expected outcome: Container shows warning about missing nginx config mount - SYSTEM_SERVICES_ACTIVE_CONFIG shows as not mounted - Warning message about nginx configuration mount being missing - Custom PORT configuration may not work properly Testing: docker-compose.mount-test.active_config_no-mount.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-active_config_no-mount Creating Container netalertx-test-mount-active_config_no-mount Created Attaching to netalertx-test-mount-active_config_no-mount netalertx-test-mount-active_config_no-mount | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-active_config_no-mount | Ownership prepared for PUID=20211. netalertx-test-mount-active_config_no-mount | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-active_config_no-mount | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-active_config_no-mount | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-active_config_no-mount | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-active_config_no-mount | Ownership prepared for PUID=20211. netalertx-test-mount-active_config_no-mount | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-active_config_no-mount | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-active_config_no-mount |  netalertx-test-mount-active_config_no-mount | _ _ _ ___ _ _ __ __ netalertx-test-mount-active_config_no-mount | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-active_config_no-mount | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-active_config_no-mount | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-active_config_no-mount | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-active_config_no-mount | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-active_config_no-mount |  Network intruder and presence detector. netalertx-test-mount-active_config_no-mount | https://netalertx.com netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | Startup pre-checks netalertx-test-mount-active_config_no-mount | --> data migration.sh netalertx-test-mount-active_config_no-mount | --> capabilities audit.sh netalertx-test-mount-active_config_no-mount | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-active_config_no-mount | --> mounts.py netalertx-test-mount-active_config_no-mount | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-active_config_no-mount | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-active_config_no-mount | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-active_config_no-mount | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-active_config_no-mount | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-active_config_no-mount | /tmp/run/tmp | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_no-mount | /tmp/api | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_no-mount | /tmp/log | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_no-mount | /tmp/run | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_no-mount | /tmp/nginx/active-config | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | * /tmp/run/tmp error writing netalertx-test-mount-active_config_no-mount | * /tmp/api error writing netalertx-test-mount-active_config_no-mount | * /tmp/log error writing netalertx-test-mount-active_config_no-mount | * /tmp/run error writing netalertx-test-mount-active_config_no-mount | * /tmp/nginx/active-config error writing netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-active_config_no-mount | configuration can be quite complex. netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | Review the documentation for a correct setup: netalertx-test-mount-active_config_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-active_config_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount |  netalertx-test-mount-active_config_no-mount | --> first run config.sh netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-active_config_no-mount | this instance in production. netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount | --> first run db.sh netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-active_config_no-mount | DB before onboarding sensitive or critical networks. netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount | --> mandatory folders.sh netalertx-test-mount-active_config_no-mount | * Creating Plugins log. netalertx-test-mount-active_config_no-mount | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_no-mount | * Creating System services run log. netalertx-test-mount-active_config_no-mount | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_no-mount | * Creating System services run tmp. netalertx-test-mount-active_config_no-mount | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_no-mount | * Creating DB locked log. netalertx-test-mount-active_config_no-mount | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_no-mount | * Creating Execution queue log. netalertx-test-mount-active_config_no-mount | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_no-mount | --> apply conf override.sh netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | Make sure the JSON content is correct before starting the application. netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount | --> writable config.sh netalertx-test-mount-active_config_no-mount | --> nginx config.sh netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-active_config_no-mount | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-active_config_no-mount | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-active_config_no-mount | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-active_config_no-mount | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount | --> expected user id match.sh netalertx-test-mount-active_config_no-mount |  netalertx-test-mount-active_config_no-mount | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-active_config_no-mount | --> host mode network.sh netalertx-test-mount-active_config_no-mount | --> excessive capabilities.sh netalertx-test-mount-active_config_no-mount | --> appliance integrity.sh netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-active_config_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount | --> ports available.sh netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount | ⚠️ Port Warning: GraphQL API port 20212 is already in use. netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | The GraphQL API (defined by $APP_CONF_OVERRIDE or $GRAPHQL_PORT) netalertx-test-mount-active_config_no-mount | may fail to start. netalertx-test-mount-active_config_no-mount | netalertx-test-mount-active_config_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/port-conflicts.md netalertx-test-mount-active_config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_no-mount exited with code 0 File: docker-compose.mount-test.active_config_ramdisk.yml ---------------------------------------- Expected outcome: Container shows performance warning for nginx config on RAM disk - SYSTEM_SERVICES_ACTIVE_CONFIG shows as mounted on tmpfs (RAM disk) - Performance issue warning since nginx config should be persistent - Custom PORT configuration may have performance implications Testing: docker-compose.mount-test.active_config_ramdisk.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-active_config_ramdisk Creating Container netalertx-test-mount-active_config_ramdisk Created Attaching to netalertx-test-mount-active_config_ramdisk netalertx-test-mount-active_config_ramdisk | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-active_config_ramdisk | Ownership prepared for PUID=20211. netalertx-test-mount-active_config_ramdisk | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-active_config_ramdisk | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-active_config_ramdisk | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-active_config_ramdisk | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-active_config_ramdisk | Ownership prepared for PUID=20211. netalertx-test-mount-active_config_ramdisk | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-active_config_ramdisk | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-active_config_ramdisk |  netalertx-test-mount-active_config_ramdisk | _ _ _ ___ _ _ __ __ netalertx-test-mount-active_config_ramdisk | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-active_config_ramdisk | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-active_config_ramdisk | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-active_config_ramdisk | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-active_config_ramdisk | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-active_config_ramdisk |  Network intruder and presence detector. netalertx-test-mount-active_config_ramdisk | https://netalertx.com netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | Startup pre-checks netalertx-test-mount-active_config_ramdisk | --> data migration.sh netalertx-test-mount-active_config_ramdisk | --> capabilities audit.sh netalertx-test-mount-active_config_ramdisk | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-active_config_ramdisk | --> mounts.py netalertx-test-mount-active_config_ramdisk | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-active_config_ramdisk | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-active_config_ramdisk | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-active_config_ramdisk | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-active_config_ramdisk | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-active_config_ramdisk | /tmp/run/tmp | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_ramdisk | /tmp/api | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_ramdisk | /tmp/log | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_ramdisk | /tmp/run | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_ramdisk | /tmp/nginx/active-config | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | * /tmp/run/tmp error writing netalertx-test-mount-active_config_ramdisk | * /tmp/api error writing netalertx-test-mount-active_config_ramdisk | * /tmp/log error writing netalertx-test-mount-active_config_ramdisk | * /tmp/run error writing netalertx-test-mount-active_config_ramdisk | * /tmp/nginx/active-config error writing netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-active_config_ramdisk | configuration can be quite complex. netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | Review the documentation for a correct setup: netalertx-test-mount-active_config_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-active_config_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk |  netalertx-test-mount-active_config_ramdisk | --> first run config.sh netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-active_config_ramdisk | this instance in production. netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk | --> first run db.sh netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-active_config_ramdisk | DB before onboarding sensitive or critical networks. netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk | --> mandatory folders.sh netalertx-test-mount-active_config_ramdisk | * Creating Plugins log. netalertx-test-mount-active_config_ramdisk | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_ramdisk | * Creating System services run log. netalertx-test-mount-active_config_ramdisk | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_ramdisk | * Creating System services run tmp. netalertx-test-mount-active_config_ramdisk | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_ramdisk | * Creating DB locked log. netalertx-test-mount-active_config_ramdisk | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_ramdisk | * Creating Execution queue log. netalertx-test-mount-active_config_ramdisk | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_ramdisk | --> apply conf override.sh netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | Make sure the JSON content is correct before starting the application. netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk | --> writable config.sh netalertx-test-mount-active_config_ramdisk | --> nginx config.sh netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-active_config_ramdisk | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-active_config_ramdisk | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-active_config_ramdisk | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-active_config_ramdisk | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk | --> expected user id match.sh netalertx-test-mount-active_config_ramdisk |  netalertx-test-mount-active_config_ramdisk | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-active_config_ramdisk | --> host mode network.sh netalertx-test-mount-active_config_ramdisk | --> excessive capabilities.sh netalertx-test-mount-active_config_ramdisk | --> appliance integrity.sh netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-active_config_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk | --> ports available.sh netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk | ⚠️ Port Warning: GraphQL API port 20212 is already in use. netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | The GraphQL API (defined by $APP_CONF_OVERRIDE or $GRAPHQL_PORT) netalertx-test-mount-active_config_ramdisk | may fail to start. netalertx-test-mount-active_config_ramdisk | netalertx-test-mount-active_config_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/port-conflicts.md netalertx-test-mount-active_config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_ramdisk exited with code 0 File: docker-compose.mount-test.active_config_unwritable.yml ---------------------------------------- Expected outcome: Container fails to start due to unwritable nginx config partition - SYSTEM_SERVICES_ACTIVE_CONFIG shows as mounted but unwritable (❌ in Writeable column) - 35-nginx-config.sh detects permission error and exits with code 1 - Container startup fails because nginx configuration cannot be written for custom ports Testing: docker-compose.mount-test.active_config_unwritable.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_system_services_active_config" Creating Volume "mount-tests_test_system_services_active_config" Created Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-active_config_unwritable Creating Container netalertx-test-mount-active_config_unwritable Created Attaching to netalertx-test-mount-active_config_unwritable netalertx-test-mount-active_config_unwritable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-active_config_unwritable | Ownership prepared for PUID=20211. netalertx-test-mount-active_config_unwritable | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-active_config_unwritable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-active_config_unwritable | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-active_config_unwritable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-active_config_unwritable | Ownership prepared for PUID=20211. netalertx-test-mount-active_config_unwritable | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-active_config_unwritable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-active_config_unwritable |  netalertx-test-mount-active_config_unwritable | _ _ _ ___ _ _ __ __ netalertx-test-mount-active_config_unwritable | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-active_config_unwritable | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-active_config_unwritable | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-active_config_unwritable | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-active_config_unwritable | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-active_config_unwritable |  Network intruder and presence detector. netalertx-test-mount-active_config_unwritable | https://netalertx.com netalertx-test-mount-active_config_unwritable | netalertx-test-mount-active_config_unwritable | netalertx-test-mount-active_config_unwritable | Startup pre-checks netalertx-test-mount-active_config_unwritable | --> data migration.sh netalertx-test-mount-active_config_unwritable | --> capabilities audit.sh netalertx-test-mount-active_config_unwritable | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-active_config_unwritable | --> mounts.py netalertx-test-mount-active_config_unwritable | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-active_config_unwritable | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-active_config_unwritable | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-active_config_unwritable | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-active_config_unwritable | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-active_config_unwritable | /tmp/run/tmp | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_unwritable | /tmp/api | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_unwritable | /tmp/log | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_unwritable | /tmp/run | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-active_config_unwritable | /tmp/nginx/active-config | ✅| ❌| ✅ | ❌ | ❌ | ✅ netalertx-test-mount-active_config_unwritable | netalertx-test-mount-active_config_unwritable | netalertx-test-mount-active_config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_unwritable | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-active_config_unwritable | netalertx-test-mount-active_config_unwritable | * /tmp/run/tmp error writing netalertx-test-mount-active_config_unwritable | * /tmp/api error writing netalertx-test-mount-active_config_unwritable | * /tmp/log error writing netalertx-test-mount-active_config_unwritable | * /tmp/run error writing netalertx-test-mount-active_config_unwritable | * /tmp/nginx/active-config error writing, performance issue netalertx-test-mount-active_config_unwritable | netalertx-test-mount-active_config_unwritable | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-active_config_unwritable | configuration can be quite complex. netalertx-test-mount-active_config_unwritable | netalertx-test-mount-active_config_unwritable | Review the documentation for a correct setup: netalertx-test-mount-active_config_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-active_config_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-active_config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_unwritable |  netalertx-test-mount-active_config_unwritable | --> first run config.sh netalertx-test-mount-active_config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_unwritable | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-active_config_unwritable | netalertx-test-mount-active_config_unwritable | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-active_config_unwritable | this instance in production. netalertx-test-mount-active_config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_unwritable | --> first run db.sh netalertx-test-mount-active_config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_unwritable | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-active_config_unwritable | netalertx-test-mount-active_config_unwritable | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-active_config_unwritable | DB before onboarding sensitive or critical networks. netalertx-test-mount-active_config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_unwritable | --> mandatory folders.sh netalertx-test-mount-active_config_unwritable | * Creating Plugins log. netalertx-test-mount-active_config_unwritable | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_unwritable | * Creating System services run log. netalertx-test-mount-active_config_unwritable | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_unwritable | * Creating System services run tmp. netalertx-test-mount-active_config_unwritable | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_unwritable | * Creating DB locked log. netalertx-test-mount-active_config_unwritable | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_unwritable | * Creating Execution queue log. netalertx-test-mount-active_config_unwritable | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-active_config_unwritable | --> apply conf override.sh netalertx-test-mount-active_config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_unwritable | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-active_config_unwritable | netalertx-test-mount-active_config_unwritable | Make sure the JSON content is correct before starting the application. netalertx-test-mount-active_config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_unwritable | --> writable config.sh netalertx-test-mount-active_config_unwritable | --> nginx config.sh netalertx-test-mount-active_config_unwritable | --> expected user id match.sh netalertx-test-mount-active_config_unwritable |  netalertx-test-mount-active_config_unwritable | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-active_config_unwritable | --> host mode network.sh netalertx-test-mount-active_config_unwritable | --> excessive capabilities.sh netalertx-test-mount-active_config_unwritable | --> appliance integrity.sh netalertx-test-mount-active_config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_unwritable | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-active_config_unwritable | netalertx-test-mount-active_config_unwritable | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-active_config_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-active_config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_unwritable | --> ports available.sh netalertx-test-mount-active_config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_unwritable | ⚠️ Port Warning: GraphQL API port 20212 is already in use. netalertx-test-mount-active_config_unwritable | netalertx-test-mount-active_config_unwritable | The GraphQL API (defined by $APP_CONF_OVERRIDE or $GRAPHQL_PORT) netalertx-test-mount-active_config_unwritable | may fail to start. netalertx-test-mount-active_config_unwritable | netalertx-test-mount-active_config_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/port-conflicts.md netalertx-test-mount-active_config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-active_config_unwritable exited with code 0 File: docker-compose.mount-test.api_mounted.yml ---------------------------------------- Expected outcome: Container starts successfully with proper API mount - NETALERTX_API shows as writable and mounted - No configuration warnings for API path - API data persistence works correctly Testing: docker-compose.mount-test.api_mounted.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_api" Creating Volume "mount-tests_test_netalertx_api" Created Volume "mount-tests_netalertx_db" Creating Volume "mount-tests_netalertx_db" Created Volume "mount-tests_netalertx_config" Creating Volume "mount-tests_netalertx_config" Created Container netalertx-test-mount-api_mounted Creating Container netalertx-test-mount-api_mounted Created Attaching to netalertx-test-mount-api_mounted netalertx-test-mount-api_mounted | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-api_mounted | Ownership prepared for PUID=20211. netalertx-test-mount-api_mounted | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-api_mounted | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-api_mounted | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-api_mounted | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-api_mounted | Ownership prepared for PUID=20211. netalertx-test-mount-api_mounted | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-api_mounted | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-api_mounted |  netalertx-test-mount-api_mounted | _ _ _ ___ _ _ __ __ netalertx-test-mount-api_mounted | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-api_mounted | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-api_mounted | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-api_mounted | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-api_mounted | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-api_mounted |  Network intruder and presence detector. netalertx-test-mount-api_mounted | https://netalertx.com netalertx-test-mount-api_mounted | netalertx-test-mount-api_mounted | netalertx-test-mount-api_mounted | Startup pre-checks netalertx-test-mount-api_mounted | --> data migration.sh netalertx-test-mount-api_mounted | --> capabilities audit.sh netalertx-test-mount-api_mounted | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-api_mounted | --> mounts.py netalertx-test-mount-api_mounted | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-api_mounted | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-api_mounted | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-api_mounted | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-api_mounted | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_mounted | /tmp/api | ✅| ✅| ✅ | ❌ | ❌ | ✅ netalertx-test-mount-api_mounted | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_mounted | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_mounted | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_mounted | netalertx-test-mount-api_mounted | netalertx-test-mount-api_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_mounted | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-api_mounted | netalertx-test-mount-api_mounted | * /tmp/run/tmp error writing, error reading netalertx-test-mount-api_mounted | * /tmp/api performance issue netalertx-test-mount-api_mounted | * /tmp/log error writing, error reading netalertx-test-mount-api_mounted | * /tmp/run error writing, error reading netalertx-test-mount-api_mounted | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-api_mounted | netalertx-test-mount-api_mounted | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-api_mounted | configuration can be quite complex. netalertx-test-mount-api_mounted | netalertx-test-mount-api_mounted | Review the documentation for a correct setup: netalertx-test-mount-api_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-api_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-api_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_mounted |  netalertx-test-mount-api_mounted | --> first run config.sh netalertx-test-mount-api_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_mounted | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-api_mounted | netalertx-test-mount-api_mounted | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-api_mounted | this instance in production. netalertx-test-mount-api_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_mounted | --> first run db.sh netalertx-test-mount-api_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_mounted | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-api_mounted | netalertx-test-mount-api_mounted | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-api_mounted | DB before onboarding sensitive or critical networks. netalertx-test-mount-api_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_mounted | --> mandatory folders.sh netalertx-test-mount-api_mounted | * Creating Plugins log. netalertx-test-mount-api_mounted | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-api_mounted | * Creating System services run log. netalertx-test-mount-api_mounted | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-api_mounted | * Creating System services run tmp. netalertx-test-mount-api_mounted | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-api_mounted | * Creating DB locked log. netalertx-test-mount-api_mounted | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-api_mounted | * Creating Execution queue log. netalertx-test-mount-api_mounted | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-api_mounted | --> apply conf override.sh netalertx-test-mount-api_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_mounted | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-api_mounted | netalertx-test-mount-api_mounted | Make sure the JSON content is correct before starting the application. netalertx-test-mount-api_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_mounted | --> writable config.sh netalertx-test-mount-api_mounted | --> nginx config.sh netalertx-test-mount-api_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_mounted | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-api_mounted | netalertx-test-mount-api_mounted | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-api_mounted | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-api_mounted | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-api_mounted | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-api_mounted | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-api_mounted | netalertx-test-mount-api_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-api_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_mounted | --> expected user id match.sh netalertx-test-mount-api_mounted |  netalertx-test-mount-api_mounted | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-api_mounted | --> host mode network.sh netalertx-test-mount-api_mounted | --> excessive capabilities.sh netalertx-test-mount-api_mounted | --> appliance integrity.sh netalertx-test-mount-api_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_mounted | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-api_mounted | netalertx-test-mount-api_mounted | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-api_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-api_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_mounted | --> ports available.sh netalertx-test-mount-api_mounted exited with code 0 File: docker-compose.mount-test.api_no-mount.yml ---------------------------------------- Expected outcome: Container shows mount error for API directory - NETALERTX_API shows as not mounted - Mount error since API directory should be mounted for proper operation - API functionality may be limited Testing: docker-compose.mount-test.api_no-mount.