Entrypoint.sh: operation not permitted no-new-privileges:true for Traefik docker compose

Question

Thanks for giving this a read.

I've been trying to set up the following docker-compose.yml for traefik:

version: '3'

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    environment:
      # - CF_DNS_API_TOKEN=
      # If you choose to use an API Key instead of a Token, specify your email as well
      - CF_API_EMAIL=myEmail
      - CF_API_KEY=myKey
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /a/b/c/traefik/traefik.yml:/traefik.yml:ro
      - /a/b/c/traefik/acme.json:/acme.json
      - /a/b/c/traefik/config.yml:/config.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard-internal.example.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:hash"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.example.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=example.com"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.example.com"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true

However, I get the following output when running sudo docker compose up:

# traefik is up-to-date
# Attaching to traefik
# traefik    |  exec /entrypoin.sh: operation not permited

I am pretty sure this is due to the no-new-privile=True as when I make it =Flase it will run the container (although it doesn't seem to work).

Any ideas how to fix this? Is there something else wrong with the compose file?

I have tried:

1. Running as sudo
2. chown and chmod of the traefik, docker.sock, acme.json, config.yml and localtime files
3. Commenting out most of the config

UPDATE 1 - Versions: Ubuntu:

Distributor ID: Ubuntu
Description:    Ubuntu 23.10
Release:        23.10
Codename:       mantic

Docker:

Docker version 26.0.0, build 2ae903e

Docker compose

Docker Compose version v2.25.0

Answer 1

So I solved my own question. Dunno why, but I had to completely remove docker and reinstall it. Additionally, I had to recreate all the configuration files and docker files.

Will leave this here as it may help some people.