Solved Rocky Linux 9 minimal jail working, need to figure out the next steps

NapoleonWils0n

NapoleonWils0n

I have just created a Rocky Linux 9 minimal Jail

Rocky Linux Jail notes so far on github
work in progress

github.com

cerberus/freebsd/rocky-linux-jail.org at master · NapoleonWils0n/cerberus

cerberus code library. Contribute to NapoleonWils0n/cerberus development by creating an account on GitHub.
github.com github.com

The reason im looking at Rocky Linux is to use it to install Davinci Resolve 19
because Davinci Resolve wont render (export) footage using an Ubuntu jail

Davinci Resolve has switched from using Centos to Rocky Linux as its Linux base
and actually has a Rocky Linux iso

The issue is to install Linux in a jail you need to use a mini root fs tar file you can extract into the jail
and you cant extract the contents of an iso file into a jail and run it

Looking at the Rocky Linux download page i thought they only had iso files to download

Rocky Linux iso

Download - Rocky Linux

Get started and download Rocky Linux today!
rockylinux.org rockylinux.org

But i came across this page about using Rocky Linux and wsl

Import Rocky Linux to WSL or WSL2 - Documentation

docs.rockylinux.org docs.rockylinux.org

Which has download links for tar files you can extract into a jail

Code: 
fetch 'https://dl.rockylinux.org/pub/rocky/9/images/x86_64/Rocky-9-Container-Minimal.latest.x86_64.tar.xz'


So i created a new jail, extracted the tar file into the jail
set a nameserver in /etc/resolv.conf

started the jail, entered the jail
and then ran

Code: 
microdnf update

the minimal image use microdnf instead of dnf apparently

so i now have a Rocky Linux 9 jail set up on Freebsd 14.1 p4

another though is that since Freebsd uses Centos for the Linuxulator
then maybe Rocky Linux might work better in a Freebsd Jail than other linux distro's

Also you should be able to install the Nvidia drivers using the Nvidia installer
which is needed for resolve so the divers in the jail match the version on the freebsd host

To install Davinci Resolve on Ubuntu have to use a script called makeresolvedb
to create a deb install for resolve and then fix lots of library issue on Ubuntu to get resolve to run

The Davinci Resolve installer is designed to work with Rocky Linux
so you dont need to use a script to build a package to install like on Ubuntu

I used Fedora for about 6 months
but havent used Rocky Linux before

So far i have installed the Rocky-9-Container-Minimal.latest.x86_64.tar.xz
and run microdnf update

Have to work out how to install free and non free repos
at least thats what you do with dnf on Fedora

I guess its a similar deal on Rocky

Have to rtfm

If anyone has used Rocky Linux before and has got any tips that would be great
otherwise ill have to do some reading up on the next steps
 
Rocky Linux minimal and microdnf is really frustrating

I dont know if google is just really bad at returning results
or there just isnt any documentation

the rocky linux minimal image doesnt even have ping installed
so i tried to install iputils which installs ping

but get the following error
so i cant install any packages

Code: 
# microdnf install iputils

Code: 
(microdnf:30280): GLib-GIO-WARNING **: 14:16:07.521: Error creating IO channel for /proc/self/mountinfo: Function not implemented (g-io-error-quark, 0)

(microdnf:30280): libdnf-WARNING **: 14:16:07.521: failed to setup monitor: Unable to find default local file monitor type

(microdnf:30280): libdnf-WARNING **: 14:16:07.521: failed to setup monitor: Unable to find default local file monitor type