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_netalertx_db" Creating Volume "mount-tests_netalertx_db" Created Volume "mount-tests_netalertx_config" Creating Volume "mount-tests_netalertx_config" Created Container netalertx-test-mount-api_no-mount Creating Container netalertx-test-mount-api_no-mount Created Attaching to netalertx-test-mount-api_no-mount netalertx-test-mount-api_no-mount | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-api_no-mount | Ownership prepared for PUID=20211. netalertx-test-mount-api_no-mount | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-api_no-mount | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-api_no-mount | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-api_no-mount | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-api_no-mount | Ownership prepared for PUID=20211. netalertx-test-mount-api_no-mount | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-api_no-mount | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-api_no-mount |  netalertx-test-mount-api_no-mount | _ _ _ ___ _ _ __ __ netalertx-test-mount-api_no-mount | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-api_no-mount | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-api_no-mount | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-api_no-mount | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-api_no-mount | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-api_no-mount |  Network intruder and presence detector. netalertx-test-mount-api_no-mount | https://netalertx.com netalertx-test-mount-api_no-mount | netalertx-test-mount-api_no-mount | netalertx-test-mount-api_no-mount | Startup pre-checks netalertx-test-mount-api_no-mount | --> data migration.sh netalertx-test-mount-api_no-mount | --> capabilities audit.sh netalertx-test-mount-api_no-mount | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-api_no-mount | --> mounts.py netalertx-test-mount-api_no-mount | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-api_no-mount | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-api_no-mount | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-api_no-mount | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-api_no-mount | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_no-mount | /tmp/api | ✅| ✅| ❌ | ❌ | ❌ | ✅ netalertx-test-mount-api_no-mount | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_no-mount | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_no-mount | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_no-mount | netalertx-test-mount-api_no-mount | netalertx-test-mount-api_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_no-mount | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-api_no-mount | netalertx-test-mount-api_no-mount | * /tmp/run/tmp error writing, error reading netalertx-test-mount-api_no-mount | * /tmp/api not mounted, performance issue netalertx-test-mount-api_no-mount | * /tmp/log error writing, error reading netalertx-test-mount-api_no-mount | * /tmp/run error writing, error reading netalertx-test-mount-api_no-mount | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-api_no-mount | netalertx-test-mount-api_no-mount | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-api_no-mount | configuration can be quite complex. netalertx-test-mount-api_no-mount | netalertx-test-mount-api_no-mount | Review the documentation for a correct setup: netalertx-test-mount-api_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-api_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-api_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_no-mount |  netalertx-test-mount-api_no-mount | --> first run config.sh netalertx-test-mount-api_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_no-mount | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-api_no-mount | netalertx-test-mount-api_no-mount | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-api_no-mount | this instance in production. netalertx-test-mount-api_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_no-mount | --> first run db.sh netalertx-test-mount-api_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_no-mount | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-api_no-mount | netalertx-test-mount-api_no-mount | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-api_no-mount | DB before onboarding sensitive or critical networks. netalertx-test-mount-api_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_no-mount | --> mandatory folders.sh netalertx-test-mount-api_no-mount | * Creating Plugins log. netalertx-test-mount-api_no-mount | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-api_no-mount | * Creating System services run log. netalertx-test-mount-api_no-mount | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-api_no-mount | * Creating System services run tmp. netalertx-test-mount-api_no-mount | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-api_no-mount | * Creating DB locked log. netalertx-test-mount-api_no-mount | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-api_no-mount | * Creating Execution queue log. netalertx-test-mount-api_no-mount | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-api_no-mount | --> apply conf override.sh netalertx-test-mount-api_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_no-mount | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-api_no-mount | netalertx-test-mount-api_no-mount | Make sure the JSON content is correct before starting the application. netalertx-test-mount-api_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_no-mount | --> writable config.sh netalertx-test-mount-api_no-mount | --> nginx config.sh netalertx-test-mount-api_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_no-mount | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-api_no-mount | netalertx-test-mount-api_no-mount | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-api_no-mount | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-api_no-mount | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-api_no-mount | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-api_no-mount | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-api_no-mount | netalertx-test-mount-api_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-api_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_no-mount | --> expected user id match.sh netalertx-test-mount-api_no-mount |  netalertx-test-mount-api_no-mount | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-api_no-mount | --> host mode network.sh netalertx-test-mount-api_no-mount | --> excessive capabilities.sh netalertx-test-mount-api_no-mount | --> appliance integrity.sh netalertx-test-mount-api_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_no-mount | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-api_no-mount | netalertx-test-mount-api_no-mount | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-api_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-api_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_no-mount | --> ports available.sh netalertx-test-mount-api_no-mount exited with code 0 File: docker-compose.mount-test.api_noread.yml ---------------------------------------- Expected outcome: Mounts table shows /tmp/api is mounted and writable but NOT readable (R=❌, W=✅) Note: This is a diagnostic-only container (entrypoint sleeps); the test chmods /tmp/api to mode 0300. Testing: docker-compose.mount-test.api_noread.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-api_noread Creating Container netalertx-test-mount-api_noread Created Attaching to netalertx-test-mount-api_noread netalertx-test-mount-api_noread |  netalertx-test-mount-api_noread | _ _ _ ___ _ _ __ __ netalertx-test-mount-api_noread | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-api_noread | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-api_noread | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-api_noread | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-api_noread | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-api_noread |  Network intruder and presence detector. netalertx-test-mount-api_noread | https://netalertx.com netalertx-test-mount-api_noread | netalertx-test-mount-api_noread | netalertx-test-mount-api_noread | Startup pre-checks netalertx-test-mount-api_noread | --> data migration.sh netalertx-test-mount-api_noread | --> capabilities audit.sh netalertx-test-mount-api_noread | --> mounts.py netalertx-test-mount-api_noread | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-api_noread | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-api_noread | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-api_noread | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-api_noread | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-api_noread | /tmp | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_noread | /tmp/api | ❌| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_noread | /tmp/log | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_noread | /tmp/run | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_noread | /tmp/nginx/active-config | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_noread | netalertx-test-mount-api_noread | netalertx-test-mount-api_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_noread | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-api_noread | netalertx-test-mount-api_noread | * /tmp/api error reading netalertx-test-mount-api_noread | netalertx-test-mount-api_noread | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-api_noread | configuration can be quite complex. netalertx-test-mount-api_noread | netalertx-test-mount-api_noread | Review the documentation for a correct setup: netalertx-test-mount-api_noread | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-api_noread | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-api_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_noread |  netalertx-test-mount-api_noread | --> first run config.sh netalertx-test-mount-api_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_noread | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-api_noread | netalertx-test-mount-api_noread | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-api_noread | this instance in production. netalertx-test-mount-api_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_noread | --> first run db.sh netalertx-test-mount-api_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_noread | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-api_noread | netalertx-test-mount-api_noread | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-api_noread | DB before onboarding sensitive or critical networks. netalertx-test-mount-api_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_noread | --> mandatory folders.sh netalertx-test-mount-api_noread | * Creating NetAlertX log directory. netalertx-test-mount-api_noread | * Creating System services runtime directory. netalertx-test-mount-api_noread | * Creating nginx active configuration directory. netalertx-test-mount-api_noread | * Creating Plugins log. netalertx-test-mount-api_noread | * Creating System services run log. netalertx-test-mount-api_noread | * Creating DB locked log. netalertx-test-mount-api_noread | * Creating Execution queue log. netalertx-test-mount-api_noread | --> apply conf override.sh netalertx-test-mount-api_noread | --> writable config.sh netalertx-test-mount-api_noread | --> nginx config.sh netalertx-test-mount-api_noread | --> expected user id match.sh netalertx-test-mount-api_noread | --> host mode network.sh netalertx-test-mount-api_noread | --> excessive capabilities.sh netalertx-test-mount-api_noread | --> appliance integrity.sh netalertx-test-mount-api_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_noread | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-api_noread | netalertx-test-mount-api_noread | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-api_noread | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-api_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_noread | --> ports available.sh netalertx-test-mount-api_noread | Starting supercronic --quiet "/services/config/cron/crontab" >>"/tmp/log/cron.log" 2>&1 & netalertx-test-mount-api_noread | Starting /usr/sbin/php-fpm83 -y "/services/config/php/php-fpm.conf" -F (tee stderr to app.php_errors.log) netalertx-test-mount-api_noread | Starting python3 -m server > /tmp/log/stdout.log 2> >(tee /tmp/log/stderr.log >&2) netalertx-test-mount-api_noread | Starting /usr/sbin/nginx -p "/tmp/run/" -c "/tmp/nginx/active-config/nginx.conf" -g "error_log stderr; error_log /tmp/log/nginx-error.log; daemon off;" & netalertx-test-mount-api_noread | 2026/01/05 02:21:45 [error] 180#180: *1 FastCGI sent in stderr: "PHP message: PHP Warning: session_start(): open(/tmp/run/tmp/sess_udr0olecett7cp59ckgddqsndb, O_RDWR) failed: No such file or directory (2) in /app/front/php/templates/security.php on line 50; PHP message: PHP Warning: session_start(): Failed to read session data: files (path: /tmp/run/tmp) in /app/front/php/templates/security.php on line 50" while reading response header from upstream, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/run/php.sock:", host: "localhost:20211" netalertx-test-mount-api_noread | Successfully updated IEEE OUI database (112503 entries) Gracefully stopping... (press Ctrl+C again to force) Container netalertx-test-mount-api_noread Stopping Container netalertx-test-mount-api_noread Stopped File: docker-compose.mount-test.api_ramdisk.yml ---------------------------------------- Expected outcome: Container shows performance warning for API on RAM disk - NETALERTX_API shows as mounted on tmpfs (RAM disk) - Performance issue warning since API data should be on persistent storage - API data will be lost on container restart Testing: docker-compose.mount-test.api_ramdisk.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-api_ramdisk Creating Container netalertx-test-mount-api_ramdisk Created Attaching to netalertx-test-mount-api_ramdisk netalertx-test-mount-api_ramdisk | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-api_ramdisk | Ownership prepared for PUID=20211. netalertx-test-mount-api_ramdisk | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-api_ramdisk | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-api_ramdisk | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-api_ramdisk | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-api_ramdisk | Ownership prepared for PUID=20211. netalertx-test-mount-api_ramdisk | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-api_ramdisk | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-api_ramdisk |  netalertx-test-mount-api_ramdisk | _ _ _ ___ _ _ __ __ netalertx-test-mount-api_ramdisk | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-api_ramdisk | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-api_ramdisk | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-api_ramdisk | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-api_ramdisk | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-api_ramdisk |  Network intruder and presence detector. netalertx-test-mount-api_ramdisk | https://netalertx.com netalertx-test-mount-api_ramdisk | netalertx-test-mount-api_ramdisk | netalertx-test-mount-api_ramdisk | Startup pre-checks netalertx-test-mount-api_ramdisk | --> data migration.sh netalertx-test-mount-api_ramdisk | --> capabilities audit.sh netalertx-test-mount-api_ramdisk | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-api_ramdisk | --> mounts.py netalertx-test-mount-api_ramdisk | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-api_ramdisk | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-api_ramdisk | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-api_ramdisk | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-api_ramdisk | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-api_ramdisk | /tmp/run/tmp | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_ramdisk | /tmp/api | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_ramdisk | /tmp/log | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_ramdisk | /tmp/run | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_ramdisk | /tmp/nginx/active-config | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_ramdisk | netalertx-test-mount-api_ramdisk | netalertx-test-mount-api_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_ramdisk | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-api_ramdisk | netalertx-test-mount-api_ramdisk | * /tmp/run/tmp error writing netalertx-test-mount-api_ramdisk | * /tmp/api error writing netalertx-test-mount-api_ramdisk | * /tmp/log error writing netalertx-test-mount-api_ramdisk | * /tmp/run error writing netalertx-test-mount-api_ramdisk | * /tmp/nginx/active-config error writing netalertx-test-mount-api_ramdisk | netalertx-test-mount-api_ramdisk | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-api_ramdisk | configuration can be quite complex. netalertx-test-mount-api_ramdisk | netalertx-test-mount-api_ramdisk | Review the documentation for a correct setup: netalertx-test-mount-api_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-api_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-api_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_ramdisk |  netalertx-test-mount-api_ramdisk | --> first run config.sh netalertx-test-mount-api_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_ramdisk | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-api_ramdisk | netalertx-test-mount-api_ramdisk | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-api_ramdisk | this instance in production. netalertx-test-mount-api_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_ramdisk | --> first run db.sh netalertx-test-mount-api_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_ramdisk | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-api_ramdisk | netalertx-test-mount-api_ramdisk | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-api_ramdisk | DB before onboarding sensitive or critical networks. netalertx-test-mount-api_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_ramdisk | --> mandatory folders.sh netalertx-test-mount-api_ramdisk | * Creating Plugins log. netalertx-test-mount-api_ramdisk | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-api_ramdisk | * Creating System services run log. netalertx-test-mount-api_ramdisk | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-api_ramdisk | * Creating System services run tmp. netalertx-test-mount-api_ramdisk | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-api_ramdisk | * Creating DB locked log. netalertx-test-mount-api_ramdisk | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-api_ramdisk | * Creating Execution queue log. netalertx-test-mount-api_ramdisk | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-api_ramdisk | --> apply conf override.sh netalertx-test-mount-api_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_ramdisk | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-api_ramdisk | netalertx-test-mount-api_ramdisk | Make sure the JSON content is correct before starting the application. netalertx-test-mount-api_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_ramdisk | --> writable config.sh netalertx-test-mount-api_ramdisk | --> nginx config.sh netalertx-test-mount-api_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_ramdisk | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-api_ramdisk | netalertx-test-mount-api_ramdisk | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-api_ramdisk | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-api_ramdisk | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-api_ramdisk | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-api_ramdisk | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-api_ramdisk | netalertx-test-mount-api_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-api_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_ramdisk | --> expected user id match.sh netalertx-test-mount-api_ramdisk |  netalertx-test-mount-api_ramdisk | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-api_ramdisk | --> host mode network.sh netalertx-test-mount-api_ramdisk | --> excessive capabilities.sh netalertx-test-mount-api_ramdisk | --> appliance integrity.sh netalertx-test-mount-api_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_ramdisk | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-api_ramdisk | netalertx-test-mount-api_ramdisk | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-api_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-api_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_ramdisk | --> ports available.sh netalertx-test-mount-api_ramdisk exited with code 0 File: docker-compose.mount-test.api_unwritable.yml ---------------------------------------- Expected outcome: Container fails to start due to unwritable API partition - NETALERTX_API shows as mounted but unwritable (❌ in Writeable column) - API directory must be writable for proper operation - Container startup fails because API functionality cannot work without write access Testing: docker-compose.mount-test.api_unwritable.