Git Product home page Git Product logo

agnellusx1 / clone3-workaround Goto Github PK

View Code? Open in Web Editor NEW

This project forked from akihirosuda/clone3-workaround

0.0 0.0 0.0 11 KB

Workaround for running ubuntu:21.10, fedora:35, and other glibc >= 2.34 distros on Docker <= 20.10.9

Home Page: https://medium.com/nttlabs/ubuntu-21-10-and-fedora-35-do-not-work-on-docker-20-10-9-1cd439d9921

License: Apache License 2.0

Go 60.17% Makefile 39.83%

clone3-workaround's Introduction

clone3-workaround: Workaround for running ubuntu:21.10, fedora:35, and other glibc >= 2.34 distros on Docker <= 20.10.9

Old container engines such as Docker <= 20.10.9 cannot run glibc >= 2.34 images such as ubuntu:21.10 and fedora:35:

$ docker run -it  --rm ubuntu:21.10
root@862f014171b5:/# apt-get update
Get:1 http://security.ubuntu.com/ubuntu impish-security InRelease [90.7 kB]
Get:2 http://archive.ubuntu.com/ubuntu impish InRelease [270 kB]
Get:3 http://security.ubuntu.com/ubuntu impish-security/main amd64 Packages [620 B]
Get:4 http://archive.ubuntu.com/ubuntu impish-updates InRelease [90.7 kB]
Get:5 http://archive.ubuntu.com/ubuntu impish-backports InRelease [90.7 kB]
Get:6 http://archive.ubuntu.com/ubuntu impish/universe amd64 Packages [16.7 MB]
Get:7 http://archive.ubuntu.com/ubuntu impish/restricted amd64 Packages [110 kB]
Get:8 http://archive.ubuntu.com/ubuntu impish/main amd64 Packages [1793 kB]
Get:9 http://archive.ubuntu.com/ubuntu impish/multiverse amd64 Packages [256 kB]
Get:10 http://archive.ubuntu.com/ubuntu impish-updates/main amd64 Packages [620 B]
Fetched 19.4 MB in 7s (2893 kB/s)
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error code
$ docker run -it --rm fedora:35 dnf update
[root@849f3703c4b5 /]# dnf install -y hello
Fedora 35 - x86_64                                                                                                                                                                                 0.0  B/s |   0  B     00:00
Errors during downloading metadata for repository 'fedora':
  - Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=fedora-35&arch=x86_64 [getaddrinfo() thread failed to start]
Error: Failed to download metadata for repo 'fedora': Cannot prepare internal mirrorlist: Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=fedora-35&arch=x86_64 [getaddrinfo() thread failed to start]

clone3-workaround provides a workaround for this issue, by loading an additional seccomp profile that hides clone3(2) syscall from glibc, so that the clone() wrapper of glibc works in the legacy-compatible mode.

No need to upgrade Docker. No need to specify custom docker run --security-opt flags.

Target container engines

clone3-workaround should be useful for the following containe engines.

Newer container engines DO NOT need clone3-workaround.

Also note that some distributor vendors have already cherry-picked the Docker 20.10.10 patch to older versions. e.g., docker.io/20.10.7-0ubuntu5~20.04.1 DO NOT need clone3-workaround, although its version number is smaller than 20.10.10.

Install

Pre-built binary is available at https://github.com/AkihiroSuda/clone3-workaround/releases .

To build clone3-workaround from the source, run make.

Build dependencies:

  • Go
  • libseccomp-dev

Usage

docker run

Mount or copy clone3-workaround to the container, and run clone3-workaround COMMAND [ARGUMENTS...] to run the command with the workaround.

Example: Ubuntu 21.10

$ docker run -it --rm -v $(pwd)/clone3-workaround:/clone3-workaround ubuntu:21.10 /clone3-workaround bash
root@490fd2f29a88:/# apt-get update
Get:1 http://security.ubuntu.com/ubuntu impish-security InRelease [90.7 kB]
...
Fetched 19.4 MB in 6s (2996 kB/s)
Reading package lists... Done

root@490fd2f29a88:/# apt-get install -y hello
Reading package lists... Done
...
Unpacking hello (2.10-2ubuntu3) ...
Setting up hello (2.10-2ubuntu3) ...

Example: Fedora 35

$ docker run -it --rm -v $(pwd)/clone3-workaround:/clone3-workaround fedora:35 /clone3-workaround bash
[root@c699df1e7bd4 /]# dnf install -y hello
Fedora 35 - x86_64                                                                                                                                                                                 6.5 MB/s |  61 MB     00:09
...
Installed:
  hello-2.10-6.fc35.x86_64                                                                                          info-6.8-2.fc35.x86_64

Complete!

docker build

Copy the clone3-workaround binary to the image, and specify SHELL ["/clone3-workaround","/bin/sh", "-c"] in the Dockerfile.

Example: Ubuntu 21.10

FROM ubuntu:21.10
ADD https://github.com/AkihiroSuda/clone3-workaround/releases/download/v1.0.0/clone3-workaround.x86_64 /clone3-workaround
RUN chmod 755 /clone3-workaround
SHELL ["/clone3-workaround","/bin/sh", "-c"]
RUN apt-get update && apt-get install -y hello

Example: Fedora 35

FROM fedora:35
ADD https://github.com/AkihiroSuda/clone3-workaround/releases/download/v1.0.0/clone3-workaround.x86_64 /clone3-workaround
RUN chmod 755 /clone3-workaround
SHELL ["/clone3-workaround","/bin/sh", "-c"]
RUN dnf install -y hello

clone3-workaround's People

Contributors

akihirosuda avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.