(microdnf:30280): libdnf-WARNING **: 14:16:07.521: failed to setup monitor: Unable to find default local file monitor type
Package                                                                                                Repository                             Size
Installing:
 iputils-20210202-9.el9.x86_64                                                                         baseos                             171.2 kB
Transaction Summary:
 Installing:        1 packages
 Reinstalling:      0 packages
 Upgrading:         0 packages
 Obsoleting:        0 packages
 Removing:          0 packages
 Downgrading:       0 packages
Is this ok [y/N]: y
Running transaction test...
Installing: iputils;20210202-9.el9;x86_64;baseos
error: Error -1 running transaction

searching for "rocky linux Error creating IO channel for /proc/self/mountinfo"

returns results for issue with ubuntu, gnome and snaps

and searching for "rocky linux failed to setup monitor: Unable to find default local file monitor type"

returns results for issues with monitors and hdmi

nothing i hate more than a lack of documentation
and not being able to find any search results
 
output of mount in the rocky linux jail

Code: 
mount

Code: 
zroot/jails/linux/rocky on / type zfs (rw,noatime)
devfs on /dev type devfs (rw)
tmpfs on /dev/shm type tmpfs (rw)
fdescfs on /dev/fd type fdescfs (rw)
proc on /proc type proc (rw)
/sys on /sys type sysfs (rw)
/tmp on /tmp type nullfs (rw,nosuid,noatime)
/home on /home type nullfs (rw,noatime)
 
installed rocky linux base instead of minimal

which uses dnf and not microdnf
and also has ping, less etc installed

just ran a dnf update and that worked
getting somewhere

Code: 
fetch 'https://dl.rockylinux.org/pub/rocky/9/images/x86_64/Rocky-9-Container-Base.latest.x86_64.tar.xz'

Code: 
tar xvf Rocky-9-Container-Base.latest.x86_64.tar.xz -C /usr/local/jails/linux/rocky
 
making progress

installed the following packages and repos

dnf config-manager

Code: 
dnf install 'dnf-command(config-manager)'

crb

Code: 
dnf config-manager --set-enabled crb

epel-release

Code: 
dnf -y install epel-release

rpmfusion free

Code: 
dnf install --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm -y

rpmfusion non free

Code: 
dnf install --nogpgcheck https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm -y
 
dont you just love linux

Code: 
dnf groupupdate core

Code: 
RPM Fusion for EL 9 - Nonfree - Updates                                                                            57 kB/s |  89 kB     00:01
Last metadata expiration check: 0:00:01 ago on Sat Sep 14 18:19:32 2024.
Error:
 Problem 1: problem with installed package coreutils-single-8.32-35.el9.x86_64
  - package coreutils-8.32-35.el9.x86_64 from baseos conflicts with coreutils-single provided by coreutils-single-8.32-35.el9.x86_64 from @System
  - package coreutils-8.32-35.el9.x86_64 from baseos conflicts with coreutils-single provided by coreutils-single-8.32-35.el9.x86_64 from baseos
  - conflicting requests
 Problem 2: problem with installed package curl-minimal-7.76.1-29.el9_4.1.x86_64
  - package curl-minimal-7.76.1-29.el9_4.1.x86_64 from @System conflicts with curl provided by curl-7.76.1-29.el9_4.1.x86_64 from baseos
  - package curl-minimal-7.76.1-29.el9_4.1.x86_64 from baseos conflicts with curl provided by curl-7.76.1-29.el9_4.1.x86_64 from baseos
  - conflicting requests
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

allowerasing

Code: 
dnf groupupdate core --allowerasing
 
installed the Nvidia propriety drivers on rocky linux
the driver also seemed to install cuda

Code: 
nvidia-smi

Code: 
+-----------------------------------------------------------------------------------------+
| NVIDIA-SMI 550.54.14              Driver Version: 550.54.14      CUDA Version: 12.4     |
|-----------------------------------------+------------------------+----------------------+

trying to run the Davinci Resolve run installer fails with a fuse error
even though i have fuse2 and squashfuse installed

the run file is an appimage

using the --appimage-extract option with the run file extracts the contents on the run file
into a squash-root directory

Code: 
sudo ./DaVinci_Resolve_19.0_Linux.run --appimage-extract

inside the squashfs-root directory is an installer file

however trying to run the installer file fails with a libc++.so.1 error

Code: 
sudo squashfs-root/installer

Code: 
squashfs-root/installer: error while loading shared libraries: libc++.so.1: cannot open shared object file: No such file or directory

even though i have Development Tools installed

Code: 
sudo dnf groupinstall "Development Tools"

so im stuck on the last hurdle running the Davinci Resolve installer

have to figure out how to how to install the missing package

Code: 
libc++.so.1

when i open qt5ct in the jail as an X11 application
and display it on Freebsd using Xwayland i get a i915 error