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_api" Creating Volume "mount-tests_test_netalertx_api" Created Volume "mount-tests_netalertx_db" Creating Volume "mount-tests_netalertx_db" Created Volume "mount-tests_netalertx_config" Creating Volume "mount-tests_netalertx_config" Created Container netalertx-test-mount-api_unwritable Creating Container netalertx-test-mount-api_unwritable Created Attaching to netalertx-test-mount-api_unwritable netalertx-test-mount-api_unwritable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-api_unwritable | Ownership prepared for PUID=20211. netalertx-test-mount-api_unwritable | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-api_unwritable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-api_unwritable | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-api_unwritable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-api_unwritable | Ownership prepared for PUID=20211. netalertx-test-mount-api_unwritable | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-api_unwritable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-api_unwritable |  netalertx-test-mount-api_unwritable | _ _ _ ___ _ _ __ __ netalertx-test-mount-api_unwritable | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-api_unwritable | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-api_unwritable | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-api_unwritable | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-api_unwritable | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-api_unwritable |  Network intruder and presence detector. netalertx-test-mount-api_unwritable | https://netalertx.com netalertx-test-mount-api_unwritable | netalertx-test-mount-api_unwritable | netalertx-test-mount-api_unwritable | Startup pre-checks netalertx-test-mount-api_unwritable | --> data migration.sh netalertx-test-mount-api_unwritable | --> capabilities audit.sh netalertx-test-mount-api_unwritable | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-api_unwritable | --> mounts.py netalertx-test-mount-api_unwritable | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-api_unwritable | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-api_unwritable | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-api_unwritable | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-api_unwritable | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_unwritable | /tmp/api | ✅| ❌| ✅ | ❌ | ❌ | ✅ netalertx-test-mount-api_unwritable | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_unwritable | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_unwritable | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-api_unwritable | netalertx-test-mount-api_unwritable | netalertx-test-mount-api_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_unwritable | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-api_unwritable | netalertx-test-mount-api_unwritable | * /tmp/run/tmp error writing, error reading netalertx-test-mount-api_unwritable | * /tmp/api error writing, performance issue netalertx-test-mount-api_unwritable | * /tmp/log error writing, error reading netalertx-test-mount-api_unwritable | * /tmp/run error writing, error reading netalertx-test-mount-api_unwritable | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-api_unwritable | netalertx-test-mount-api_unwritable | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-api_unwritable | configuration can be quite complex. netalertx-test-mount-api_unwritable | netalertx-test-mount-api_unwritable | Review the documentation for a correct setup: netalertx-test-mount-api_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-api_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-api_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_unwritable |  netalertx-test-mount-api_unwritable | --> first run config.sh netalertx-test-mount-api_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_unwritable | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-api_unwritable | netalertx-test-mount-api_unwritable | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-api_unwritable | this instance in production. netalertx-test-mount-api_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_unwritable | --> first run db.sh netalertx-test-mount-api_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_unwritable | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-api_unwritable | netalertx-test-mount-api_unwritable | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-api_unwritable | DB before onboarding sensitive or critical networks. netalertx-test-mount-api_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_unwritable | --> mandatory folders.sh netalertx-test-mount-api_unwritable | * Creating Plugins log. netalertx-test-mount-api_unwritable | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-api_unwritable | * Creating System services run log. netalertx-test-mount-api_unwritable | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-api_unwritable | * Creating System services run tmp. netalertx-test-mount-api_unwritable | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-api_unwritable | * Creating DB locked log. netalertx-test-mount-api_unwritable | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-api_unwritable | * Creating Execution queue log. netalertx-test-mount-api_unwritable | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-api_unwritable | --> apply conf override.sh netalertx-test-mount-api_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_unwritable | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-api_unwritable | netalertx-test-mount-api_unwritable | Make sure the JSON content is correct before starting the application. netalertx-test-mount-api_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_unwritable | --> writable config.sh netalertx-test-mount-api_unwritable | --> nginx config.sh netalertx-test-mount-api_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_unwritable | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-api_unwritable | netalertx-test-mount-api_unwritable | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-api_unwritable | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-api_unwritable | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-api_unwritable | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-api_unwritable | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-api_unwritable | netalertx-test-mount-api_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-api_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_unwritable | --> expected user id match.sh netalertx-test-mount-api_unwritable |  netalertx-test-mount-api_unwritable | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-api_unwritable | --> host mode network.sh netalertx-test-mount-api_unwritable | --> excessive capabilities.sh netalertx-test-mount-api_unwritable | --> appliance integrity.sh netalertx-test-mount-api_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_unwritable | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-api_unwritable | netalertx-test-mount-api_unwritable | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-api_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-api_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-api_unwritable | --> ports available.sh netalertx-test-mount-api_unwritable exited with code 0 File: docker-compose.mount-test.cap_chown_missing.yml ---------------------------------------- Expected outcome: Priming fails without CAP_CHOWN when caps are fully dropped - Container should exit fatally during priming - Logs must explain CAP_CHOWN requirement and link to troubleshooting docs Testing: docker-compose.mount-test.cap_chown_missing.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-cap_chown_missing Creating Container netalertx-test-mount-cap_chown_missing Created Attaching to netalertx-test-mount-cap_chown_missing netalertx-test-mount-cap_chown_missing | Ownership prepared for PUID=20211. netalertx-test-mount-cap_chown_missing |  netalertx-test-mount-cap_chown_missing | _ _ _ ___ _ _ __ __ netalertx-test-mount-cap_chown_missing | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-cap_chown_missing | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-cap_chown_missing | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-cap_chown_missing | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-cap_chown_missing | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-cap_chown_missing |  Network intruder and presence detector. netalertx-test-mount-cap_chown_missing | https://netalertx.com netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Startup pre-checks netalertx-test-mount-cap_chown_missing | --> data migration.sh netalertx-test-mount-cap_chown_missing | --> capabilities audit.sh netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | 🚨 ALERT: Python execution capabilities (NET_RAW/NET_ADMIN) are missing. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | The Python binary in this image has file capabilities (+eip) that netalertx-test-mount-cap_chown_missing | require these bits in the container's bounding set. Without them, netalertx-test-mount-cap_chown_missing | the binary will fail to execute (Operation not permitted). netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Restart with: --cap-add=NET_RAW --cap-add=NET_ADMIN netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | ⚠️ WARNING: Reduced functionality (NET_BIND_SERVICE missing). netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Tools like nbtscan cannot bind to privileged ports (UDP 137). netalertx-test-mount-cap_chown_missing | This will reduce discovery accuracy for legacy devices. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Consider adding: --cap-add=NET_BIND_SERVICE netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | Security context: Operational capabilities (CHOWN SETGID SETUID) not granted. netalertx-test-mount-cap_chown_missing | See https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/missing-capabilities.md netalertx-test-mount-cap_chown_missing | --> mounts.py netalertx-test-mount-cap_chown_missing | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-cap_chown_missing | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-cap_chown_missing | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-cap_chown_missing | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-cap_chown_missing | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-cap_chown_missing | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-cap_chown_missing | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-cap_chown_missing | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-cap_chown_missing | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-cap_chown_missing | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | * /tmp/run/tmp error writing, error reading netalertx-test-mount-cap_chown_missing | * /tmp/api error writing, error reading netalertx-test-mount-cap_chown_missing | * /tmp/log error writing, error reading netalertx-test-mount-cap_chown_missing | * /tmp/run error writing, error reading netalertx-test-mount-cap_chown_missing | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-cap_chown_missing | configuration can be quite complex. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Review the documentation for a correct setup: netalertx-test-mount-cap_chown_missing | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-cap_chown_missing | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing |  netalertx-test-mount-cap_chown_missing | --> first run config.sh netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-cap_chown_missing | this instance in production. netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | --> first run db.sh netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-cap_chown_missing | DB before onboarding sensitive or critical networks. netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | --> mandatory folders.sh netalertx-test-mount-cap_chown_missing | * Creating NetAlertX log directory. netalertx-test-mount-cap_chown_missing | Warning: Unable to create log directory at /tmp/log (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating NetAlertX API cache. netalertx-test-mount-cap_chown_missing | Warning: Unable to create API cache directory at /tmp/api (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating System services runtime directory. netalertx-test-mount-cap_chown_missing | Warning: Unable to create System services runtime directory at /tmp/run (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating nginx active configuration directory. netalertx-test-mount-cap_chown_missing | Warning: Unable to create nginx active configuration directory at /tmp/nginx/active-config (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating Plugins log. netalertx-test-mount-cap_chown_missing | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating System services run log. netalertx-test-mount-cap_chown_missing | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating System services run tmp. netalertx-test-mount-cap_chown_missing | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating DB locked log. netalertx-test-mount-cap_chown_missing | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating Execution queue log. netalertx-test-mount-cap_chown_missing | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | --> apply conf override.sh netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Make sure the JSON content is correct before starting the application. netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | --> writable config.sh netalertx-test-mount-cap_chown_missing | --> nginx config.sh netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | ⚠️ ATTENTION: Nginx configuration mount /tmp/nginx/active-config is missing. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Custom listen address or port changes require a writable nginx conf.active netalertx-test-mount-cap_chown_missing | directory. Without it, the container falls back to defaults and ignores netalertx-test-mount-cap_chown_missing | your overrides. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Create a bind mount: netalertx-test-mount-cap_chown_missing | --mount type=bind,src=/path/on/host,dst=/tmp/nginx/active-config netalertx-test-mount-cap_chown_missing | and ensure it is owned by the netalertx user (20211:20211) with 700 perms. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | --> expected user id match.sh netalertx-test-mount-cap_chown_missing | --> host mode network.sh netalertx-test-mount-cap_chown_missing | --> excessive capabilities.sh netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | ⚠️ Warning: Excessive capabilities detected (bounding caps: 0x00000000a80435fa). netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Only CHOWN, SETGID, SETUID, NET_ADMIN, NET_BIND_SERVICE, and NET_RAW are netalertx-test-mount-cap_chown_missing | required in this container. Please remove unnecessary capabilities. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/excessive-capabilities.md netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | --> appliance integrity.sh netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-cap_chown_missing | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | --> ports available.sh netalertx-test-mount-cap_chown_missing | /services/scripts/update_vendors.sh: line 28: /tmp/run/tmp/ieee-oui.txt.tmp: Permission denied netalertx-test-mount-cap_chown_missing | mkdir: can't create directory '/tmp/log': Permission denied netalertx-test-mount-cap_chown_missing | mkdir: can't create directory '/tmp/run': Permission denied netalertx-test-mount-cap_chown_missing | mkdir: can't create directory '/tmp/nginx': Permission denied netalertx-test-mount-cap_chown_missing | Starting supercronic --quiet "/services/config/cron/crontab" >>"/tmp/log/cron.log" 2>&1 & netalertx-test-mount-cap_chown_missing | Starting /usr/sbin/php-fpm83 -y "/services/config/php/php-fpm.conf" -F (tee stderr to app.php_errors.log) netalertx-test-mount-cap_chown_missing | /services/start-cron.sh: line 37: /tmp/log/cron.log: Permission denied netalertx-test-mount-cap_chown_missing | Supercronic stopped! (exit 1) netalertx-test-mount-cap_chown_missing | tee: /tmp/log/app.php_errors.log: Permission denied netalertx-test-mount-cap_chown_missing | Service nginx exited with status 1. netalertx-test-mount-cap_chown_missing | Starting python3 -m server > /tmp/log/stdout.log 2> >(tee /tmp/log/stderr.log >&2) netalertx-test-mount-cap_chown_missing | /services/start-backend.sh: line 16: /tmp/log/stdout.log: Permission denied netalertx-test-mount-cap_chown_missing | php-fpm stopped! (exit 143) netalertx-test-mount-cap_chown_missing | All services stopped. netalertx-test-mount-cap_chown_missing | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-cap_chown_missing | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-cap_chown_missing | Ownership prepared for PUID=20211. netalertx-test-mount-cap_chown_missing |  netalertx-test-mount-cap_chown_missing | _ _ _ ___ _ _ __ __ netalertx-test-mount-cap_chown_missing | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-cap_chown_missing | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-cap_chown_missing | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-cap_chown_missing | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-cap_chown_missing | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-cap_chown_missing |  Network intruder and presence detector. netalertx-test-mount-cap_chown_missing | https://netalertx.com netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Startup pre-checks netalertx-test-mount-cap_chown_missing | --> data migration.sh netalertx-test-mount-cap_chown_missing | --> capabilities audit.sh netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | 🚨 ALERT: Python execution capabilities (NET_RAW/NET_ADMIN) are missing. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | The Python binary in this image has file capabilities (+eip) that netalertx-test-mount-cap_chown_missing | require these bits in the container's bounding set. Without them, netalertx-test-mount-cap_chown_missing | the binary will fail to execute (Operation not permitted). netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Restart with: --cap-add=NET_RAW --cap-add=NET_ADMIN netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | ⚠️ WARNING: Reduced functionality (NET_BIND_SERVICE missing). netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Tools like nbtscan cannot bind to privileged ports (UDP 137). netalertx-test-mount-cap_chown_missing | This will reduce discovery accuracy for legacy devices. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Consider adding: --cap-add=NET_BIND_SERVICE netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | Security context: Operational capabilities (CHOWN SETGID SETUID) not granted. netalertx-test-mount-cap_chown_missing | See https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/missing-capabilities.md netalertx-test-mount-cap_chown_missing | --> mounts.py netalertx-test-mount-cap_chown_missing | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-cap_chown_missing | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-cap_chown_missing | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-cap_chown_missing | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-cap_chown_missing | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-cap_chown_missing | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-cap_chown_missing | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-cap_chown_missing | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-cap_chown_missing | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-cap_chown_missing | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | * /tmp/run/tmp error writing, error reading netalertx-test-mount-cap_chown_missing | * /tmp/api error writing, error reading netalertx-test-mount-cap_chown_missing | * /tmp/log error writing, error reading netalertx-test-mount-cap_chown_missing | * /tmp/run error writing, error reading netalertx-test-mount-cap_chown_missing | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-cap_chown_missing | configuration can be quite complex. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Review the documentation for a correct setup: netalertx-test-mount-cap_chown_missing | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-cap_chown_missing | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing |  netalertx-test-mount-cap_chown_missing | --> first run config.sh netalertx-test-mount-cap_chown_missing | --> first run db.sh netalertx-test-mount-cap_chown_missing | INFO: ALWAYS_FRESH_INSTALL enabled — removing existing database. netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-cap_chown_missing | DB before onboarding sensitive or critical networks. netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | --> mandatory folders.sh netalertx-test-mount-cap_chown_missing | * Creating NetAlertX log directory. netalertx-test-mount-cap_chown_missing | Warning: Unable to create log directory at /tmp/log (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating NetAlertX API cache. netalertx-test-mount-cap_chown_missing | Warning: Unable to create API cache directory at /tmp/api (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating System services runtime directory. netalertx-test-mount-cap_chown_missing | Warning: Unable to create System services runtime directory at /tmp/run (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating nginx active configuration directory. netalertx-test-mount-cap_chown_missing | Warning: Unable to create nginx active configuration directory at /tmp/nginx/active-config (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating Plugins log. netalertx-test-mount-cap_chown_missing | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating System services run log. netalertx-test-mount-cap_chown_missing | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating System services run tmp. netalertx-test-mount-cap_chown_missing | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating DB locked log. netalertx-test-mount-cap_chown_missing | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | * Creating Execution queue log. netalertx-test-mount-cap_chown_missing | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-cap_chown_missing | --> apply conf override.sh netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Make sure the JSON content is correct before starting the application. netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | --> writable config.sh netalertx-test-mount-cap_chown_missing | --> nginx config.sh netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | ⚠️ ATTENTION: Nginx configuration mount /tmp/nginx/active-config is missing. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Custom listen address or port changes require a writable nginx conf.active netalertx-test-mount-cap_chown_missing | directory. Without it, the container falls back to defaults and ignores netalertx-test-mount-cap_chown_missing | your overrides. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Create a bind mount: netalertx-test-mount-cap_chown_missing | --mount type=bind,src=/path/on/host,dst=/tmp/nginx/active-config netalertx-test-mount-cap_chown_missing | and ensure it is owned by the netalertx user (20211:20211) with 700 perms. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | --> expected user id match.sh netalertx-test-mount-cap_chown_missing | --> host mode network.sh netalertx-test-mount-cap_chown_missing | --> excessive capabilities.sh netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | ⚠️ Warning: Excessive capabilities detected (bounding caps: 0x00000000a80435fa). netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Only CHOWN, SETGID, SETUID, NET_ADMIN, NET_BIND_SERVICE, and NET_RAW are netalertx-test-mount-cap_chown_missing | required in this container. Please remove unnecessary capabilities. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/excessive-capabilities.md netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | --> appliance integrity.sh netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-cap_chown_missing | netalertx-test-mount-cap_chown_missing | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-cap_chown_missing | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-cap_chown_missing | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-cap_chown_missing | --> ports available.sh netalertx-test-mount-cap_chown_missing |  netalertx-test-mount-cap_chown_missing exited with code 0 File: docker-compose.mount-test.config_mounted.yml ---------------------------------------- Expected outcome: Container starts successfully with proper config mount - NETALERTX_CONFIG shows as writable and mounted - No configuration warnings for config path - Configuration persistence works correctly Testing: docker-compose.mount-test.config_mounted.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-config_mounted Creating Container netalertx-test-mount-config_mounted Created Attaching to netalertx-test-mount-config_mounted netalertx-test-mount-config_mounted | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-config_mounted | Ownership prepared for PUID=20211. netalertx-test-mount-config_mounted | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-config_mounted | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-config_mounted | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-config_mounted | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-config_mounted | Ownership prepared for PUID=20211. netalertx-test-mount-config_mounted | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-config_mounted | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-config_mounted |  netalertx-test-mount-config_mounted | _ _ _ ___ _ _ __ __ netalertx-test-mount-config_mounted | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-config_mounted | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-config_mounted | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-config_mounted | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-config_mounted | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-config_mounted |  Network intruder and presence detector. netalertx-test-mount-config_mounted | https://netalertx.com netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | Startup pre-checks netalertx-test-mount-config_mounted | --> data migration.sh netalertx-test-mount-config_mounted | --> capabilities audit.sh netalertx-test-mount-config_mounted | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-config_mounted | --> mounts.py netalertx-test-mount-config_mounted | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-config_mounted | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-config_mounted | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-config_mounted | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-config_mounted | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-config_mounted | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_mounted | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_mounted | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_mounted | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_mounted | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_mounted | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | * /tmp/run/tmp error writing, error reading netalertx-test-mount-config_mounted | * /tmp/api error writing, error reading netalertx-test-mount-config_mounted | * /tmp/log error writing, error reading netalertx-test-mount-config_mounted | * /tmp/run error writing, error reading netalertx-test-mount-config_mounted | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-config_mounted | configuration can be quite complex. netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | Review the documentation for a correct setup: netalertx-test-mount-config_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-config_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_mounted |  netalertx-test-mount-config_mounted | --> first run config.sh netalertx-test-mount-config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_mounted | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-config_mounted | this instance in production. netalertx-test-mount-config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_mounted | --> first run db.sh netalertx-test-mount-config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_mounted | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-config_mounted | DB before onboarding sensitive or critical networks. netalertx-test-mount-config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_mounted | --> mandatory folders.sh netalertx-test-mount-config_mounted | * Creating NetAlertX log directory. netalertx-test-mount-config_mounted | Warning: Unable to create log directory at /tmp/log (tmpfs not writable with current capabilities). netalertx-test-mount-config_mounted | * Creating NetAlertX API cache. netalertx-test-mount-config_mounted | Warning: Unable to create API cache directory at /tmp/api (tmpfs not writable with current capabilities). netalertx-test-mount-config_mounted | * Creating System services runtime directory. netalertx-test-mount-config_mounted | Warning: Unable to create System services runtime directory at /tmp/run (tmpfs not writable with current capabilities). netalertx-test-mount-config_mounted | * Creating nginx active configuration directory. netalertx-test-mount-config_mounted | Warning: Unable to create nginx active configuration directory at /tmp/nginx/active-config (tmpfs not writable with current capabilities). netalertx-test-mount-config_mounted | * Creating Plugins log. netalertx-test-mount-config_mounted | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-config_mounted | * Creating System services run log. netalertx-test-mount-config_mounted | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-config_mounted | * Creating System services run tmp. netalertx-test-mount-config_mounted | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-config_mounted | * Creating DB locked log. netalertx-test-mount-config_mounted | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-config_mounted | * Creating Execution queue log. netalertx-test-mount-config_mounted | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-config_mounted | --> apply conf override.sh netalertx-test-mount-config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_mounted | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | Make sure the JSON content is correct before starting the application. netalertx-test-mount-config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_mounted | --> writable config.sh netalertx-test-mount-config_mounted | --> nginx config.sh netalertx-test-mount-config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_mounted | ⚠️ ATTENTION: Nginx configuration mount /tmp/nginx/active-config is missing. netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | Custom listen address or port changes require a writable nginx conf.active netalertx-test-mount-config_mounted | directory. Without it, the container falls back to defaults and ignores netalertx-test-mount-config_mounted | your overrides. netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | Create a bind mount: netalertx-test-mount-config_mounted | --mount type=bind,src=/path/on/host,dst=/tmp/nginx/active-config netalertx-test-mount-config_mounted | and ensure it is owned by the netalertx user (20211:20211) with 700 perms. netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_mounted | --> expected user id match.sh netalertx-test-mount-config_mounted |  netalertx-test-mount-config_mounted | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-config_mounted | --> host mode network.sh netalertx-test-mount-config_mounted | --> excessive capabilities.sh netalertx-test-mount-config_mounted | --> appliance integrity.sh netalertx-test-mount-config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_mounted | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-config_mounted | netalertx-test-mount-config_mounted | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-config_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-config_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_mounted | --> ports available.sh netalertx-test-mount-config_mounted exited with code 0 File: docker-compose.mount-test.config_no-mount.yml ---------------------------------------- Expected outcome: Container shows mount error for config directory - NETALERTX_CONFIG shows as not mounted - Mount error since config directory should be mounted for proper operation - Configuration may not persist across restarts Testing: docker-compose.mount-test.config_no-mount.