Error accessing cgi script inside Docker container, Operation not permitted: Couldn't bind unix domain socket

Question

I'm using Apache::Test to test an Apache handler that I'm writing. My build environment is a Docker container, created from this Dockerfile:

FROM    google/debian:wheezy
RUN     apt-get -y install make gcc build-essential
RUN     apt-get -y install sudo
RUN     apt-get -y install apache2-threaded-dev
RUN     apt-get -y install libapache2-mod-perl2 libgd-gd2-perl libgd-tools
RUN     apt-get -y install libtest-harness-perl
RUN     apt-get -y install libtap-formatter-junit-perl libjson-perl

I build the container and run it via:

docker run -i -t --rm -v $PWD:/opt/51d device-detection:latest /opt/51d/entry.sh

Apache::Test doesn't allow the httpd server to start as root and my container is running as root, so the entry.sh script creates a user for the test to use by doing:

#!/bin/bash
adduser --disabled-password --gecos '' r
adduser r sudo
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
su -m r -c /opt/51d/build

And build looks like:

perl Makefile.PL && make && make test && sudo make install

Apache::Test provides a test harness called t/TEST. I can start the Apache server just fine with:

t/TEST -start-httpd

And I can access the index.html page just fine with:

wget http://localhost:8529/index.html

However, when I attempt to access a CGI script, I get:

[Thu Apr 02 23:12:11 2015] [error] (1)Operation not permitted: Couldn't bind unix domain socket /opt/51d/CDK-51DegreesFilter/t/logs/cgisock.267
[Thu Apr 02 23:12:11 2015] [notice] Apache/2.2.22 (Debian) mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal operations
[Thu Apr 02 23:12:11 2015] [info] Server built: Dec 23 2014 22:48:32
[Thu Apr 02 23:12:11 2015] [debug] worker.c(1757): AcceptMutex: sysvsem (default: sysvsem)
[Thu Apr 02 23:12:11 2015] [crit] cgid daemon failed to initialize
[Thu Apr 02 23:12:30 2015] [error] [client 127.0.0.1] (2)No such file or directory: unable to connect to cgi daemon after multiple tries: /opt/51d/CDK-51DegreesFilter/t/cgi-bin/index.cgi

The /opt/51d/CDK-51DegreesFilter/t/logs/ directory is wide open:

ls -ld t/logs/
drwxrwxrwx 1 r staff 136 Apr  2 23:24 t/logs/

=====

Made some progress by moving the location of the ScriptSock directory

<IfModule mod_cgid.c>
    ScriptSock /tmp/cgisock
</IfModule>

New error message is:

[Sat Apr 04 04:04:23 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Sat Apr 04 04:04:23 2015] [notice] Apache/2.2.22 (Debian) mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal operations
[Sat Apr 04 04:04:23 2015] [info] Server built: Dec 23 2014 22:48:32
[Sat Apr 04 04:04:23 2015] [debug] worker.c(1757): AcceptMutex: sysvsem (default: sysvsem)
[Sat Apr 04 04:04:49 2015] [error] (2)No such file or directory: exec of '/opt/51d/CDK-51DegreesFilter/t/cgi-bin/index.cgi' failed
[Sat Apr 04 04:04:49 2015] [error] [client 127.0.0.1] Premature end of script headers: index.cgi
[Sat Apr 04 04:06:14 2015] [error] (2)No such file or directory: exec of '/opt/51d/CDK-51DegreesFilter/t/cgi-bin/index.cgi' failed
[Sat Apr 04 04:06:14 2015] [error] [client 127.0.0.1] Premature end of script headers: index.cgi

=====

Fixed the exec error as the location of the perl binary is different. Updated that and all is well.

t/TEST
[warning] setting ulimit to allow core files ulimit -c unlimited; /usr/bin/perl /opt/51d/CDK-51DegreesFilter/t/TEST
/usr/sbin/apache2  -d /opt/51d/CDK-51DegreesFilter/t -f /opt/51d/CDK-51DegreesFilter/t/conf/httpd.conf -D APACHE2 -D PERL_USEITHREADS
using Apache/2.2.22 (worker MPM)

waiting 60 seconds for server to start: ..
waiting 60 seconds for server to start: ok (waited 1 secs) 
server localhost:8529 started
t/CDK-51DegreesFilter.t .. ok
All tests successful.
Files=1, Tests=6,  0 wallclock secs ( 0.02 usr  0.02 sys +  0.34 cusr  0.08 csys =  0.46 CPU)
Result: PASS
[warning] server localhost:8529 shutdown
[warning] port 8529 still in use...
done

Answer 1

I had similar issue today.. Using valid scriptsock resolved my issue..

<IfModule cgid_module>
      #
      # ScriptSock: On threaded servers, designate the path to the UNIX
      # socket used to communicate with the CGI daemon of mod_cgid.
      #
      Scriptsock /usr/local/apache2/cgisock
  </IfModule>