Code: 
MESA-LOADER: failed to open i915: /usr/lib64/dri/i915_dri.so: cannot open shared object file: No such file or directory (search paths /usr/lib64/dri, suffix _dri)
failed to load driver: i915

20240915_13h47m49s_grim.png
 
libc++.so.1

Code: 
sudo find / -name 'libc++.so.1'

Code: 
/home/djwilcox/video/davinci-resolve/squashfs-root/libs/libc++.so.1
/home/djwilcox/video/davinci-resolve/squashfs-root/Fairlight Studio Utility/libc++.so.1
/home/djwilcox/video/davinci-resolve/squashfs-root/BlackmagicRAWPlayer/BlackmagicRawAPI/libc++.so.1
/home/djwilcox/video/davinci-resolve/squashfs-root/BlackmagicRAWSpeedTest/BlackmagicRawAPI/libc++.so.1
/home/djwilcox/video/davinci-resolve/squashfs-root/DaVinci Control Panels Setup/AdminUtility/PlugIns/DaVinciKeyboards/lib/libc++.so.1
/home/djwilcox/video/davinci-resolve/squashfs-root/DaVinci Control Panels Setup/AdminUtility/PlugIns/FairlightPanels/lib/libc++.so.1
/home/djwilcox/video/davinci-resolve/squashfs-root/DaVinci Control Panels Setup/AdminUtility/PlugIns/DaVinciPanels/lib/libc++.so.1
/home/djwilcox/video/davinci-resolve/squashfs-root/DaVinci Control Panels Setup/libc++.so.1

so libc++.so.1 is included in the Davinci Resolve run installer i extracted into the squashfs-root directory

list the contents of the squashfs-root directory

Code: 
sudo ls -l squashfs-root

Code: 
-rwxr-xr-x  1 root djwilcox    9075 Sep 15 12:38  AppRun
-rw-r--r--  1 root djwilcox     252 Sep 15 12:38  AppRun.desktop
drwx------  5 root djwilcox       8 Sep 15 12:38  BlackmagicRAWPlayer
drwx------  5 root djwilcox      10 Sep 15 12:38  BlackmagicRAWSpeedTest
drwx------  8 root djwilcox      10 Sep 15 12:38  CentOSUpdate
drwx------  2 root djwilcox       4 Sep 15 12:38  Certificates
drwx------  2 root djwilcox       6 Sep 15 12:38  Control
-rw-r--r--  1 root djwilcox   16884 Sep 15 12:38  DV_Resolve.png
drwx------  6 root djwilcox      33 Sep 15 12:38 'DaVinci Control Panels Setup'
drwx------ 10 root djwilcox      10 Sep 15 12:38  Developer
drwx------  4 root djwilcox      23 Sep 15 12:38 'Fairlight Studio Utility'
drwx------  6 root djwilcox       6 Sep 15 12:38  Fusion
drwx------ 16 root djwilcox      32 Sep 15 12:38  LUT
drwx------  4 root djwilcox       6 Sep 15 12:38  Onboarding
drwx------  2 root djwilcox       4 Sep 15 12:38 'Technical Documentation'
drwx------  4 root djwilcox       5 Sep 15 12:38  UI_Resource
drwx------  2 root djwilcox      19 Sep 15 12:38  bin
drwx------  2 root djwilcox       6 Sep 15 12:38  docs
-rw-r--r--  1 root djwilcox  251188 Sep 15 12:38  filelist.txt
drwx------  2 root djwilcox      20 Sep 15 12:38  graphics
-rwxr-xr-x  1 root djwilcox 3153768 Sep 15 12:38  installer
-rw-r--r--  1 root djwilcox     762 Sep 15 12:38  installer.dat
drwx------ 10 root djwilcox     294 Sep 15 12:39  libs
drwx------  2 root djwilcox      18 Sep 15 12:39  plugins
drwx------  2 root djwilcox      13 Sep 15 12:39  scripts
drwx------  4 root djwilcox      17 Sep 15 12:39  share