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_netalertx_db" Creating Volume "mount-tests_netalertx_db" Created Container netalertx-test-mount-config_no-mount Creating Container netalertx-test-mount-config_no-mount Created Attaching to netalertx-test-mount-config_no-mount netalertx-test-mount-config_no-mount | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-config_no-mount | Ownership prepared for PUID=20211. netalertx-test-mount-config_no-mount | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-config_no-mount | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-config_no-mount | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-config_no-mount | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-config_no-mount | Ownership prepared for PUID=20211. netalertx-test-mount-config_no-mount | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-config_no-mount | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-config_no-mount |  netalertx-test-mount-config_no-mount | _ _ _ ___ _ _ __ __ netalertx-test-mount-config_no-mount | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-config_no-mount | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-config_no-mount | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-config_no-mount | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-config_no-mount | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-config_no-mount |  Network intruder and presence detector. netalertx-test-mount-config_no-mount | https://netalertx.com netalertx-test-mount-config_no-mount | netalertx-test-mount-config_no-mount | netalertx-test-mount-config_no-mount | Startup pre-checks netalertx-test-mount-config_no-mount | --> data migration.sh netalertx-test-mount-config_no-mount | --> capabilities audit.sh netalertx-test-mount-config_no-mount | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-config_no-mount | --> mounts.py netalertx-test-mount-config_no-mount | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-config_no-mount | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-config_no-mount | /data | ✅| ✅| ❌ | ➖ | ➖ | ❌ netalertx-test-mount-config_no-mount | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-config_no-mount | /data/config | ✅| ✅| ❌ | ➖ | ➖ | ❌ netalertx-test-mount-config_no-mount | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_no-mount | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_no-mount | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_no-mount | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_no-mount | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_no-mount | netalertx-test-mount-config_no-mount | netalertx-test-mount-config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_no-mount | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-config_no-mount | netalertx-test-mount-config_no-mount | * /data not mounted, risk of dataloss netalertx-test-mount-config_no-mount | * /data/config not mounted, risk of dataloss netalertx-test-mount-config_no-mount | * /tmp/run/tmp error writing, error reading netalertx-test-mount-config_no-mount | * /tmp/api error writing, error reading netalertx-test-mount-config_no-mount | * /tmp/log error writing, error reading netalertx-test-mount-config_no-mount | * /tmp/run error writing, error reading netalertx-test-mount-config_no-mount | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-config_no-mount | netalertx-test-mount-config_no-mount | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-config_no-mount | configuration can be quite complex. netalertx-test-mount-config_no-mount | netalertx-test-mount-config_no-mount | Review the documentation for a correct setup: netalertx-test-mount-config_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-config_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_no-mount |  netalertx-test-mount-config_no-mount | --> first run config.sh netalertx-test-mount-config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_no-mount | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-config_no-mount | netalertx-test-mount-config_no-mount | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-config_no-mount | this instance in production. netalertx-test-mount-config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_no-mount | --> first run db.sh netalertx-test-mount-config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_no-mount | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-config_no-mount | netalertx-test-mount-config_no-mount | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-config_no-mount | DB before onboarding sensitive or critical networks. netalertx-test-mount-config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_no-mount | --> mandatory folders.sh netalertx-test-mount-config_no-mount | * Creating Plugins log. netalertx-test-mount-config_no-mount | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-config_no-mount | * Creating System services run log. netalertx-test-mount-config_no-mount | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-config_no-mount | * Creating System services run tmp. netalertx-test-mount-config_no-mount | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-config_no-mount | * Creating DB locked log. netalertx-test-mount-config_no-mount | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-config_no-mount | * Creating Execution queue log. netalertx-test-mount-config_no-mount | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-config_no-mount | --> apply conf override.sh netalertx-test-mount-config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_no-mount | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-config_no-mount | netalertx-test-mount-config_no-mount | Make sure the JSON content is correct before starting the application. netalertx-test-mount-config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_no-mount | --> writable config.sh netalertx-test-mount-config_no-mount | --> nginx config.sh netalertx-test-mount-config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_no-mount | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-config_no-mount | netalertx-test-mount-config_no-mount | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-config_no-mount | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-config_no-mount | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-config_no-mount | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-config_no-mount | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-config_no-mount | netalertx-test-mount-config_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_no-mount | --> expected user id match.sh netalertx-test-mount-config_no-mount |  netalertx-test-mount-config_no-mount | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-config_no-mount | --> host mode network.sh netalertx-test-mount-config_no-mount | --> excessive capabilities.sh netalertx-test-mount-config_no-mount | --> appliance integrity.sh netalertx-test-mount-config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_no-mount | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-config_no-mount | netalertx-test-mount-config_no-mount | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-config_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-config_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_no-mount | --> ports available.sh netalertx-test-mount-config_no-mount exited with code 0 File: docker-compose.mount-test.config_ramdisk.yml ---------------------------------------- Expected outcome: Container shows dataloss risk warning for config on RAM disk - NETALERTX_CONFIG shows as mounted on tmpfs (RAM disk) - Dataloss risk warning since config data should be persistent - Configuration will be lost on container restart Testing: docker-compose.mount-test.config_ramdisk.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_netalertx_db" Creating Volume "mount-tests_netalertx_db" Created Container netalertx-test-mount-config_ramdisk Creating Container netalertx-test-mount-config_ramdisk Created Attaching to netalertx-test-mount-config_ramdisk netalertx-test-mount-config_ramdisk | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-config_ramdisk | Ownership prepared for PUID=20211. netalertx-test-mount-config_ramdisk | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-config_ramdisk | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-config_ramdisk | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-config_ramdisk | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-config_ramdisk | Ownership prepared for PUID=20211. netalertx-test-mount-config_ramdisk | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-config_ramdisk | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-config_ramdisk |  netalertx-test-mount-config_ramdisk | _ _ _ ___ _ _ __ __ netalertx-test-mount-config_ramdisk | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-config_ramdisk | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-config_ramdisk | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-config_ramdisk | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-config_ramdisk | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-config_ramdisk |  Network intruder and presence detector. netalertx-test-mount-config_ramdisk | https://netalertx.com netalertx-test-mount-config_ramdisk | netalertx-test-mount-config_ramdisk | netalertx-test-mount-config_ramdisk | Startup pre-checks netalertx-test-mount-config_ramdisk | --> data migration.sh netalertx-test-mount-config_ramdisk | --> capabilities audit.sh netalertx-test-mount-config_ramdisk | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-config_ramdisk | --> mounts.py netalertx-test-mount-config_ramdisk | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-config_ramdisk | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-config_ramdisk | /data | ✅| ✅| ❌ | ➖ | ➖ | ❌ netalertx-test-mount-config_ramdisk | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-config_ramdisk | /data/config | ❌| ❌| ✅ | ❌ | ➖ | ❌ netalertx-test-mount-config_ramdisk | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_ramdisk | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_ramdisk | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_ramdisk | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_ramdisk | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_ramdisk | netalertx-test-mount-config_ramdisk | netalertx-test-mount-config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-config_ramdisk | netalertx-test-mount-config_ramdisk | * /data not mounted, risk of dataloss netalertx-test-mount-config_ramdisk | * /data/config error writing, error reading, risk of dataloss netalertx-test-mount-config_ramdisk | * /tmp/run/tmp error writing, error reading netalertx-test-mount-config_ramdisk | * /tmp/api error writing, error reading netalertx-test-mount-config_ramdisk | * /tmp/log error writing, error reading netalertx-test-mount-config_ramdisk | * /tmp/run error writing, error reading netalertx-test-mount-config_ramdisk | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-config_ramdisk | netalertx-test-mount-config_ramdisk | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-config_ramdisk | configuration can be quite complex. netalertx-test-mount-config_ramdisk | netalertx-test-mount-config_ramdisk | Review the documentation for a correct setup: netalertx-test-mount-config_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-config_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk |  netalertx-test-mount-config_ramdisk | \033[1;31m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk | ❌ NetAlertX startup aborted: critical failure in mounts.py. netalertx-test-mount-config_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/troubleshooting.md netalertx-test-mount-config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk | --> first run config.sh netalertx-test-mount-config_ramdisk | \033[0minstall: can't stat '/data/config/app.conf': Permission denied netalertx-test-mount-config_ramdisk | ERROR: Failed to deploy default config to /data/config/app.conf netalertx-test-mount-config_ramdisk | first run config.sh: FAILED with 2 netalertx-test-mount-config_ramdisk | Failure detected in: /entrypoint.d/20-first-run-config.sh netalertx-test-mount-config_ramdisk | --> first run db.sh netalertx-test-mount-config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-config_ramdisk | netalertx-test-mount-config_ramdisk | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-config_ramdisk | DB before onboarding sensitive or critical networks. netalertx-test-mount-config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk | --> mandatory folders.sh netalertx-test-mount-config_ramdisk | * Creating Plugins log. netalertx-test-mount-config_ramdisk | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-config_ramdisk | * Creating System services run log. netalertx-test-mount-config_ramdisk | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-config_ramdisk | * Creating System services run tmp. netalertx-test-mount-config_ramdisk | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-config_ramdisk | * Creating DB locked log. netalertx-test-mount-config_ramdisk | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-config_ramdisk | * Creating Execution queue log. netalertx-test-mount-config_ramdisk | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-config_ramdisk | --> apply conf override.sh netalertx-test-mount-config_ramdisk | rm: can't stat '/data/config/app_conf_override.json': Permission denied netalertx-test-mount-config_ramdisk | /entrypoint.d/35-apply-conf-override.sh: line 18: can't create /data/config/app_conf_override.json: Permission denied netalertx-test-mount-config_ramdisk | ERROR: Failed to write override config to /data/config/app_conf_override.json netalertx-test-mount-config_ramdisk | apply conf override.sh: FAILED with 2 netalertx-test-mount-config_ramdisk | Failure detected in: /entrypoint.d/35-apply-conf-override.sh netalertx-test-mount-config_ramdisk | --> writable config.sh netalertx-test-mount-config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk | ❌ CRITICAL: Path does not exist. netalertx-test-mount-config_ramdisk | netalertx-test-mount-config_ramdisk | The required path "/data/config/app.conf" could not be found. The application netalertx-test-mount-config_ramdisk | cannot start without its complete directory structure. netalertx-test-mount-config_ramdisk | netalertx-test-mount-config_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/file-permissions.md netalertx-test-mount-config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk | \033[1;31m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk | ❌ NetAlertX startup aborted: critical failure in writable config.sh. netalertx-test-mount-config_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/troubleshooting.md netalertx-test-mount-config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk | --> nginx config.sh netalertx-test-mount-config_ramdisk | \033[0m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-config_ramdisk | netalertx-test-mount-config_ramdisk | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-config_ramdisk | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-config_ramdisk | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-config_ramdisk | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-config_ramdisk | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-config_ramdisk | netalertx-test-mount-config_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk | --> expected user id match.sh netalertx-test-mount-config_ramdisk |  netalertx-test-mount-config_ramdisk | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-config_ramdisk | --> host mode network.sh netalertx-test-mount-config_ramdisk | --> excessive capabilities.sh netalertx-test-mount-config_ramdisk | --> appliance integrity.sh netalertx-test-mount-config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-config_ramdisk | netalertx-test-mount-config_ramdisk | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-config_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-config_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_ramdisk | --> ports available.sh netalertx-test-mount-config_ramdisk | Container startup checks failed with exit code 1. netalertx-test-mount-config_ramdisk exited with code 1 File: docker-compose.mount-test.config_unwritable.yml ---------------------------------------- Expected outcome: Container fails to start due to unwritable config partition - NETALERTX_CONFIG shows as mounted but unwritable (❌ in Writeable column) - 30-writable-config.sh detects permission error and exits with code 1 - Container startup fails because config files cannot be written to Testing: docker-compose.mount-test.config_unwritable.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_netalertx_db" Creating Volume "mount-tests_netalertx_db" Created Volume "mount-tests_test_netalertx_config" Creating Volume "mount-tests_test_netalertx_config" Created Container netalertx-test-mount-config_unwritable Creating Container netalertx-test-mount-config_unwritable Created Attaching to netalertx-test-mount-config_unwritable netalertx-test-mount-config_unwritable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-config_unwritable | Ownership prepared for PUID=20211. netalertx-test-mount-config_unwritable | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-config_unwritable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-config_unwritable | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-config_unwritable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-config_unwritable | Ownership prepared for PUID=20211. netalertx-test-mount-config_unwritable | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-config_unwritable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-config_unwritable |  netalertx-test-mount-config_unwritable | _ _ _ ___ _ _ __ __ netalertx-test-mount-config_unwritable | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-config_unwritable | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-config_unwritable | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-config_unwritable | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-config_unwritable | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-config_unwritable |  Network intruder and presence detector. netalertx-test-mount-config_unwritable | https://netalertx.com netalertx-test-mount-config_unwritable | netalertx-test-mount-config_unwritable | netalertx-test-mount-config_unwritable | Startup pre-checks netalertx-test-mount-config_unwritable | --> data migration.sh netalertx-test-mount-config_unwritable | --> capabilities audit.sh netalertx-test-mount-config_unwritable | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-config_unwritable | --> mounts.py netalertx-test-mount-config_unwritable | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-config_unwritable | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-config_unwritable | /data | ✅| ✅| ❌ | ➖ | ➖ | ❌ netalertx-test-mount-config_unwritable | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-config_unwritable | /data/config | ✅| ❌| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-config_unwritable | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_unwritable | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_unwritable | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_unwritable | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_unwritable | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-config_unwritable | netalertx-test-mount-config_unwritable | netalertx-test-mount-config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-config_unwritable | netalertx-test-mount-config_unwritable | * /data not mounted, risk of dataloss netalertx-test-mount-config_unwritable | * /data/config error writing netalertx-test-mount-config_unwritable | * /tmp/run/tmp error writing, error reading netalertx-test-mount-config_unwritable | * /tmp/api error writing, error reading netalertx-test-mount-config_unwritable | * /tmp/log error writing, error reading netalertx-test-mount-config_unwritable | * /tmp/run error writing, error reading netalertx-test-mount-config_unwritable | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-config_unwritable | netalertx-test-mount-config_unwritable | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-config_unwritable | configuration can be quite complex. netalertx-test-mount-config_unwritable | netalertx-test-mount-config_unwritable | Review the documentation for a correct setup: netalertx-test-mount-config_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-config_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable |  netalertx-test-mount-config_unwritable | \033[1;31m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable | ❌ NetAlertX startup aborted: critical failure in mounts.py. netalertx-test-mount-config_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/troubleshooting.md netalertx-test-mount-config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable | --> first run config.sh netalertx-test-mount-config_unwritable | \033[0minstall: can't create '/data/config/app.conf': Read-only file system netalertx-test-mount-config_unwritable | ERROR: Failed to deploy default config to /data/config/app.conf netalertx-test-mount-config_unwritable | first run config.sh: FAILED with 2 netalertx-test-mount-config_unwritable | Failure detected in: /entrypoint.d/20-first-run-config.sh netalertx-test-mount-config_unwritable | --> first run db.sh netalertx-test-mount-config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-config_unwritable | netalertx-test-mount-config_unwritable | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-config_unwritable | DB before onboarding sensitive or critical networks. netalertx-test-mount-config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable | --> mandatory folders.sh netalertx-test-mount-config_unwritable | * Creating Plugins log. netalertx-test-mount-config_unwritable | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-config_unwritable | * Creating System services run log. netalertx-test-mount-config_unwritable | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-config_unwritable | * Creating System services run tmp. netalertx-test-mount-config_unwritable | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-config_unwritable | * Creating DB locked log. netalertx-test-mount-config_unwritable | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-config_unwritable | * Creating Execution queue log. netalertx-test-mount-config_unwritable | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-config_unwritable | --> apply conf override.sh netalertx-test-mount-config_unwritable | /entrypoint.d/35-apply-conf-override.sh: line 18: can't create /data/config/app_conf_override.json: Read-only file system netalertx-test-mount-config_unwritable | ERROR: Failed to write override config to /data/config/app_conf_override.json netalertx-test-mount-config_unwritable | apply conf override.sh: FAILED with 2 netalertx-test-mount-config_unwritable | Failure detected in: /entrypoint.d/35-apply-conf-override.sh netalertx-test-mount-config_unwritable | --> writable config.sh netalertx-test-mount-config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable | ❌ CRITICAL: Path does not exist. netalertx-test-mount-config_unwritable | netalertx-test-mount-config_unwritable | The required path "/data/config/app.conf" could not be found. The application netalertx-test-mount-config_unwritable | cannot start without its complete directory structure. netalertx-test-mount-config_unwritable | netalertx-test-mount-config_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/file-permissions.md netalertx-test-mount-config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable | \033[1;31m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable | ❌ NetAlertX startup aborted: critical failure in writable config.sh. netalertx-test-mount-config_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/troubleshooting.md netalertx-test-mount-config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable | --> nginx config.sh netalertx-test-mount-config_unwritable | \033[0m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-config_unwritable | netalertx-test-mount-config_unwritable | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-config_unwritable | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-config_unwritable | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-config_unwritable | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-config_unwritable | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-config_unwritable | netalertx-test-mount-config_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable | --> expected user id match.sh netalertx-test-mount-config_unwritable |  netalertx-test-mount-config_unwritable | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-config_unwritable | --> host mode network.sh netalertx-test-mount-config_unwritable | --> excessive capabilities.sh netalertx-test-mount-config_unwritable | --> appliance integrity.sh netalertx-test-mount-config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-config_unwritable | netalertx-test-mount-config_unwritable | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-config_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-config_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-config_unwritable | --> ports available.sh netalertx-test-mount-config_unwritable | Container startup checks failed with exit code 1. netalertx-test-mount-config_unwritable exited with code 1 File: docker-compose.mount-test.data_noread.yml ---------------------------------------- Expected outcome: Mounts table shows /data is mounted and writable but NOT readable (R=❌, W=✅) Note: This is a diagnostic-only container (entrypoint sleeps); the test chmods/chowns /data to mode 0300. Testing: docker-compose.mount-test.data_noread.