What installation are you running?
Production (netalertx) π¦
Is there an existing issue for this?
The issue occurs in the following browsers. Select at least 2.
Current Behavior
Environment: Raspberry Pi 5, Debian 12 (Bookworm), aarch64, Docker 29.6.1, containerd 2.2.5, runc 1.3.6, overlay2/extfs storage
Issue: Container fails at /entrypoint.d/15-mounts.py with env: can't execute 'python3': Operation not permitted, on both :latest and :26.3.7.
Ruled out (with evidence):
Privilege drop / PUID β fails identically running fully as root (PUID=0)
AppArmor β disabled at kernel level (aa-status: not mounted)
Seccomp β fails identically with --security-opt seccomp=unconfined
Rootless Docker β confirmed standard rootful daemon, cgroup v2/systemd
Docker storage β overlay2/extfs, no noexec, confirmed via findmnt
binfmt_misc β disabled the host's python3.11 handler, no change
systemd hardening on docker/containerd β fully open (no NoNewPrivileges, full CapabilityBoundingSet)
Host-wide exec β ruled out entirely: python:3.12-slim and alpine:latest both run perfectly on the same host
Conclusion: appears isolated to the netalertx image's bundled Python binary/build itself.
Expected Behavior
not failing to start
Steps To Reproduce
No response
Relevant app.conf settings
docker-compose.yml
Debug or Trace enabled
Relevant app.log section
PASTE LOG HERE. Using the triple backticks preserves format.
Docker Logs
PASTE DOCKER LOG HERE. Using the triple backticks preserves format.
What installation are you running?
Production (netalertx) π¦
Is there an existing issue for this?
The issue occurs in the following browsers. Select at least 2.
Current Behavior
Environment: Raspberry Pi 5, Debian 12 (Bookworm), aarch64, Docker 29.6.1, containerd 2.2.5, runc 1.3.6, overlay2/extfs storage
Issue: Container fails at /entrypoint.d/15-mounts.py with env: can't execute 'python3': Operation not permitted, on both :latest and :26.3.7.
Ruled out (with evidence):
Privilege drop / PUID β fails identically running fully as root (PUID=0)
AppArmor β disabled at kernel level (aa-status: not mounted)
Seccomp β fails identically with --security-opt seccomp=unconfined
Rootless Docker β confirmed standard rootful daemon, cgroup v2/systemd
Docker storage β overlay2/extfs, no noexec, confirmed via findmnt
binfmt_misc β disabled the host's python3.11 handler, no change
systemd hardening on docker/containerd β fully open (no NoNewPrivileges, full CapabilityBoundingSet)
Host-wide exec β ruled out entirely: python:3.12-slim and alpine:latest both run perfectly on the same host
Conclusion: appears isolated to the netalertx image's bundled Python binary/build itself.
Expected Behavior
not failing to start
Steps To Reproduce
No response
Relevant
app.confsettingsdocker-compose.yml
Debug or Trace enabled
Relevant
app.logsectionDocker Logs