i tried running the installer script

Code: 
sudo squashfs-root/installer

but that where i get the error about libc++.so.1

because the libc++.so.1 file is in the lib directory in the squashfs-root directory
and obviously freebsd doesnt search that path for libs

my guess is when you run the Davinci Resolve run installer
it finds the libraries inside the installer, but because i have extracted the run file it cant find the libraries

the other thing to look at is the AppRun file in the squashfs-root

fuse error when running the resolve installer

Code: 
sudo ./DaVinci_Resolve_19.0_Linux.run

Code: 
fusermount: mount failed: Operation not permitted

Cannot mount AppImage, please check your FUSE setup.
You might still be able to extract the contents of this AppImage
if you run it with the --appimage-extract option.
See https://github.com/AppImage/AppImageKit/wiki/FUSE
for more information
open dir error: No such file or directory
 
AppRun

Code: 
sudo squashfs-root/AppRun

Code: 
Error: Missing or outdated system packages detected.

Please install the following missing packages:
    apr apr-util libglvnd-opengl libxkbcommon-x11 mtdev
    xcb-util xcb-util-cursor xcb-util-image xcb-util-keysyms
    xcb-util-renderutil xcb-util-wm

Use SKIP_PACKAGE_CHECK=1 to bypass the system package check.

***********************
Installation cancelled.
 
installed missing packages

Code: 
sudo dnf install apr apr-util libglvnd-opengl libxkbcommon-x11 mtdev xcb-util xcb-util-cursor xcb-util-image xcb-util-keysyms xcb-util-renderutil xcb-util-wm

Code: 
sudo squashfs-root/AppRun

Code: 
Authorization required, but no authorization protocol specified
qt.qpa.xcb: could not connect to display unix:0
qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found.
This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.

Available platform plugins are: linuxfb, minimal, offscreen, xcb.

squashfs-root/AppRun: line 348: 44695 Aborted                 (core dumped) "${CURRENT_DIR}/installer" "${CURRENT_DIR}" "$@"

need to install some qt packages
 
installed a couple of packages

Code: 
sudo dnf install libinput wayland-utils wayland-protocols-devel libxkbcommon qt5 adwaita-qt5 qt5ct

ran AppRun

Code: 
sudo squashfs-root/AppRun

Code: 
This will install DaVinci Resolve on this computer
Do you wish to continue? (y/n): y

Davinci Resolve 19 is install to /opt/resolve

launching resolve

Code: 
/opt/resolve/bin/resolve

error

Code: 
/opt/resolve/bin/resolve: error while loading shared libraries: libcrypt.so.1: cannot open shared object file: No such file or directory

there are always these types of errors installing resolve on linux

at least i have resolve installed now
next step is to actually launch it
 
installed libxcrypt-compat to fix the previous error

Code: 
sudo dnf install libxcrypt-compat

Code: 
/opt/resolve/bin/resolve

the resolve splash screen shows up
but Davinci resolve doesnt start

have to check the log files

on ubuntu you have to install ocl-icd-opencl-dev
otherwise you get issues with the splash screen

have to find the equivalent package on Rocky Linux
but making progress, slowly

20240915_16h51m12s_grim.png
 
the splash screen crashes when loading Fusion

resolve log

Code: 
resolve: /home/jenkins/jenkins/workspace/resolve/Resolve/Cyclone/UI/Fusion/UiFusionPanelImp.cpp:283: UiFusionPanelImp::UiFusionPanelImp(QWidget *): Assertion `fusionInterface' failed.
 
seems to be an issue with the tmp directory

resolve seems to be using /var/tmp
and not /tmp for the davinci_socket

normally the socket is created in the /tmp directory

Code: 
0x83efc9000    | UI.MenuBar           | WARN  | 2024-09-15 16:03:32,278 | Main menu action [workspaceLayoutFusion_sub001Default]'s slot is not defined: workspaceLayoutFusion_sub001Default_triggered()
0x92f125000    | SyManager            | ERROR | 2024-09-15 16:03:32,311 | Failed to connect to panel socket
0x92f125000    | SyManager            | ERROR | 2024-09-15 16:03:32,311 | DRIVER: open /var/tmp/davinci_socket failed