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-data_noread Creating Container netalertx-test-mount-data_noread Created Attaching to netalertx-test-mount-data_noread netalertx-test-mount-data_noread |  netalertx-test-mount-data_noread | _ _ _ ___ _ _ __ __ netalertx-test-mount-data_noread | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-data_noread | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-data_noread | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-data_noread | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-data_noread | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-data_noread |  Network intruder and presence detector. netalertx-test-mount-data_noread | https://netalertx.com netalertx-test-mount-data_noread | netalertx-test-mount-data_noread | netalertx-test-mount-data_noread | Startup pre-checks netalertx-test-mount-data_noread | --> data migration.sh netalertx-test-mount-data_noread | --> capabilities audit.sh netalertx-test-mount-data_noread | --> mounts.py netalertx-test-mount-data_noread | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-data_noread | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-data_noread | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-data_noread | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-data_noread | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-data_noread | /tmp | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-data_noread | /tmp/api | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-data_noread | /tmp/log | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-data_noread | /tmp/run | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-data_noread | /tmp/nginx/active-config | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-data_noread | --> first run config.sh netalertx-test-mount-data_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-data_noread | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-data_noread | netalertx-test-mount-data_noread | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-data_noread | this instance in production. netalertx-test-mount-data_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-data_noread | --> first run db.sh netalertx-test-mount-data_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-data_noread | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-data_noread | netalertx-test-mount-data_noread | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-data_noread | DB before onboarding sensitive or critical networks. netalertx-test-mount-data_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-data_noread | --> mandatory folders.sh netalertx-test-mount-data_noread | * Creating NetAlertX log directory. netalertx-test-mount-data_noread | * Creating NetAlertX API cache. netalertx-test-mount-data_noread | * Creating System services runtime directory. netalertx-test-mount-data_noread | * Creating nginx active configuration directory. netalertx-test-mount-data_noread | * Creating Plugins log. netalertx-test-mount-data_noread | * Creating System services run log. netalertx-test-mount-data_noread | * Creating DB locked log. netalertx-test-mount-data_noread | * Creating Execution queue log. netalertx-test-mount-data_noread | --> apply conf override.sh netalertx-test-mount-data_noread | --> writable config.sh netalertx-test-mount-data_noread | --> nginx config.sh netalertx-test-mount-data_noread | --> expected user id match.sh netalertx-test-mount-data_noread | --> host mode network.sh netalertx-test-mount-data_noread | --> excessive capabilities.sh netalertx-test-mount-data_noread | --> appliance integrity.sh netalertx-test-mount-data_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-data_noread | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-data_noread | netalertx-test-mount-data_noread | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-data_noread | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-data_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-data_noread | --> ports available.sh netalertx-test-mount-data_noread | Starting /usr/sbin/php-fpm83 -y "/services/config/php/php-fpm.conf" -F (tee stderr to app.php_errors.log) netalertx-test-mount-data_noread | Starting supercronic --quiet "/services/config/cron/crontab" >>"/tmp/log/cron.log" 2>&1 & netalertx-test-mount-data_noread | Starting python3 -m server > /tmp/log/stdout.log 2> >(tee /tmp/log/stderr.log >&2) netalertx-test-mount-data_noread | Starting /usr/sbin/nginx -p "/tmp/run/" -c "/tmp/nginx/active-config/nginx.conf" -g "error_log stderr; error_log /tmp/log/nginx-error.log; daemon off;" & netalertx-test-mount-data_noread | 2026/01/05 02:22:26 [error] 190#190: *1 FastCGI sent in stderr: "PHP message: PHP Warning: session_start(): open(/tmp/run/tmp/sess_ufehnqbor2g6aevc5kn0eb9f2k, O_RDWR) failed: No such file or directory (2) in /app/front/php/templates/security.php on line 50; PHP message: PHP Warning: session_start(): Failed to read session data: files (path: /tmp/run/tmp) in /app/front/php/templates/security.php on line 50" while reading response header from upstream, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/run/php.sock:", host: "localhost:20211" netalertx-test-mount-data_noread | Successfully updated IEEE OUI database (112503 entries) Gracefully stopping... (press Ctrl+C again to force) Container netalertx-test-mount-data_noread Stopping Container netalertx-test-mount-data_noread Stopped File: docker-compose.mount-test.db_mounted.yml ---------------------------------------- Expected outcome: Container starts successfully with proper database mount - NETALERTX_DB shows as writable and mounted - No configuration warnings for database path - Database persistence works correctly Testing: docker-compose.mount-test.db_mounted.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-db_mounted Creating Container netalertx-test-mount-db_mounted Created Attaching to netalertx-test-mount-db_mounted netalertx-test-mount-db_mounted | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-db_mounted | Ownership prepared for PUID=20211. netalertx-test-mount-db_mounted | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-db_mounted | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-db_mounted | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-db_mounted | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-db_mounted | Ownership prepared for PUID=20211. netalertx-test-mount-db_mounted | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-db_mounted | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-db_mounted |  netalertx-test-mount-db_mounted | _ _ _ ___ _ _ __ __ netalertx-test-mount-db_mounted | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-db_mounted | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-db_mounted | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-db_mounted | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-db_mounted | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-db_mounted |  Network intruder and presence detector. netalertx-test-mount-db_mounted | https://netalertx.com netalertx-test-mount-db_mounted | netalertx-test-mount-db_mounted | netalertx-test-mount-db_mounted | Startup pre-checks netalertx-test-mount-db_mounted | --> data migration.sh netalertx-test-mount-db_mounted | --> capabilities audit.sh netalertx-test-mount-db_mounted | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-db_mounted | --> mounts.py netalertx-test-mount-db_mounted | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-db_mounted | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-db_mounted | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-db_mounted | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-db_mounted | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-db_mounted | /tmp/run/tmp | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_mounted | /tmp/api | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_mounted | /tmp/log | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_mounted | /tmp/run | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_mounted | /tmp/nginx/active-config | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_mounted | netalertx-test-mount-db_mounted | netalertx-test-mount-db_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_mounted | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-db_mounted | netalertx-test-mount-db_mounted | * /tmp/run/tmp error writing netalertx-test-mount-db_mounted | * /tmp/api error writing netalertx-test-mount-db_mounted | * /tmp/log error writing netalertx-test-mount-db_mounted | * /tmp/run error writing netalertx-test-mount-db_mounted | * /tmp/nginx/active-config error writing netalertx-test-mount-db_mounted | netalertx-test-mount-db_mounted | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-db_mounted | configuration can be quite complex. netalertx-test-mount-db_mounted | netalertx-test-mount-db_mounted | Review the documentation for a correct setup: netalertx-test-mount-db_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-db_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-db_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_mounted |  netalertx-test-mount-db_mounted | --> first run config.sh netalertx-test-mount-db_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_mounted | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-db_mounted | netalertx-test-mount-db_mounted | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-db_mounted | this instance in production. netalertx-test-mount-db_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_mounted | --> first run db.sh netalertx-test-mount-db_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_mounted | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-db_mounted | netalertx-test-mount-db_mounted | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-db_mounted | DB before onboarding sensitive or critical networks. netalertx-test-mount-db_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_mounted | --> mandatory folders.sh netalertx-test-mount-db_mounted | * Creating Plugins log. netalertx-test-mount-db_mounted | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-db_mounted | * Creating System services run log. netalertx-test-mount-db_mounted | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-db_mounted | * Creating System services run tmp. netalertx-test-mount-db_mounted | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-db_mounted | * Creating DB locked log. netalertx-test-mount-db_mounted | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-db_mounted | * Creating Execution queue log. netalertx-test-mount-db_mounted | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-db_mounted | --> apply conf override.sh netalertx-test-mount-db_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_mounted | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-db_mounted | netalertx-test-mount-db_mounted | Make sure the JSON content is correct before starting the application. netalertx-test-mount-db_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_mounted | --> writable config.sh netalertx-test-mount-db_mounted | --> nginx config.sh netalertx-test-mount-db_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_mounted | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-db_mounted | netalertx-test-mount-db_mounted | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-db_mounted | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-db_mounted | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-db_mounted | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-db_mounted | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-db_mounted | netalertx-test-mount-db_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-db_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_mounted | --> expected user id match.sh netalertx-test-mount-db_mounted |  netalertx-test-mount-db_mounted | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-db_mounted | --> host mode network.sh netalertx-test-mount-db_mounted | --> excessive capabilities.sh netalertx-test-mount-db_mounted | --> appliance integrity.sh netalertx-test-mount-db_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_mounted | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-db_mounted | netalertx-test-mount-db_mounted | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-db_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-db_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_mounted | --> ports available.sh netalertx-test-mount-db_mounted exited with code 0 File: docker-compose.mount-test.db_no-mount.yml ---------------------------------------- Expected outcome: Container shows mount error warning but continues running - NETALERTX_DB shows as not mounted (❌ in Mount column) but path gets created - Warning message displayed about configuration issues - Container continues because database directory can be created in writable filesystem Testing: docker-compose.mount-test.db_no-mount.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_netalertx_config" Creating Volume "mount-tests_netalertx_config" Created Container netalertx-test-mount-db_no-mount Creating Container netalertx-test-mount-db_no-mount Created Attaching to netalertx-test-mount-db_no-mount netalertx-test-mount-db_no-mount | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-db_no-mount | Ownership prepared for PUID=20211. netalertx-test-mount-db_no-mount | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-db_no-mount | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-db_no-mount | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-db_no-mount | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-db_no-mount | Ownership prepared for PUID=20211. netalertx-test-mount-db_no-mount | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-db_no-mount | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-db_no-mount |  netalertx-test-mount-db_no-mount | _ _ _ ___ _ _ __ __ netalertx-test-mount-db_no-mount | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-db_no-mount | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-db_no-mount | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-db_no-mount | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-db_no-mount | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-db_no-mount |  Network intruder and presence detector. netalertx-test-mount-db_no-mount | https://netalertx.com netalertx-test-mount-db_no-mount | netalertx-test-mount-db_no-mount | netalertx-test-mount-db_no-mount | Startup pre-checks netalertx-test-mount-db_no-mount | --> data migration.sh netalertx-test-mount-db_no-mount | --> capabilities audit.sh netalertx-test-mount-db_no-mount | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-db_no-mount | --> mounts.py netalertx-test-mount-db_no-mount | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-db_no-mount | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-db_no-mount | /data | ✅| ✅| ❌ | ➖ | ➖ | ❌ netalertx-test-mount-db_no-mount | /data/db | ✅| ✅| ❌ | ➖ | ➖ | ❌ netalertx-test-mount-db_no-mount | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-db_no-mount | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_no-mount | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_no-mount | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_no-mount | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_no-mount | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_no-mount | netalertx-test-mount-db_no-mount | netalertx-test-mount-db_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_no-mount | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-db_no-mount | netalertx-test-mount-db_no-mount | * /data not mounted, risk of dataloss netalertx-test-mount-db_no-mount | * /data/db not mounted, risk of dataloss netalertx-test-mount-db_no-mount | * /tmp/run/tmp error writing, error reading netalertx-test-mount-db_no-mount | * /tmp/api error writing, error reading netalertx-test-mount-db_no-mount | * /tmp/log error writing, error reading netalertx-test-mount-db_no-mount | * /tmp/run error writing, error reading netalertx-test-mount-db_no-mount | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-db_no-mount | netalertx-test-mount-db_no-mount | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-db_no-mount | configuration can be quite complex. netalertx-test-mount-db_no-mount | netalertx-test-mount-db_no-mount | Review the documentation for a correct setup: netalertx-test-mount-db_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-db_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-db_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_no-mount |  netalertx-test-mount-db_no-mount | --> first run config.sh netalertx-test-mount-db_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_no-mount | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-db_no-mount | netalertx-test-mount-db_no-mount | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-db_no-mount | this instance in production. netalertx-test-mount-db_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_no-mount | --> first run db.sh netalertx-test-mount-db_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_no-mount | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-db_no-mount | netalertx-test-mount-db_no-mount | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-db_no-mount | DB before onboarding sensitive or critical networks. netalertx-test-mount-db_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_no-mount | --> mandatory folders.sh netalertx-test-mount-db_no-mount | * Creating Plugins log. netalertx-test-mount-db_no-mount | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-db_no-mount | * Creating System services run log. netalertx-test-mount-db_no-mount | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-db_no-mount | * Creating System services run tmp. netalertx-test-mount-db_no-mount | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-db_no-mount | * Creating DB locked log. netalertx-test-mount-db_no-mount | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-db_no-mount | * Creating Execution queue log. netalertx-test-mount-db_no-mount | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-db_no-mount | --> apply conf override.sh netalertx-test-mount-db_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_no-mount | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-db_no-mount | netalertx-test-mount-db_no-mount | Make sure the JSON content is correct before starting the application. netalertx-test-mount-db_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_no-mount | --> writable config.sh netalertx-test-mount-db_no-mount | --> nginx config.sh netalertx-test-mount-db_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_no-mount | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-db_no-mount | netalertx-test-mount-db_no-mount | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-db_no-mount | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-db_no-mount | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-db_no-mount | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-db_no-mount | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-db_no-mount | netalertx-test-mount-db_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-db_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_no-mount | --> expected user id match.sh netalertx-test-mount-db_no-mount |  netalertx-test-mount-db_no-mount | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-db_no-mount | --> host mode network.sh netalertx-test-mount-db_no-mount | --> excessive capabilities.sh netalertx-test-mount-db_no-mount | --> appliance integrity.sh netalertx-test-mount-db_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_no-mount | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-db_no-mount | netalertx-test-mount-db_no-mount | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-db_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-db_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_no-mount | --> ports available.sh netalertx-test-mount-db_no-mount exited with code 0 File: docker-compose.mount-test.db_noread.yml ---------------------------------------- Expected outcome: Mounts table shows /data/db is mounted and writable but NOT readable (R=❌, W=✅) Note: This is a diagnostic-only container (entrypoint sleeps); the test chmods/chowns /data/db to mode 0300. Testing: docker-compose.mount-test.db_noread.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-db_noread Creating Container netalertx-test-mount-db_noread Created Attaching to netalertx-test-mount-db_noread netalertx-test-mount-db_noread |  netalertx-test-mount-db_noread | _ _ _ ___ _ _ __ __ netalertx-test-mount-db_noread | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-db_noread | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-db_noread | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-db_noread | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-db_noread | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-db_noread |  Network intruder and presence detector. netalertx-test-mount-db_noread | https://netalertx.com netalertx-test-mount-db_noread | netalertx-test-mount-db_noread | netalertx-test-mount-db_noread | Startup pre-checks netalertx-test-mount-db_noread | --> data migration.sh netalertx-test-mount-db_noread | --> capabilities audit.sh netalertx-test-mount-db_noread | --> mounts.py netalertx-test-mount-db_noread | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-db_noread | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-db_noread | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-db_noread | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-db_noread | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-db_noread | /tmp | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_noread | /tmp/api | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_noread | /tmp/log | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_noread | /tmp/run | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_noread | /tmp/nginx/active-config | ✅| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_noread | --> first run config.sh netalertx-test-mount-db_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_noread | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-db_noread | netalertx-test-mount-db_noread | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-db_noread | this instance in production. netalertx-test-mount-db_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_noread | --> first run db.sh netalertx-test-mount-db_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_noread | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-db_noread | netalertx-test-mount-db_noread | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-db_noread | DB before onboarding sensitive or critical networks. netalertx-test-mount-db_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_noread | --> mandatory folders.sh netalertx-test-mount-db_noread | * Creating NetAlertX log directory. netalertx-test-mount-db_noread | * Creating NetAlertX API cache. netalertx-test-mount-db_noread | * Creating System services runtime directory. netalertx-test-mount-db_noread | * Creating nginx active configuration directory. netalertx-test-mount-db_noread | * Creating Plugins log. netalertx-test-mount-db_noread | * Creating System services run log. netalertx-test-mount-db_noread | * Creating DB locked log. netalertx-test-mount-db_noread | * Creating Execution queue log. netalertx-test-mount-db_noread | --> apply conf override.sh netalertx-test-mount-db_noread | --> writable config.sh netalertx-test-mount-db_noread | --> nginx config.sh netalertx-test-mount-db_noread | --> expected user id match.sh netalertx-test-mount-db_noread | --> host mode network.sh netalertx-test-mount-db_noread | --> excessive capabilities.sh netalertx-test-mount-db_noread | --> appliance integrity.sh netalertx-test-mount-db_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_noread | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-db_noread | netalertx-test-mount-db_noread | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-db_noread | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-db_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_noread | --> ports available.sh netalertx-test-mount-db_noread | Starting supercronic --quiet "/services/config/cron/crontab" >>"/tmp/log/cron.log" 2>&1 & netalertx-test-mount-db_noread | Starting /usr/sbin/php-fpm83 -y "/services/config/php/php-fpm.conf" -F (tee stderr to app.php_errors.log) netalertx-test-mount-db_noread | Starting python3 -m server > /tmp/log/stdout.log 2> >(tee /tmp/log/stderr.log >&2) netalertx-test-mount-db_noread | Starting /usr/sbin/nginx -p "/tmp/run/" -c "/tmp/nginx/active-config/nginx.conf" -g "error_log stderr; error_log /tmp/log/nginx-error.log; daemon off;" & netalertx-test-mount-db_noread | 2026/01/05 02:22:43 [error] 190#190: *1 FastCGI sent in stderr: "PHP message: PHP Warning: session_start(): open(/tmp/run/tmp/sess_4c8q75r1vlsf59n7bmcfsuo41q, O_RDWR) failed: No such file or directory (2) in /app/front/php/templates/security.php on line 50; PHP message: PHP Warning: session_start(): Failed to read session data: files (path: /tmp/run/tmp) in /app/front/php/templates/security.php on line 50" while reading response header from upstream, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/run/php.sock:", host: "localhost:20211" netalertx-test-mount-db_noread | Successfully updated IEEE OUI database (112503 entries) netalertx-test-mount-db_noread | 2026/01/05 02:22:45 [error] 191#191: *3 FastCGI sent in stderr: "PHP message: PHP Warning: session_start(): open(/tmp/run/tmp/sess_vnqqcr4d26f61l8o1hmtmomn08, O_RDWR) failed: No such file or directory (2) in /app/front/php/templates/security.php on line 50; PHP message: PHP Warning: session_start(): Failed to read session data: files (path: /tmp/run/tmp) in /app/front/php/templates/security.php on line 50" while reading response header from upstream, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/run/php.sock:", host: "localhost:20211" Gracefully stopping... (press Ctrl+C again to force) Container netalertx-test-mount-db_noread Stopping Container netalertx-test-mount-db_noread Stopped File: docker-compose.mount-test.db_ramdisk.yml ---------------------------------------- Expected outcome: Container shows dataloss risk warning for database on RAM disk - NETALERTX_DB shows as mounted on tmpfs (RAM disk) - Dataloss risk warning since database should be persistent - Database will be lost on container restart Testing: docker-compose.mount-test.db_ramdisk.