Bug: Lockfile PermissionError on Raspberry Pi OS (Bullseye/Bookworm) with recent versions

[ITmitSicherheit]

This is an issue and not a support question which should be asked at https://forum.greenbone.net/?

• This is an issue and not a support question

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

When running greenbone-feed-sync on Raspberry Pi OS (Bullseye or Bookworm) as user gvm, the sync fails with a lockfile permission error – even though all ownerships and permissions on /var/lib/openvas are correct.

The error appears reproducibly on multiple fresh systems.

Example output:
❌ Error: Permission error while trying to open the lock file /var/lib/openvas/feed-update.lock

Expected Behavior

The tool should acquire and release the lockfile without error if the user has the correct ownership and permissions, and then proceed to sync all feeds without interruption.

Steps To Reproduce

1. Install Raspberry Pi OS (Bullseye or Bookworm) on a Raspberry Pi 4
2. Create user gvm:

    sudo adduser --disabled-password --gecos "" gvm
    sudo usermod -aG redis gvm

3. Ensure directories and ownerships:

   sudo chown -R gvm:gvm /var/lib/openvas

4. Install greenbone-feed-sync using pip:

   sudo -iu gvm
   pip install --user greenbone-feed-sync==25.1.0 --break-system-packages

5. Run feed sync:

 greenbone-feed-sync -vvv

1. Result: Sync starts, but then fails with:

❌ Error: Permission error while trying to open the lock file /var/lib/openvas/feed-update.lock




### Operating System

Raspberry Pi OS Bookworm (64-bit) - Kernel: Linux 6.1.x

### Version

Tested versions:
✅ greenbone-feed-sync 23.10.0 → works
❌ 24.1.1 → fails
❌ 25.1.0 → fails

Installed via pip (also tested pipx)


### Anything else?

We are using Raspberry Pi devices as scanner nodes in a distributed setup and need reliable automation. This issue blocks automated deployments.

We created a detailed installation and debugging documentation that confirms:

- All file permissions were correct (`gvm:gvm`)
- No SELinux or AppArmor active
- strace confirms file is opened, but error still occurs
- Downgrade to 23.10.0 resolves the issue

We’d be happy to provide logs, strace outputs, and our install script upon request.

Thanks for your great work!

[bjoernricks]

The actual change is in #187 Currently I don't have a clue why it shouldn't work.

[ahmedtouahria]

in .docker/entrypoint.sh
replace it by this

#!/bin/bash

# Ensure the directories for lock files exist and are owned by gvm.
mkdir -p /var/lib/openvas
chown gvm:gvm /var/lib/openvas
chmod 775 /var/lib/openvas # Give group write access as well, for broader compatibility

mkdir -p /var/lib/gvm
chown gvm:gvm /var/lib/gvm
chmod 775 /var/lib/gvm # Give group write access as well, for broader compatibility

# execute the main command passed to the container as the gvm user.
exec gosu gvm "$@"

[bjoernricks]

As far as I understand this is not about the docker container but running greenbone-feed-sync directly on Raspberry Pi OS and the permissions were already in shape.