/var/tmp/davinci_socket failed

Code: 
ls -l /var/tmp

Code: 
total 9
srwxrwxrwx  1 djwilcox root  0 Sep 15 16:38 davinci_socket
drwx------ 11 djwilcox root 37 Sep 14 20:05 dnf-djwilcox-ag247z37

Code: 
ls -l /tmp

Code: 
drwx------ 2 djwilcox root   2 Sep 15 16:21 babel-dCobHw
drwxr-xr-x 2 djwilcox root   2 Sep 15 16:21 babel-stable-787
srwxrwxrwx 1 djwilcox root   0 Sep 15 16:21 dbus-fyq0q2ITc0
drwxr-xr-x 2 djwilcox root   3 Sep 15 16:37 emacs1001
-rw-r--r-- 1 djwilcox root 463 Sep 15 16:43 emacs100118753-pollux~
srwxrwxrwx 1 djwilcox root   0 Sep 15 16:38 qtsingleapp-DaVinc-7fe3-3e9
-rw-r--r-- 1 djwilcox root   0 Sep 15 16:38 qtsingleapp-DaVinc-7fe3-3e9-lockfile
drwxr-xr-x 2 root     root   3 Sep 15 16:20 sndio
drwx------ 2 djwilcox root   3 Sep 15 16:21 tmux-1001

rocky.conf jail config tmp directory

Code: 
    mount += "/tmp            $path/tmp      nullfs          rw                      0       0";

dont know if i need to change the mount point for the tmp directory in the jail from /tmp to /var/tmp
 
tried creating a symlink for the davinci_socket
just in case it was looking for the socket in the wrong tmp directory

Code: 
sudo ln -s /var/tmp/davinci_socket /tmp/davici_socket

didnt work

wonder if its a library issue for fusion thats the issue
 
getting closer

i installed resolve in a ubuntu jail ( which wouldnt "render" export footage )
with a nullfs home which contained this directory

Code: 
~/.local/share/DaVinciResolve

i figured maybe the old DaVinciResolve directory from ubuntu was causing an issue

so i renamed the directory

Code: 
cd ~/.local/share
mv DaVinciResolve DaVinciResolve.bak

ran resolve

Code: 
resolve

sure enough the welcome page shows up

the welcome page checks if Davinci Resolve is installed properly
and also checks if the gpu is working

and it passes all the checks

but i get this error

Code: 
log4cxx: No appender could be found for logger (GPU).
log4cxx: Please initialize the log4cxx system properly.

on ubuntu installing this package fixes the issue

Code: 
liblog4cxx-dev

so i need to what the package is called on rocky linux

20240915_20h18m34s_grim.png



20240915_20h19m06s_grim.png
 
think i may have figured out the issue

i installed kdenlive in the rocky linux jail

when i run kdenlive i get this error

Code: 
libEGL warning: failed to open /dev/dri/renderD129: Permission denied

libEGL warning: wayland-egl: could not open /dev/dri/renderD129 (Permission denied)

rocky.conf jail config uses devfs rules

Code: 
[jail=7]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path 'mixer*' unhide
add path 'dsp*' unhide
add path 'dri*' unhide
add path 'drm*' unhide
add path 'nvidia*' unhide
add path 'speaker*' unhide

listing the /dev/dri directory in the jail

Code: 
ls -l /dev/dri

Code: 
total 0
lrwxr-xr-x 1 root root  8 Sep 16 14:17 card0 -> ../drm/0
lrwxr-xr-x 1 root root  8 Sep 16 14:17 card1 -> ../drm/1
lrwxr-xr-x 1 root root 10 Sep 16 14:17 renderD128 -> ../drm/128
lrwxr-xr-x 1 root root 10 Sep 16 14:17 renderD129 -> ../drm/129