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_netalertx_config" Creating Volume "mount-tests_netalertx_config" Created Container netalertx-test-mount-db_ramdisk Creating Container netalertx-test-mount-db_ramdisk Created Attaching to netalertx-test-mount-db_ramdisk netalertx-test-mount-db_ramdisk | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-db_ramdisk | Ownership prepared for PUID=20211. netalertx-test-mount-db_ramdisk | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-db_ramdisk | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-db_ramdisk | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-db_ramdisk | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-db_ramdisk | Ownership prepared for PUID=20211. netalertx-test-mount-db_ramdisk | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-db_ramdisk | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-db_ramdisk |  netalertx-test-mount-db_ramdisk | _ _ _ ___ _ _ __ __ netalertx-test-mount-db_ramdisk | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-db_ramdisk | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-db_ramdisk | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-db_ramdisk | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-db_ramdisk | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-db_ramdisk |  Network intruder and presence detector. netalertx-test-mount-db_ramdisk | https://netalertx.com netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | Startup pre-checks netalertx-test-mount-db_ramdisk | --> data migration.sh netalertx-test-mount-db_ramdisk | --> capabilities audit.sh netalertx-test-mount-db_ramdisk | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-db_ramdisk | --> mounts.py netalertx-test-mount-db_ramdisk | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-db_ramdisk | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-db_ramdisk | /data | ✅| ✅| ❌ | ➖ | ➖ | ❌ netalertx-test-mount-db_ramdisk | /data/db | ❌| ❌| ✅ | ❌ | ➖ | ❌ netalertx-test-mount-db_ramdisk | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-db_ramdisk | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_ramdisk | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_ramdisk | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_ramdisk | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_ramdisk | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | * /data not mounted, risk of dataloss netalertx-test-mount-db_ramdisk | * /data/db error writing, error reading, risk of dataloss netalertx-test-mount-db_ramdisk | * /tmp/run/tmp error writing, error reading netalertx-test-mount-db_ramdisk | * /tmp/api error writing, error reading netalertx-test-mount-db_ramdisk | * /tmp/log error writing, error reading netalertx-test-mount-db_ramdisk | * /tmp/run error writing, error reading netalertx-test-mount-db_ramdisk | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-db_ramdisk | configuration can be quite complex. netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | Review the documentation for a correct setup: netalertx-test-mount-db_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-db_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk |  netalertx-test-mount-db_ramdisk | \033[1;31m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | ❌ NetAlertX startup aborted: critical failure in mounts.py. netalertx-test-mount-db_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/troubleshooting.md netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | --> first run config.sh netalertx-test-mount-db_ramdisk | \033[0m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-db_ramdisk | this instance in production. netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | --> first run db.sh netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-db_ramdisk | DB before onboarding sensitive or critical networks. netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | Error: unable to open database "/data/db/app.db": unable to open database file netalertx-test-mount-db_ramdisk | \033[1;31m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | ❌ NetAlertX startup aborted: critical failure in first run db.sh. netalertx-test-mount-db_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/troubleshooting.md netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | --> mandatory folders.sh netalertx-test-mount-db_ramdisk | * Creating Plugins log. netalertx-test-mount-db_ramdisk | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-db_ramdisk | * Creating System services run log. netalertx-test-mount-db_ramdisk | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-db_ramdisk | * Creating System services run tmp. netalertx-test-mount-db_ramdisk | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-db_ramdisk | * Creating DB locked log. netalertx-test-mount-db_ramdisk | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-db_ramdisk | * Creating Execution queue log. netalertx-test-mount-db_ramdisk | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-db_ramdisk | --> apply conf override.sh netalertx-test-mount-db_ramdisk | \033[0m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | Make sure the JSON content is correct before starting the application. netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | --> writable config.sh netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | ❌ CRITICAL: Path does not exist. netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | The required path "/data/db/app.db" could not be found. The application netalertx-test-mount-db_ramdisk | cannot start without its complete directory structure. netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/file-permissions.md netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | \033[1;31m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | ❌ NetAlertX startup aborted: critical failure in writable config.sh. netalertx-test-mount-db_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/troubleshooting.md netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | --> nginx config.sh netalertx-test-mount-db_ramdisk | \033[0m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-db_ramdisk | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-db_ramdisk | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-db_ramdisk | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-db_ramdisk | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | --> expected user id match.sh netalertx-test-mount-db_ramdisk |  netalertx-test-mount-db_ramdisk | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-db_ramdisk | --> host mode network.sh netalertx-test-mount-db_ramdisk | --> excessive capabilities.sh netalertx-test-mount-db_ramdisk | --> appliance integrity.sh netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-db_ramdisk | netalertx-test-mount-db_ramdisk | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-db_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-db_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_ramdisk | --> ports available.sh netalertx-test-mount-db_ramdisk | Container startup checks failed with exit code 1. netalertx-test-mount-db_ramdisk exited with code 1 File: docker-compose.mount-test.db_unwritable.yml ---------------------------------------- Expected outcome: Container fails to start due to unwritable database partition - NETALERTX_DB shows as mounted but unwritable (❌ in Writeable column) - 30-writable-config.sh detects permission error and exits with code 1 - Container startup fails because database files cannot be written to Testing: docker-compose.mount-test.db_unwritable.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_db" Creating Volume "mount-tests_test_netalertx_db" Created Volume "mount-tests_netalertx_config" Creating Volume "mount-tests_netalertx_config" Created Container netalertx-test-mount-db_unwritable Creating Container netalertx-test-mount-db_unwritable Created Attaching to netalertx-test-mount-db_unwritable netalertx-test-mount-db_unwritable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-db_unwritable | Ownership prepared for PUID=20211. netalertx-test-mount-db_unwritable | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-db_unwritable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-db_unwritable | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-db_unwritable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-db_unwritable | Ownership prepared for PUID=20211. netalertx-test-mount-db_unwritable | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-db_unwritable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-db_unwritable |  netalertx-test-mount-db_unwritable | _ _ _ ___ _ _ __ __ netalertx-test-mount-db_unwritable | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-db_unwritable | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-db_unwritable | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-db_unwritable | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-db_unwritable | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-db_unwritable |  Network intruder and presence detector. netalertx-test-mount-db_unwritable | https://netalertx.com netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | Startup pre-checks netalertx-test-mount-db_unwritable | --> data migration.sh netalertx-test-mount-db_unwritable | --> capabilities audit.sh netalertx-test-mount-db_unwritable | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-db_unwritable | --> mounts.py netalertx-test-mount-db_unwritable | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-db_unwritable | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-db_unwritable | /data | ✅| ✅| ❌ | ➖ | ➖ | ❌ netalertx-test-mount-db_unwritable | /data/db | ✅| ❌| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-db_unwritable | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-db_unwritable | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_unwritable | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_unwritable | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_unwritable | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_unwritable | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | * /data not mounted, risk of dataloss netalertx-test-mount-db_unwritable | * /data/db error writing netalertx-test-mount-db_unwritable | * /tmp/run/tmp error writing, error reading netalertx-test-mount-db_unwritable | * /tmp/api error writing, error reading netalertx-test-mount-db_unwritable | * /tmp/log error writing, error reading netalertx-test-mount-db_unwritable | * /tmp/run error writing, error reading netalertx-test-mount-db_unwritable | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-db_unwritable | configuration can be quite complex. netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | Review the documentation for a correct setup: netalertx-test-mount-db_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-db_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable |  netalertx-test-mount-db_unwritable | \033[1;31m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | ❌ NetAlertX startup aborted: critical failure in mounts.py. netalertx-test-mount-db_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/troubleshooting.md netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | --> first run config.sh netalertx-test-mount-db_unwritable | \033[0m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-db_unwritable | this instance in production. netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | --> first run db.sh netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-db_unwritable | DB before onboarding sensitive or critical networks. netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | Error: unable to open database "/data/db/app.db": unable to open database file netalertx-test-mount-db_unwritable | \033[1;31m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | ❌ NetAlertX startup aborted: critical failure in first run db.sh. netalertx-test-mount-db_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/troubleshooting.md netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | --> mandatory folders.sh netalertx-test-mount-db_unwritable | * Creating Plugins log. netalertx-test-mount-db_unwritable | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-db_unwritable | * Creating System services run log. netalertx-test-mount-db_unwritable | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-db_unwritable | * Creating System services run tmp. netalertx-test-mount-db_unwritable | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-db_unwritable | * Creating DB locked log. netalertx-test-mount-db_unwritable | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-db_unwritable | * Creating Execution queue log. netalertx-test-mount-db_unwritable | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-db_unwritable | --> apply conf override.sh netalertx-test-mount-db_unwritable | \033[0m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | Make sure the JSON content is correct before starting the application. netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | --> writable config.sh netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | ❌ CRITICAL: Path does not exist. netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | The required path "/data/db/app.db" could not be found. The application netalertx-test-mount-db_unwritable | cannot start without its complete directory structure. netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/file-permissions.md netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | \033[1;31m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | ❌ NetAlertX startup aborted: critical failure in writable config.sh. netalertx-test-mount-db_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/troubleshooting.md netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | --> nginx config.sh netalertx-test-mount-db_unwritable | \033[0m══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-db_unwritable | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-db_unwritable | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-db_unwritable | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-db_unwritable | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | --> expected user id match.sh netalertx-test-mount-db_unwritable |  netalertx-test-mount-db_unwritable | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-db_unwritable | --> host mode network.sh netalertx-test-mount-db_unwritable | --> excessive capabilities.sh netalertx-test-mount-db_unwritable | --> appliance integrity.sh netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-db_unwritable | netalertx-test-mount-db_unwritable | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-db_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-db_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-db_unwritable | --> ports available.sh netalertx-test-mount-db_unwritable | Container startup checks failed with exit code 1. netalertx-test-mount-db_unwritable exited with code 1 File: docker-compose.mount-test.log_mounted.yml ---------------------------------------- Expected outcome: Container starts successfully with proper log mount - NETALERTX_LOG shows as mounted and writable - No mount warnings since logs can be non-persistent - Container starts normally with logging enabled Testing: docker-compose.mount-test.log_mounted.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_netalertx_config" Creating Volume "mount-tests_netalertx_config" Created Volume "mount-tests_test_netalertx_log" Creating Volume "mount-tests_test_netalertx_log" Created Volume "mount-tests_netalertx_db" Creating Volume "mount-tests_netalertx_db" Created Container netalertx-test-mount-log_mounted Creating Container netalertx-test-mount-log_mounted Created Attaching to netalertx-test-mount-log_mounted netalertx-test-mount-log_mounted | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-log_mounted | Ownership prepared for PUID=20211. netalertx-test-mount-log_mounted | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-log_mounted | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-log_mounted | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-log_mounted | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-log_mounted | Ownership prepared for PUID=20211. netalertx-test-mount-log_mounted | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-log_mounted | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-log_mounted |  netalertx-test-mount-log_mounted | _ _ _ ___ _ _ __ __ netalertx-test-mount-log_mounted | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-log_mounted | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-log_mounted | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-log_mounted | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-log_mounted | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-log_mounted |  Network intruder and presence detector. netalertx-test-mount-log_mounted | https://netalertx.com netalertx-test-mount-log_mounted | netalertx-test-mount-log_mounted | netalertx-test-mount-log_mounted | Startup pre-checks netalertx-test-mount-log_mounted | --> data migration.sh netalertx-test-mount-log_mounted | --> capabilities audit.sh netalertx-test-mount-log_mounted | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-log_mounted | --> mounts.py netalertx-test-mount-log_mounted | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-log_mounted | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-log_mounted | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-log_mounted | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-log_mounted | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_mounted | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_mounted | /tmp/log | ✅| ✅| ✅ | ❌ | ❌ | ✅ netalertx-test-mount-log_mounted | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_mounted | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_mounted | netalertx-test-mount-log_mounted | netalertx-test-mount-log_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_mounted | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-log_mounted | netalertx-test-mount-log_mounted | * /tmp/run/tmp error writing, error reading netalertx-test-mount-log_mounted | * /tmp/api error writing, error reading netalertx-test-mount-log_mounted | * /tmp/log performance issue netalertx-test-mount-log_mounted | * /tmp/run error writing, error reading netalertx-test-mount-log_mounted | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-log_mounted | netalertx-test-mount-log_mounted | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-log_mounted | configuration can be quite complex. netalertx-test-mount-log_mounted | netalertx-test-mount-log_mounted | Review the documentation for a correct setup: netalertx-test-mount-log_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-log_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-log_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_mounted |  netalertx-test-mount-log_mounted | --> first run config.sh netalertx-test-mount-log_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_mounted | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-log_mounted | netalertx-test-mount-log_mounted | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-log_mounted | this instance in production. netalertx-test-mount-log_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_mounted | --> first run db.sh netalertx-test-mount-log_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_mounted | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-log_mounted | netalertx-test-mount-log_mounted | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-log_mounted | DB before onboarding sensitive or critical networks. netalertx-test-mount-log_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_mounted | --> mandatory folders.sh netalertx-test-mount-log_mounted | * Creating System services run log. netalertx-test-mount-log_mounted | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-log_mounted | * Creating System services run tmp. netalertx-test-mount-log_mounted | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-log_mounted | --> apply conf override.sh netalertx-test-mount-log_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_mounted | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-log_mounted | netalertx-test-mount-log_mounted | Make sure the JSON content is correct before starting the application. netalertx-test-mount-log_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_mounted | --> writable config.sh netalertx-test-mount-log_mounted | --> nginx config.sh netalertx-test-mount-log_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_mounted | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-log_mounted | netalertx-test-mount-log_mounted | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-log_mounted | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-log_mounted | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-log_mounted | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-log_mounted | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-log_mounted | netalertx-test-mount-log_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-log_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_mounted | --> expected user id match.sh netalertx-test-mount-log_mounted |  netalertx-test-mount-log_mounted | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-log_mounted | --> host mode network.sh netalertx-test-mount-log_mounted | --> excessive capabilities.sh netalertx-test-mount-log_mounted | --> appliance integrity.sh netalertx-test-mount-log_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_mounted | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-log_mounted | netalertx-test-mount-log_mounted | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-log_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-log_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_mounted | --> ports available.sh netalertx-test-mount-log_mounted exited with code 0 File: docker-compose.mount-test.log_no-mount.yml ---------------------------------------- Expected outcome: Container shows mount error warning but continues running - NETALERTX_LOG shows as not mounted (❌ in Mount column) - Warning message displayed about configuration issues - Container continues to run despite the mount error Testing: docker-compose.mount-test.log_no-mount.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_netalertx_db" Creating Volume "mount-tests_netalertx_db" Created Volume "mount-tests_netalertx_config" Creating Volume "mount-tests_netalertx_config" Created Container netalertx-test-mount-log_no-mount Creating Container netalertx-test-mount-log_no-mount Created Attaching to netalertx-test-mount-log_no-mount netalertx-test-mount-log_no-mount | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-log_no-mount | Ownership prepared for PUID=20211. netalertx-test-mount-log_no-mount | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-log_no-mount | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-log_no-mount | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-log_no-mount | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-log_no-mount | Ownership prepared for PUID=20211. netalertx-test-mount-log_no-mount | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-log_no-mount | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-log_no-mount |  netalertx-test-mount-log_no-mount | _ _ _ ___ _ _ __ __ netalertx-test-mount-log_no-mount | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-log_no-mount | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-log_no-mount | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-log_no-mount | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-log_no-mount | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-log_no-mount |  Network intruder and presence detector. netalertx-test-mount-log_no-mount | https://netalertx.com netalertx-test-mount-log_no-mount | netalertx-test-mount-log_no-mount | netalertx-test-mount-log_no-mount | Startup pre-checks netalertx-test-mount-log_no-mount | --> data migration.sh netalertx-test-mount-log_no-mount | --> capabilities audit.sh netalertx-test-mount-log_no-mount | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-log_no-mount | --> mounts.py netalertx-test-mount-log_no-mount | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-log_no-mount | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-log_no-mount | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-log_no-mount | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-log_no-mount | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_no-mount | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_no-mount | /tmp/log | ✅| ✅| ❌ | ❌ | ❌ | ✅ netalertx-test-mount-log_no-mount | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_no-mount | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_no-mount | netalertx-test-mount-log_no-mount | netalertx-test-mount-log_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_no-mount | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-log_no-mount | netalertx-test-mount-log_no-mount | * /tmp/run/tmp error writing, error reading netalertx-test-mount-log_no-mount | * /tmp/api error writing, error reading netalertx-test-mount-log_no-mount | * /tmp/log not mounted, performance issue netalertx-test-mount-log_no-mount | * /tmp/run error writing, error reading netalertx-test-mount-log_no-mount | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-log_no-mount | netalertx-test-mount-log_no-mount | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-log_no-mount | configuration can be quite complex. netalertx-test-mount-log_no-mount | netalertx-test-mount-log_no-mount | Review the documentation for a correct setup: netalertx-test-mount-log_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-log_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-log_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_no-mount |  netalertx-test-mount-log_no-mount | --> first run config.sh netalertx-test-mount-log_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_no-mount | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-log_no-mount | netalertx-test-mount-log_no-mount | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-log_no-mount | this instance in production. netalertx-test-mount-log_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_no-mount | --> first run db.sh netalertx-test-mount-log_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_no-mount | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-log_no-mount | netalertx-test-mount-log_no-mount | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-log_no-mount | DB before onboarding sensitive or critical networks. netalertx-test-mount-log_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_no-mount | --> mandatory folders.sh netalertx-test-mount-log_no-mount | * Creating System services run log. netalertx-test-mount-log_no-mount | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-log_no-mount | * Creating System services run tmp. netalertx-test-mount-log_no-mount | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-log_no-mount | --> apply conf override.sh netalertx-test-mount-log_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_no-mount | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-log_no-mount | netalertx-test-mount-log_no-mount | Make sure the JSON content is correct before starting the application. netalertx-test-mount-log_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_no-mount | --> writable config.sh netalertx-test-mount-log_no-mount | --> nginx config.sh netalertx-test-mount-log_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_no-mount | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-log_no-mount | netalertx-test-mount-log_no-mount | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-log_no-mount | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-log_no-mount | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-log_no-mount | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-log_no-mount | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-log_no-mount | netalertx-test-mount-log_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-log_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_no-mount | --> expected user id match.sh netalertx-test-mount-log_no-mount |  netalertx-test-mount-log_no-mount | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-log_no-mount | --> host mode network.sh netalertx-test-mount-log_no-mount | --> excessive capabilities.sh netalertx-test-mount-log_no-mount | --> appliance integrity.sh netalertx-test-mount-log_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_no-mount | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-log_no-mount | netalertx-test-mount-log_no-mount | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-log_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-log_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_no-mount | --> ports available.sh netalertx-test-mount-log_no-mount exited with code 0 File: docker-compose.mount-test.log_ramdisk.yml ---------------------------------------- Expected outcome: Container shows dataloss risk warning for logs on RAM disk - NETALERTX_LOG shows as mounted on tmpfs (RAM disk) - Dataloss risk warning since logs may be lost on restart - Container starts but logs may not persist Testing: docker-compose.mount-test.log_ramdisk.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-log_ramdisk Creating Container netalertx-test-mount-log_ramdisk Created Attaching to netalertx-test-mount-log_ramdisk netalertx-test-mount-log_ramdisk | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-log_ramdisk | Ownership prepared for PUID=20211. netalertx-test-mount-log_ramdisk | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-log_ramdisk | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-log_ramdisk | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-log_ramdisk | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-log_ramdisk | Ownership prepared for PUID=20211. netalertx-test-mount-log_ramdisk | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-log_ramdisk | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-log_ramdisk |  netalertx-test-mount-log_ramdisk | _ _ _ ___ _ _ __ __ netalertx-test-mount-log_ramdisk | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-log_ramdisk | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-log_ramdisk | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-log_ramdisk | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-log_ramdisk | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-log_ramdisk |  Network intruder and presence detector. netalertx-test-mount-log_ramdisk | https://netalertx.com netalertx-test-mount-log_ramdisk | netalertx-test-mount-log_ramdisk | netalertx-test-mount-log_ramdisk | Startup pre-checks netalertx-test-mount-log_ramdisk | --> data migration.sh netalertx-test-mount-log_ramdisk | --> capabilities audit.sh netalertx-test-mount-log_ramdisk | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-log_ramdisk | --> mounts.py netalertx-test-mount-log_ramdisk | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-log_ramdisk | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-log_ramdisk | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-log_ramdisk | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-log_ramdisk | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-log_ramdisk | /tmp/run/tmp | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_ramdisk | /tmp/api | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_ramdisk | /tmp/log | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_ramdisk | /tmp/run | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_ramdisk | /tmp/nginx/active-config | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_ramdisk | netalertx-test-mount-log_ramdisk | netalertx-test-mount-log_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_ramdisk | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-log_ramdisk | netalertx-test-mount-log_ramdisk | * /tmp/run/tmp error writing netalertx-test-mount-log_ramdisk | * /tmp/api error writing netalertx-test-mount-log_ramdisk | * /tmp/log error writing netalertx-test-mount-log_ramdisk | * /tmp/run error writing netalertx-test-mount-log_ramdisk | * /tmp/nginx/active-config error writing netalertx-test-mount-log_ramdisk | netalertx-test-mount-log_ramdisk | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-log_ramdisk | configuration can be quite complex. netalertx-test-mount-log_ramdisk | netalertx-test-mount-log_ramdisk | Review the documentation for a correct setup: netalertx-test-mount-log_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-log_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-log_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_ramdisk |  netalertx-test-mount-log_ramdisk | --> first run config.sh netalertx-test-mount-log_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_ramdisk | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-log_ramdisk | netalertx-test-mount-log_ramdisk | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-log_ramdisk | this instance in production. netalertx-test-mount-log_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_ramdisk | --> first run db.sh netalertx-test-mount-log_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_ramdisk | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-log_ramdisk | netalertx-test-mount-log_ramdisk | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-log_ramdisk | DB before onboarding sensitive or critical networks. netalertx-test-mount-log_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_ramdisk | --> mandatory folders.sh netalertx-test-mount-log_ramdisk | * Creating Plugins log. netalertx-test-mount-log_ramdisk | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-log_ramdisk | * Creating System services run log. netalertx-test-mount-log_ramdisk | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-log_ramdisk | * Creating System services run tmp. netalertx-test-mount-log_ramdisk | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-log_ramdisk | * Creating DB locked log. netalertx-test-mount-log_ramdisk | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-log_ramdisk | * Creating Execution queue log. netalertx-test-mount-log_ramdisk | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-log_ramdisk | --> apply conf override.sh netalertx-test-mount-log_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_ramdisk | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-log_ramdisk | netalertx-test-mount-log_ramdisk | Make sure the JSON content is correct before starting the application. netalertx-test-mount-log_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_ramdisk | --> writable config.sh netalertx-test-mount-log_ramdisk | --> nginx config.sh netalertx-test-mount-log_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_ramdisk | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-log_ramdisk | netalertx-test-mount-log_ramdisk | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-log_ramdisk | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-log_ramdisk | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-log_ramdisk | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-log_ramdisk | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-log_ramdisk | netalertx-test-mount-log_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-log_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_ramdisk | --> expected user id match.sh netalertx-test-mount-log_ramdisk |  netalertx-test-mount-log_ramdisk | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-log_ramdisk | --> host mode network.sh netalertx-test-mount-log_ramdisk | --> excessive capabilities.sh netalertx-test-mount-log_ramdisk | --> appliance integrity.sh netalertx-test-mount-log_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_ramdisk | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-log_ramdisk | netalertx-test-mount-log_ramdisk | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-log_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-log_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_ramdisk | --> ports available.sh netalertx-test-mount-log_ramdisk exited with code 0 File: docker-compose.mount-test.log_unwritable.yml ---------------------------------------- Expected outcome: Container fails to start due to unwritable log partition - NETALERTX_LOG shows as mounted but unwritable (❌ in Writeable column) - 25-mandatory-folders.sh cannot create required log files and fails - Container startup fails because logging infrastructure cannot be initialized Testing: docker-compose.mount-test.log_unwritable.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_netalertx_config" Creating Volume "mount-tests_netalertx_config" Created Volume "mount-tests_test_netalertx_log" Creating Volume "mount-tests_test_netalertx_log" Created Volume "mount-tests_netalertx_db" Creating Volume "mount-tests_netalertx_db" Created Container netalertx-test-mount-log_unwritable Creating Container netalertx-test-mount-log_unwritable Created Attaching to netalertx-test-mount-log_unwritable netalertx-test-mount-log_unwritable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-log_unwritable | Ownership prepared for PUID=20211. netalertx-test-mount-log_unwritable | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-log_unwritable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-log_unwritable | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-log_unwritable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-log_unwritable | Ownership prepared for PUID=20211. netalertx-test-mount-log_unwritable | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-log_unwritable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-log_unwritable |  netalertx-test-mount-log_unwritable | _ _ _ ___ _ _ __ __ netalertx-test-mount-log_unwritable | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-log_unwritable | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-log_unwritable | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-log_unwritable | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-log_unwritable | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-log_unwritable |  Network intruder and presence detector. netalertx-test-mount-log_unwritable | https://netalertx.com netalertx-test-mount-log_unwritable | netalertx-test-mount-log_unwritable | netalertx-test-mount-log_unwritable | Startup pre-checks netalertx-test-mount-log_unwritable | --> data migration.sh netalertx-test-mount-log_unwritable | --> capabilities audit.sh netalertx-test-mount-log_unwritable | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-log_unwritable | --> mounts.py netalertx-test-mount-log_unwritable | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-log_unwritable | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-log_unwritable | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-log_unwritable | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-log_unwritable | /tmp/run/tmp | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_unwritable | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_unwritable | /tmp/log | ✅| ❌| ✅ | ❌ | ❌ | ✅ netalertx-test-mount-log_unwritable | /tmp/run | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_unwritable | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-log_unwritable | netalertx-test-mount-log_unwritable | netalertx-test-mount-log_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_unwritable | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-log_unwritable | netalertx-test-mount-log_unwritable | * /tmp/run/tmp error writing, error reading netalertx-test-mount-log_unwritable | * /tmp/api error writing, error reading netalertx-test-mount-log_unwritable | * /tmp/log error writing, performance issue netalertx-test-mount-log_unwritable | * /tmp/run error writing, error reading netalertx-test-mount-log_unwritable | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-log_unwritable | netalertx-test-mount-log_unwritable | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-log_unwritable | configuration can be quite complex. netalertx-test-mount-log_unwritable | netalertx-test-mount-log_unwritable | Review the documentation for a correct setup: netalertx-test-mount-log_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-log_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-log_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_unwritable |  netalertx-test-mount-log_unwritable | --> first run config.sh netalertx-test-mount-log_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_unwritable | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-log_unwritable | netalertx-test-mount-log_unwritable | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-log_unwritable | this instance in production. netalertx-test-mount-log_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_unwritable | --> first run db.sh netalertx-test-mount-log_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_unwritable | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-log_unwritable | netalertx-test-mount-log_unwritable | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-log_unwritable | DB before onboarding sensitive or critical networks. netalertx-test-mount-log_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_unwritable | --> mandatory folders.sh netalertx-test-mount-log_unwritable | * Creating System services run log. netalertx-test-mount-log_unwritable | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-log_unwritable | * Creating System services run tmp. netalertx-test-mount-log_unwritable | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-log_unwritable | --> apply conf override.sh netalertx-test-mount-log_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_unwritable | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-log_unwritable | netalertx-test-mount-log_unwritable | Make sure the JSON content is correct before starting the application. netalertx-test-mount-log_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_unwritable | --> writable config.sh netalertx-test-mount-log_unwritable | --> nginx config.sh netalertx-test-mount-log_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_unwritable | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-log_unwritable | netalertx-test-mount-log_unwritable | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-log_unwritable | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-log_unwritable | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-log_unwritable | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-log_unwritable | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-log_unwritable | netalertx-test-mount-log_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-log_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_unwritable | --> expected user id match.sh netalertx-test-mount-log_unwritable |  netalertx-test-mount-log_unwritable | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-log_unwritable | --> host mode network.sh netalertx-test-mount-log_unwritable | --> excessive capabilities.sh netalertx-test-mount-log_unwritable | --> appliance integrity.sh netalertx-test-mount-log_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_unwritable | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-log_unwritable | netalertx-test-mount-log_unwritable | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-log_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-log_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-log_unwritable | --> ports available.sh netalertx-test-mount-log_unwritable exited with code 0 File: docker-compose.mount-test.run_mounted.yml ---------------------------------------- Expected outcome: Container starts successfully with proper run mount - NETALERTX_RUN shows as mounted and writable - No mount warnings since run directory can be non-persistent - Container starts normally with runtime files enabled Testing: docker-compose.mount-test.run_mounted.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_netalertx_db" Creating Volume "mount-tests_netalertx_db" Created Volume "mount-tests_netalertx_config" Creating Volume "mount-tests_netalertx_config" Created Volume "mount-tests_test_system_services_run" Creating Volume "mount-tests_test_system_services_run" Created Container netalertx-test-mount-run_mounted Creating Container netalertx-test-mount-run_mounted Created Attaching to netalertx-test-mount-run_mounted netalertx-test-mount-run_mounted | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-run_mounted | Ownership prepared for PUID=20211. netalertx-test-mount-run_mounted | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-run_mounted | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-run_mounted | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-run_mounted | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-run_mounted | Ownership prepared for PUID=20211. netalertx-test-mount-run_mounted | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-run_mounted | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-run_mounted |  netalertx-test-mount-run_mounted | _ _ _ ___ _ _ __ __ netalertx-test-mount-run_mounted | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-run_mounted | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-run_mounted | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-run_mounted | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-run_mounted | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-run_mounted |  Network intruder and presence detector. netalertx-test-mount-run_mounted | https://netalertx.com netalertx-test-mount-run_mounted | netalertx-test-mount-run_mounted | netalertx-test-mount-run_mounted | Startup pre-checks netalertx-test-mount-run_mounted | --> data migration.sh netalertx-test-mount-run_mounted | --> capabilities audit.sh netalertx-test-mount-run_mounted | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-run_mounted | --> mounts.py netalertx-test-mount-run_mounted | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-run_mounted | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-run_mounted | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-run_mounted | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-run_mounted | /tmp/run/tmp | ✅| ✅| ✅ | ❌ | ❌ | ✅ netalertx-test-mount-run_mounted | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-run_mounted | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-run_mounted | /tmp/run | ✅| ✅| ✅ | ❌ | ❌ | ✅ netalertx-test-mount-run_mounted | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-run_mounted | netalertx-test-mount-run_mounted | netalertx-test-mount-run_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_mounted | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-run_mounted | netalertx-test-mount-run_mounted | * /tmp/run/tmp performance issue netalertx-test-mount-run_mounted | * /tmp/api error writing, error reading netalertx-test-mount-run_mounted | * /tmp/log error writing, error reading netalertx-test-mount-run_mounted | * /tmp/run performance issue netalertx-test-mount-run_mounted | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-run_mounted | netalertx-test-mount-run_mounted | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-run_mounted | configuration can be quite complex. netalertx-test-mount-run_mounted | netalertx-test-mount-run_mounted | Review the documentation for a correct setup: netalertx-test-mount-run_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-run_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-run_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_mounted |  netalertx-test-mount-run_mounted | --> first run config.sh netalertx-test-mount-run_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_mounted | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-run_mounted | netalertx-test-mount-run_mounted | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-run_mounted | this instance in production. netalertx-test-mount-run_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_mounted | --> first run db.sh netalertx-test-mount-run_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_mounted | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-run_mounted | netalertx-test-mount-run_mounted | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-run_mounted | DB before onboarding sensitive or critical networks. netalertx-test-mount-run_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_mounted | --> mandatory folders.sh netalertx-test-mount-run_mounted | * Creating Plugins log. netalertx-test-mount-run_mounted | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-run_mounted | * Creating DB locked log. netalertx-test-mount-run_mounted | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-run_mounted | * Creating Execution queue log. netalertx-test-mount-run_mounted | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-run_mounted | --> apply conf override.sh netalertx-test-mount-run_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_mounted | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-run_mounted | netalertx-test-mount-run_mounted | Make sure the JSON content is correct before starting the application. netalertx-test-mount-run_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_mounted | --> writable config.sh netalertx-test-mount-run_mounted | --> nginx config.sh netalertx-test-mount-run_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_mounted | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-run_mounted | netalertx-test-mount-run_mounted | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-run_mounted | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-run_mounted | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-run_mounted | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-run_mounted | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-run_mounted | netalertx-test-mount-run_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-run_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_mounted | --> expected user id match.sh netalertx-test-mount-run_mounted |  netalertx-test-mount-run_mounted | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-run_mounted | --> host mode network.sh netalertx-test-mount-run_mounted | --> excessive capabilities.sh netalertx-test-mount-run_mounted | --> appliance integrity.sh netalertx-test-mount-run_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_mounted | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-run_mounted | netalertx-test-mount-run_mounted | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-run_mounted | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-run_mounted | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_mounted | --> ports available.sh netalertx-test-mount-run_mounted exited with code 0 File: docker-compose.mount-test.run_no-mount.yml ---------------------------------------- Expected outcome: Container shows mount error warning but continues running - NETALERTX_RUN shows as not mounted (❌ in Mount column) - Warning message displayed about configuration issues - Container continues to run despite the mount error Testing: docker-compose.mount-test.run_no-mount.