notice the permissions are root root in the jail

listing /dev/dri on the freebsd host

Code: 
ls -l /dev/dri

Code: 
lrwxr-xr-x  1 root wheel  8 16 Sep 14:16 card0 -> ../drm/0
lrwxr-xr-x  1 root wheel  8 16 Sep 14:16 card1 -> ../drm/1
lrwxr-xr-x  1 root wheel 10 16 Sep 14:16 renderD128 -> ../drm/128
lrwxr-xr-x  1 root wheel 10 16 Sep 14:16 renderD129 -> ../drm/129

notice the permissions are root wheel on the freebsd host

i dont think the permissions in an ubuntu jail are root root for /dev/dri
ill have to double check

so it looks like resolve and kdenlive are failing to open

Code: 
/dev/dri/renderD129

because its owned by root
for both the user and group

and so when you are running resolve or kdenlive as a normal user
it cant open /dev/dri/renderD129

i added my self to the following groups

Code: 
djwilcox adm cdrom video audio users pipewire

maybe i should add myself to the wheel group as well
but the issue is renderD129 is owned by root root and not root wheel

ideas for fixing the issue

1 - add my user to wheel group

2 - add my user to the root group

3 - change the permissions of the dri and drm devices in the jail
from root root
to root wheel, after adding my user to the wheel group

option 3 seems a bit dodgy

i dont like the idea of changing the permission of the dri and drm device in the jail
just in case it affects the host permissions
 
same issue in an ubuntu jail

Code: 
ls -l /dev/dri

Code: 
lrwxr-xr-x 1 root root  8 Sep 16 17:59 card0 -> ../drm/0
lrwxr-xr-x 1 root root  8 Sep 16 17:59 card1 -> ../drm/1
lrwxr-xr-x 1 root root 10 Sep 16 17:59 renderD128 -> ../drm/128
lrwxr-xr-x 1 root root 10 Sep 16 17:59 renderD129 -> ../drm/129

persmissions are root root

which would explain why davinci resolve on ubuntu
cant render any footage

so the same permissions issue on /dev/dri /dev/drm
on both rocky and ubuntu

which makes me think maybe its a freebsd issue with devfs.rules and jails

i installed davinci resolve 18.6 in an ubuntu jail a while ago
so i know it works

i guess a recent freebsd update has changed how jail permissions are set using devfs.rules

devfs.rules

Code: 
add path 'dri*' unhide
add path 'drm*' unhide
add path 'nvidia*' unhide

instead of setting the permissions to root wheel the dri, drm and nvidia
mounted in the jail have root root permissions

which obviously means that a regular user cant access those devices
 
added my user to the root group

ubuntu mantic jail exporting 30 second clip from big buck bunny
doesnt work gets stuck and doesnt finish rendering

so adding the user to the root group makes no difference

i did have a similar issue with ubuntu jammy
where everything had root root permissions

i dont know if there is a way to specify the permissions
with devfs.rules

the bug is happening with ubuntu installed with debootstrap
and a rocky linux tar file extracted into the jail


20240916_18h37m58s_grim.png
 
looking at the devfs.rules man page

devfs.rules

man.freebsd.org man.freebsd.org

To make all the partitions of da(4) devices readable and writable by
their owner and the "usb" group, the following rule may be used:

Code: 
[localrules=10]
add path 'da*s*' mode 0660    group usb

so maybe something like this

Code: 
[jail=7]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path 'mixer*' unhide mode 0755 group wheel
add path 'dsp*' unhide mode 0755 group wheel
add path 'dri*' unhide mode 0755 group wheel
add path 'drm*' unhide mode 0755 group wheel
add path 'nvidia*' unhide mode 0755 group wheel
add path 'speaker*' unhide mode 0755 group wheel
 
changed the devfs.rules
and rebooted for good measure

just checked the rocky and ubuntu jails
and the permissions are the same

so i wonder if those settings only apply when you first create the jail
and setting them after the jail has been created doesnt change the permissions

only one way to find out create a new jail
 
You must log in or register to reply here.
Back
Top