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_netalertx_db" Creating Volume "mount-tests_netalertx_db" Created Volume "mount-tests_netalertx_config" Creating Volume "mount-tests_netalertx_config" Created Container netalertx-test-mount-run_no-mount Creating Container netalertx-test-mount-run_no-mount Created Attaching to netalertx-test-mount-run_no-mount netalertx-test-mount-run_no-mount | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-run_no-mount | Ownership prepared for PUID=20211. netalertx-test-mount-run_no-mount | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-run_no-mount | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-run_no-mount | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-run_no-mount | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-run_no-mount | Ownership prepared for PUID=20211. netalertx-test-mount-run_no-mount | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-run_no-mount | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-run_no-mount |  netalertx-test-mount-run_no-mount | _ _ _ ___ _ _ __ __ netalertx-test-mount-run_no-mount | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-run_no-mount | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-run_no-mount | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-run_no-mount | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-run_no-mount | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-run_no-mount |  Network intruder and presence detector. netalertx-test-mount-run_no-mount | https://netalertx.com netalertx-test-mount-run_no-mount | netalertx-test-mount-run_no-mount | netalertx-test-mount-run_no-mount | Startup pre-checks netalertx-test-mount-run_no-mount | --> data migration.sh netalertx-test-mount-run_no-mount | --> capabilities audit.sh netalertx-test-mount-run_no-mount | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-run_no-mount | --> mounts.py netalertx-test-mount-run_no-mount | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-run_no-mount | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-run_no-mount | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-run_no-mount | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-run_no-mount | /tmp/run/tmp | ✅| ✅| ❌ | ❌ | ❌ | ✅ netalertx-test-mount-run_no-mount | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-run_no-mount | /tmp/log | ✅| ✅| ❌ | ❌ | ❌ | ✅ netalertx-test-mount-run_no-mount | /tmp/run | ✅| ✅| ❌ | ❌ | ❌ | ✅ netalertx-test-mount-run_no-mount | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-run_no-mount | netalertx-test-mount-run_no-mount | netalertx-test-mount-run_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_no-mount | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-run_no-mount | netalertx-test-mount-run_no-mount | * /tmp/run/tmp not mounted, performance issue netalertx-test-mount-run_no-mount | * /tmp/api error writing, error reading netalertx-test-mount-run_no-mount | * /tmp/log not mounted, performance issue netalertx-test-mount-run_no-mount | * /tmp/run not mounted, performance issue netalertx-test-mount-run_no-mount | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-run_no-mount | netalertx-test-mount-run_no-mount | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-run_no-mount | configuration can be quite complex. netalertx-test-mount-run_no-mount | netalertx-test-mount-run_no-mount | Review the documentation for a correct setup: netalertx-test-mount-run_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-run_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-run_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_no-mount |  netalertx-test-mount-run_no-mount | --> first run config.sh netalertx-test-mount-run_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_no-mount | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-run_no-mount | netalertx-test-mount-run_no-mount | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-run_no-mount | this instance in production. netalertx-test-mount-run_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_no-mount | --> first run db.sh netalertx-test-mount-run_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_no-mount | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-run_no-mount | netalertx-test-mount-run_no-mount | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-run_no-mount | DB before onboarding sensitive or critical networks. netalertx-test-mount-run_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_no-mount | --> mandatory folders.sh netalertx-test-mount-run_no-mount | --> apply conf override.sh netalertx-test-mount-run_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_no-mount | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-run_no-mount | netalertx-test-mount-run_no-mount | Make sure the JSON content is correct before starting the application. netalertx-test-mount-run_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_no-mount | --> writable config.sh netalertx-test-mount-run_no-mount | --> nginx config.sh netalertx-test-mount-run_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_no-mount | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-run_no-mount | netalertx-test-mount-run_no-mount | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-run_no-mount | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-run_no-mount | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-run_no-mount | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-run_no-mount | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-run_no-mount | netalertx-test-mount-run_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-run_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_no-mount | --> expected user id match.sh netalertx-test-mount-run_no-mount |  netalertx-test-mount-run_no-mount | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-run_no-mount | --> host mode network.sh netalertx-test-mount-run_no-mount | --> excessive capabilities.sh netalertx-test-mount-run_no-mount | --> appliance integrity.sh netalertx-test-mount-run_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_no-mount | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-run_no-mount | netalertx-test-mount-run_no-mount | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-run_no-mount | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-run_no-mount | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_no-mount | --> ports available.sh netalertx-test-mount-run_no-mount exited with code 0 File: docker-compose.mount-test.run_ramdisk.yml ---------------------------------------- Expected outcome: Container shows dataloss risk warning for run on RAM disk - NETALERTX_RUN shows as mounted on tmpfs (RAM disk) - Dataloss risk warning since runtime files may be lost on restart - Container starts but runtime state may not persist Testing: docker-compose.mount-test.run_ramdisk.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-run_ramdisk Creating Container netalertx-test-mount-run_ramdisk Created Attaching to netalertx-test-mount-run_ramdisk netalertx-test-mount-run_ramdisk | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-run_ramdisk | Ownership prepared for PUID=20211. netalertx-test-mount-run_ramdisk | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-run_ramdisk | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-run_ramdisk | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-run_ramdisk | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-run_ramdisk | Ownership prepared for PUID=20211. netalertx-test-mount-run_ramdisk | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-run_ramdisk | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-run_ramdisk |  netalertx-test-mount-run_ramdisk | _ _ _ ___ _ _ __ __ netalertx-test-mount-run_ramdisk | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-run_ramdisk | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-run_ramdisk | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-run_ramdisk | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-run_ramdisk | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-run_ramdisk |  Network intruder and presence detector. netalertx-test-mount-run_ramdisk | https://netalertx.com netalertx-test-mount-run_ramdisk | netalertx-test-mount-run_ramdisk | netalertx-test-mount-run_ramdisk | Startup pre-checks netalertx-test-mount-run_ramdisk | --> data migration.sh netalertx-test-mount-run_ramdisk | --> capabilities audit.sh netalertx-test-mount-run_ramdisk | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-run_ramdisk | --> mounts.py netalertx-test-mount-run_ramdisk | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-run_ramdisk | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-run_ramdisk | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-run_ramdisk | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-run_ramdisk | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-run_ramdisk | /tmp/run/tmp | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-run_ramdisk | /tmp/api | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-run_ramdisk | /tmp/log | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-run_ramdisk | /tmp/run | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-run_ramdisk | /tmp/nginx/active-config | ✅| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-run_ramdisk | netalertx-test-mount-run_ramdisk | netalertx-test-mount-run_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_ramdisk | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-run_ramdisk | netalertx-test-mount-run_ramdisk | * /tmp/run/tmp error writing netalertx-test-mount-run_ramdisk | * /tmp/api error writing netalertx-test-mount-run_ramdisk | * /tmp/log error writing netalertx-test-mount-run_ramdisk | * /tmp/run error writing netalertx-test-mount-run_ramdisk | * /tmp/nginx/active-config error writing netalertx-test-mount-run_ramdisk | netalertx-test-mount-run_ramdisk | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-run_ramdisk | configuration can be quite complex. netalertx-test-mount-run_ramdisk | netalertx-test-mount-run_ramdisk | Review the documentation for a correct setup: netalertx-test-mount-run_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-run_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-run_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_ramdisk |  netalertx-test-mount-run_ramdisk | --> first run config.sh netalertx-test-mount-run_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_ramdisk | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-run_ramdisk | netalertx-test-mount-run_ramdisk | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-run_ramdisk | this instance in production. netalertx-test-mount-run_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_ramdisk | --> first run db.sh netalertx-test-mount-run_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_ramdisk | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-run_ramdisk | netalertx-test-mount-run_ramdisk | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-run_ramdisk | DB before onboarding sensitive or critical networks. netalertx-test-mount-run_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_ramdisk | --> mandatory folders.sh netalertx-test-mount-run_ramdisk | * Creating Plugins log. netalertx-test-mount-run_ramdisk | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-run_ramdisk | * Creating System services run log. netalertx-test-mount-run_ramdisk | Warning: Unable to create system services run log directory at /tmp/run/logs (tmpfs not writable with current capabilities). netalertx-test-mount-run_ramdisk | * Creating System services run tmp. netalertx-test-mount-run_ramdisk | Warning: Unable to create system services run tmp directory at /tmp/run/tmp (tmpfs not writable with current capabilities). netalertx-test-mount-run_ramdisk | * Creating DB locked log. netalertx-test-mount-run_ramdisk | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-run_ramdisk | * Creating Execution queue log. netalertx-test-mount-run_ramdisk | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-run_ramdisk | --> apply conf override.sh netalertx-test-mount-run_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_ramdisk | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-run_ramdisk | netalertx-test-mount-run_ramdisk | Make sure the JSON content is correct before starting the application. netalertx-test-mount-run_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_ramdisk | --> writable config.sh netalertx-test-mount-run_ramdisk | --> nginx config.sh netalertx-test-mount-run_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_ramdisk | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-run_ramdisk | netalertx-test-mount-run_ramdisk | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-run_ramdisk | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-run_ramdisk | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-run_ramdisk | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-run_ramdisk | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-run_ramdisk | netalertx-test-mount-run_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-run_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_ramdisk | --> expected user id match.sh netalertx-test-mount-run_ramdisk |  netalertx-test-mount-run_ramdisk | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-run_ramdisk | --> host mode network.sh netalertx-test-mount-run_ramdisk | --> excessive capabilities.sh netalertx-test-mount-run_ramdisk | --> appliance integrity.sh netalertx-test-mount-run_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_ramdisk | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-run_ramdisk | netalertx-test-mount-run_ramdisk | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-run_ramdisk | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-run_ramdisk | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_ramdisk | --> ports available.sh netalertx-test-mount-run_ramdisk exited with code 0 File: docker-compose.mount-test.run_unwritable.yml ---------------------------------------- Expected outcome: Container fails to start due to unwritable run partition - NETALERTX_RUN shows as mounted but unwritable (❌ in Writeable column) - 25-mandatory-folders.sh cannot create required runtime files and fails - Container startup fails because runtime infrastructure cannot be initialized Testing: docker-compose.mount-test.run_unwritable.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_netalertx_db" Creating Volume "mount-tests_netalertx_db" Created Volume "mount-tests_netalertx_config" Creating Volume "mount-tests_netalertx_config" Created Volume "mount-tests_test_system_services_run" Creating Volume "mount-tests_test_system_services_run" Created Container netalertx-test-mount-run_unwritable Creating Container netalertx-test-mount-run_unwritable Created Attaching to netalertx-test-mount-run_unwritable netalertx-test-mount-run_unwritable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-run_unwritable | Ownership prepared for PUID=20211. netalertx-test-mount-run_unwritable | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-run_unwritable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-run_unwritable | NetAlertX is running as ROOT (UID 0). Prefer setting PUID/PGID to 20211 for better isolation. netalertx-test-mount-run_unwritable | Note: CAP_SETUID/CAP_SETGID unavailable alongside NET_* caps; continuing as current user. netalertx-test-mount-run_unwritable | Ownership prepared for PUID=20211. netalertx-test-mount-run_unwritable | su-exec: setgroups(20211): Operation not permitted netalertx-test-mount-run_unwritable | Note: su-exec failed (exit 0); continuing as current user without privilege drop. netalertx-test-mount-run_unwritable |  netalertx-test-mount-run_unwritable | _ _ _ ___ _ _ __ __ netalertx-test-mount-run_unwritable | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-run_unwritable | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-run_unwritable | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-run_unwritable | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-run_unwritable | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-run_unwritable |  Network intruder and presence detector. netalertx-test-mount-run_unwritable | https://netalertx.com netalertx-test-mount-run_unwritable | netalertx-test-mount-run_unwritable | netalertx-test-mount-run_unwritable | Startup pre-checks netalertx-test-mount-run_unwritable | --> data migration.sh netalertx-test-mount-run_unwritable | --> capabilities audit.sh netalertx-test-mount-run_unwritable | Security context: Operational capabilities (SETGID SETUID) not granted. netalertx-test-mount-run_unwritable | --> mounts.py netalertx-test-mount-run_unwritable | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-run_unwritable | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-run_unwritable | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-run_unwritable | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-run_unwritable | /tmp/run/tmp | ✅| ❌| ✅ | ❌ | ❌ | ✅ netalertx-test-mount-run_unwritable | /tmp/api | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-run_unwritable | /tmp/log | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-run_unwritable | /tmp/run | ✅| ❌| ✅ | ❌ | ❌ | ✅ netalertx-test-mount-run_unwritable | /tmp/nginx/active-config | ❌| ❌| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-run_unwritable | netalertx-test-mount-run_unwritable | netalertx-test-mount-run_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_unwritable | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-run_unwritable | netalertx-test-mount-run_unwritable | * /tmp/run/tmp error writing, performance issue netalertx-test-mount-run_unwritable | * /tmp/api error writing, error reading netalertx-test-mount-run_unwritable | * /tmp/log error writing, error reading netalertx-test-mount-run_unwritable | * /tmp/run error writing, performance issue netalertx-test-mount-run_unwritable | * /tmp/nginx/active-config error writing, error reading netalertx-test-mount-run_unwritable | netalertx-test-mount-run_unwritable | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-run_unwritable | configuration can be quite complex. netalertx-test-mount-run_unwritable | netalertx-test-mount-run_unwritable | Review the documentation for a correct setup: netalertx-test-mount-run_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-run_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-run_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_unwritable |  netalertx-test-mount-run_unwritable | --> first run config.sh netalertx-test-mount-run_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_unwritable | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-run_unwritable | netalertx-test-mount-run_unwritable | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-run_unwritable | this instance in production. netalertx-test-mount-run_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_unwritable | --> first run db.sh netalertx-test-mount-run_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_unwritable | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-run_unwritable | netalertx-test-mount-run_unwritable | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-run_unwritable | DB before onboarding sensitive or critical networks. netalertx-test-mount-run_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_unwritable | --> mandatory folders.sh netalertx-test-mount-run_unwritable | * Creating Plugins log. netalertx-test-mount-run_unwritable | Warning: Unable to create plugins log directory at /tmp/log/plugins (tmpfs not writable with current capabilities). netalertx-test-mount-run_unwritable | * Creating DB locked log. netalertx-test-mount-run_unwritable | Warning: Unable to create DB locked log file at /tmp/log/db_is_locked.log (tmpfs not writable with current capabilities). netalertx-test-mount-run_unwritable | * Creating Execution queue log. netalertx-test-mount-run_unwritable | Warning: Unable to create execution queue log file at /tmp/log/execution_queue.log (tmpfs not writable with current capabilities). netalertx-test-mount-run_unwritable | --> apply conf override.sh netalertx-test-mount-run_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_unwritable | 📝 APP_CONF_OVERRIDE detected. Configuration written to /data/config/app_conf_override.json. netalertx-test-mount-run_unwritable | netalertx-test-mount-run_unwritable | Make sure the JSON content is correct before starting the application. netalertx-test-mount-run_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_unwritable | --> writable config.sh netalertx-test-mount-run_unwritable | --> nginx config.sh netalertx-test-mount-run_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_unwritable | ⚠️ ATTENTION: Unable to write to /tmp/nginx/active-config/netalertx.conf. netalertx-test-mount-run_unwritable | netalertx-test-mount-run_unwritable | Ensure the conf.active mount is writable by the netalertx user before netalertx-test-mount-run_unwritable | changing LISTEN_ADDR or PORT. Fix permissions: netalertx-test-mount-run_unwritable | chown -R 20211:20211 /tmp/nginx/active-config netalertx-test-mount-run_unwritable | find /tmp/nginx/active-config -type d -exec chmod 700 {} + netalertx-test-mount-run_unwritable | find /tmp/nginx/active-config -type f -exec chmod 600 {} + netalertx-test-mount-run_unwritable | netalertx-test-mount-run_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/nginx-configuration-mount.md netalertx-test-mount-run_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_unwritable | --> expected user id match.sh netalertx-test-mount-run_unwritable |  netalertx-test-mount-run_unwritable | NetAlertX note: current UID 0 GID 0, expected UID 20211 GID 20211 netalertx-test-mount-run_unwritable | --> host mode network.sh netalertx-test-mount-run_unwritable | --> excessive capabilities.sh netalertx-test-mount-run_unwritable | --> appliance integrity.sh netalertx-test-mount-run_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_unwritable | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-run_unwritable | netalertx-test-mount-run_unwritable | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-run_unwritable | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-run_unwritable | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-run_unwritable | --> ports available.sh netalertx-test-mount-run_unwritable exited with code 0 File: docker-compose.mount-test.tmp_noread.yml ---------------------------------------- Expected outcome: Mounts table shows /tmp is mounted and writable but NOT readable (R=❌, W=✅) Note: This is a diagnostic-only container (entrypoint sleeps); the test chmods/chowns /tmp to mode 0300. Testing: docker-compose.mount-test.tmp_noread.yml Directory: /workspaces/NetAlertX/test/docker_tests/configurations/mount-tests Running docker compose up... Volume "mount-tests_test_netalertx_data" Creating Volume "mount-tests_test_netalertx_data" Created Container netalertx-test-mount-tmp_noread Creating Container netalertx-test-mount-tmp_noread Created Attaching to netalertx-test-mount-tmp_noread netalertx-test-mount-tmp_noread |  netalertx-test-mount-tmp_noread | _ _ _ ___ _ _ __ __ netalertx-test-mount-tmp_noread | | \ | | | | / _ \| | | | \ \ / / netalertx-test-mount-tmp_noread | | \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / netalertx-test-mount-tmp_noread | | . |/ _ \ __| _ | |/ _ \ __| __|/ \ netalertx-test-mount-tmp_noread | | |\ | __/ |_| | | | | __/ | | |_/ /^\ \ netalertx-test-mount-tmp_noread | \_| \_/\___|\__\_| |_/_|\___|_| \__\/ \/ netalertx-test-mount-tmp_noread |  Network intruder and presence detector. netalertx-test-mount-tmp_noread | https://netalertx.com netalertx-test-mount-tmp_noread | netalertx-test-mount-tmp_noread | netalertx-test-mount-tmp_noread | Startup pre-checks netalertx-test-mount-tmp_noread | --> data migration.sh netalertx-test-mount-tmp_noread | --> capabilities audit.sh netalertx-test-mount-tmp_noread | --> mounts.py netalertx-test-mount-tmp_noread | Path | R | W | Mount | RAMDisk | Performance | DataLoss netalertx-test-mount-tmp_noread | --------------------------+---+---+-------+---------+-------------+---------- netalertx-test-mount-tmp_noread | /data | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-tmp_noread | /data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-tmp_noread | /data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅ netalertx-test-mount-tmp_noread | /tmp | ❌| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-tmp_noread | /tmp/api | ❌| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-tmp_noread | /tmp/log | ❌| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-tmp_noread | /tmp/run | ❌| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-tmp_noread | /tmp/nginx/active-config | ❌| ✅| ✅ | ✅ | ✅ | ✅ netalertx-test-mount-tmp_noread | netalertx-test-mount-tmp_noread | netalertx-test-mount-tmp_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-tmp_noread | ⚠️ ATTENTION: Configuration issues detected (marked with ❌). netalertx-test-mount-tmp_noread | netalertx-test-mount-tmp_noread | * /tmp error reading netalertx-test-mount-tmp_noread | * /tmp/api error reading netalertx-test-mount-tmp_noread | * /tmp/log error reading netalertx-test-mount-tmp_noread | * /tmp/run error reading netalertx-test-mount-tmp_noread | * /tmp/nginx/active-config error reading netalertx-test-mount-tmp_noread | netalertx-test-mount-tmp_noread | We recommend starting with the default docker-compose.yml as the netalertx-test-mount-tmp_noread | configuration can be quite complex. netalertx-test-mount-tmp_noread | netalertx-test-mount-tmp_noread | Review the documentation for a correct setup: netalertx-test-mount-tmp_noread | https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md netalertx-test-mount-tmp_noread | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/mount-configuration-issues.md netalertx-test-mount-tmp_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-tmp_noread |  netalertx-test-mount-tmp_noread | --> first run config.sh netalertx-test-mount-tmp_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-tmp_noread | 🆕 First run detected. Default configuration written to /data/config/app.conf. netalertx-test-mount-tmp_noread | netalertx-test-mount-tmp_noread | Review your settings in the UI or edit the file directly before trusting netalertx-test-mount-tmp_noread | this instance in production. netalertx-test-mount-tmp_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-tmp_noread | --> first run db.sh netalertx-test-mount-tmp_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-tmp_noread | 🆕 First run detected — building initial database at: /data/db/app.db netalertx-test-mount-tmp_noread | netalertx-test-mount-tmp_noread | Do not interrupt this step. When complete, consider backing up the fresh netalertx-test-mount-tmp_noread | DB before onboarding sensitive or critical networks. netalertx-test-mount-tmp_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-tmp_noread | --> mandatory folders.sh netalertx-test-mount-tmp_noread | * Creating NetAlertX log directory. netalertx-test-mount-tmp_noread | * Creating NetAlertX API cache. netalertx-test-mount-tmp_noread | * Creating System services runtime directory. netalertx-test-mount-tmp_noread | * Creating nginx active configuration directory. netalertx-test-mount-tmp_noread | * Creating Plugins log. netalertx-test-mount-tmp_noread | * Creating System services run log. netalertx-test-mount-tmp_noread | * Creating DB locked log. netalertx-test-mount-tmp_noread | * Creating Execution queue log. netalertx-test-mount-tmp_noread | --> apply conf override.sh netalertx-test-mount-tmp_noread | --> writable config.sh netalertx-test-mount-tmp_noread | --> nginx config.sh netalertx-test-mount-tmp_noread | --> expected user id match.sh netalertx-test-mount-tmp_noread | --> host mode network.sh netalertx-test-mount-tmp_noread | --> excessive capabilities.sh netalertx-test-mount-tmp_noread | --> appliance integrity.sh netalertx-test-mount-tmp_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-tmp_noread | ⚠️ Warning: Container is running as read-write, not in read-only mode. netalertx-test-mount-tmp_noread | netalertx-test-mount-tmp_noread | Please mount the root filesystem as --read-only or use read_only: true netalertx-test-mount-tmp_noread | https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md netalertx-test-mount-tmp_noread | ══════════════════════════════════════════════════════════════════════════════ netalertx-test-mount-tmp_noread | --> ports available.sh netalertx-test-mount-tmp_noread | Starting supercronic --quiet "/services/config/cron/crontab" >>"/tmp/log/cron.log" 2>&1 & netalertx-test-mount-tmp_noread | Starting /usr/sbin/php-fpm83 -y "/services/config/php/php-fpm.conf" -F (tee stderr to app.php_errors.log) netalertx-test-mount-tmp_noread | Starting python3 -m server > /tmp/log/stdout.log 2> >(tee /tmp/log/stderr.log >&2) netalertx-test-mount-tmp_noread | Starting /usr/sbin/nginx -p "/tmp/run/" -c "/tmp/nginx/active-config/nginx.conf" -g "error_log stderr; error_log /tmp/log/nginx-error.log; daemon off;" & netalertx-test-mount-tmp_noread | 2026/01/05 02:23:24 [error] 190#190: *1 FastCGI sent in stderr: "PHP message: PHP Warning: session_start(): open(/tmp/run/tmp/sess_kitrk7dgsf2rgt911ren35b9sj, O_RDWR) failed: No such file or directory (2) in /app/front/php/templates/security.php on line 50; PHP message: PHP Warning: session_start(): Failed to read session data: files (path: /tmp/run/tmp) in /app/front/php/templates/security.php on line 50" while reading response header from upstream, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/run/php.sock:", host: "localhost:20211" netalertx-test-mount-tmp_noread | Successfully updated IEEE OUI database (112503 entries) netalertx-test-mount-tmp_noread | 2026/01/05 02:23:25 [error] 191#191: *3 FastCGI sent in stderr: "PHP message: PHP Warning: session_start(): open(/tmp/run/tmp/sess_e6st6pce0a0ksi5rr46o4ri3bu, O_RDWR) failed: No such file or directory (2) in /app/front/php/templates/security.php on line 50; PHP message: PHP Warning: session_start(): Failed to read session data: files (path: /tmp/run/tmp) in /app/front/php/templates/security.php on line 50" while reading response header from upstream, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/run/php.sock:", host: "localhost:20211" Gracefully stopping... (press Ctrl+C again to force) Container netalertx-test-mount-tmp_noread Stopping Container netalertx-test-mount-tmp_noread Stopped All tests completed - Mon Jan 5 02:23:32 UTC 2026