Describe the bug We had this container running in azure container

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Looking into my running container: <div class="highlight highlight-source-shell no

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Stopped working in azure container instances about docker-clamav HOT 13 CLOSED

mko-x commented on August 17, 2024

Stopped working in azure container instances

from docker-clamav.

Comments (13)

WhiteBahamut commented on August 17, 2024 1

mkdir was present in the debian varian all the time, just introduced into alpine variants now.

~~Can you try to run the container asclamav user (should be id 100?). My guess it azure does some "you are root, but actually you are not" stuff?~~
Forget the user stuff, seems not even to work locally

from docker-clamav.

WhiteBahamut commented on August 17, 2024 1

@shaunakv1 can you test the images from whitebahamut/docker-clamav. I've changed the user the container is running with to clamav (sources here https://github.com/WhiteBahamut/docker-clamav/tree/fix/permission-fail-on-azure). Works on my machine ;-)

from docker-clamav.

shaunakv1 commented on August 17, 2024

I think I have narrowed the breaking change down to this recent commit:

6b837a3#diff-6be5f76d3d1fb5e9c9d414680288570b1ec8e8f01700b8dc7e9fe30e2dd832b1L10

For some reason Azure does not like that mkdir statement and is breaking the deploy

from docker-clamav.

mko-x commented on August 17, 2024

I think I have narrowed the breaking change down to this recent commit:

6b837a3#diff-6be5f76d3d1fb5e9c9d414680288570b1ec8e8f01700b8dc7e9fe30e2dd832b1L10

For some reason Azure does not like that mkdir statement and is breaking the deploy

Did you try it without that mkdir - lines?

from docker-clamav.

mko-x commented on August 17, 2024

mkdir was present in the debian varian all the time, just introduced into alpine variants now.

~~Can you try to run the container asclamav user (should be id 100?). My guess it azure does some "you are root, but actually you are not" stuff?~~
Forget the user stuff, seems not even to work locally

why did you introduce that mkdir statements from debian to alpine version? have they been necessary?

from docker-clamav.

WhiteBahamut commented on August 17, 2024

yes, without that it failed to start. It is very intersting that it does not work in azure, but on a "normal" vm or machine. a directory in a imge should not cause a failing runtime behaviour. It happens in the debian variants as well and there mkdir has always been in the dockerfile.
I have the impression it is more about the chmod and not mkdir.
@shaunakv1 can you just verify the user id of the running container (connect to the container and run id) and no matter what is the output can you change to run the container as root (0)?

from docker-clamav.

WhiteBahamut commented on August 17, 2024

Looking into my running container:

/ # ls -l /var/run/
total 12
drwxr-x---    1 clamav   clamav        4096 Oct 20 18:06 clamav
-rw-rw-r--    1 root     root             2 Oct 20 18:06 clamd.pid
drwxr-xr-x    3 root     root          4096 Oct 20 18:05 secrets
/ # ls -l /var/run/clamav/
total 4
srw-rw-rw-    1 root     root             0 Oct 20 18:06 clamd.sock
-rw-rw----    1 root     root             2 Oct 20 18:05 freshclam.pid
/ # id
uid=0(root) gid=0(root) groups=1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)

One can see the user is root, /var/run/clamav is owned by clamav. Files in there are again owned by root. Which makes sense as the container runs as root. I'll check tomorrow if chown is really required at all

from docker-clamav.

shaunakv1 commented on August 17, 2024

@WhiteBahamut Unfortunately once the container crashes (or even until it's fully online) in azure container instances, I can't bash into it to verify the user.

Trying out your custom image now, let you know. Thanks for looking into it.

from docker-clamav.

shaunakv1 commented on August 17, 2024

@WhiteBahamut the test image at whitebahamut/docker-clamav worked like a charm! Indeed looks like changing the user worked! Can we get that pushed to mkodockx/docker-clamav:latest and mkodockx/docker-clamav:alpine please?

Thanks for your quick response and digging into the problem.

2020-10-26T16:17:41.7867814Z stdout F Mon Oct 26 16:17:41 2020 -> ClamAV update process started at Mon Oct 26 16:17:41 2020
2020-10-26T16:17:46.799026Z stdout F Mon Oct 26 16:17:46 2020 -> daily database available for update (local version: 25966, remote version: 25969)
2020-10-26T16:18:21.2302515Z stdout F Mon Oct 26 16:18:21 2020 -> Testing database: '/var/lib/clamav/tmp.6ba5b/clamav-463935aaf9f2a2160508316a8fba0dc8.tmp-daily.cld' ...
2020-10-26T16:19:25.9121181Z stdout F Mon Oct 26 16:19:25 2020 -> Localserver: Creating socket directory: /var/run/clamav
2020-10-26T16:19:25.9161483Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: Global time limit set to 120000 milliseconds.
2020-10-26T16:19:25.9161483Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: Global size limit set to 104857600 bytes.
2020-10-26T16:19:25.9285906Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: File size limit set to 26214400 bytes.
2020-10-26T16:19:25.9285906Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: Recursion level limit set to 16.
2020-10-26T16:19:25.9286544Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: Files limit set to 10000.
2020-10-26T16:19:25.9286544Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
2020-10-26T16:19:25.9286544Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
2020-10-26T16:19:25.9287211Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
2020-10-26T16:19:25.9287211Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
2020-10-26T16:19:25.9287211Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
2020-10-26T16:19:25.9287607Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: MaxPartitions limit set to 50.
2020-10-26T16:19:25.9287607Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: MaxIconsPE limit set to 100.
2020-10-26T16:19:25.9287607Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: MaxRecHWP3 limit set to 16.
2020-10-26T16:19:25.9287607Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: PCREMatchLimit limit set to 10000.
2020-10-26T16:19:25.9287607Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: PCRERecMatchLimit limit set to 5000.
2020-10-26T16:19:25.9287607Z stdout F Mon Oct 26 16:19:25 2020 -> Limits: PCREMaxFileSize limit set to 26214400.
2020-10-26T16:19:25.9287607Z stdout F Mon Oct 26 16:19:25 2020 -> Archive support enabled.
2020-10-26T16:19:25.9287607Z stdout F Mon Oct 26 16:19:25 2020 -> AlertExceedsMax heuristic detection disabled.
2020-10-26T16:19:25.9288407Z stdout F Mon Oct 26 16:19:25 2020 -> Heuristic alerts enabled.
2020-10-26T16:19:25.9288407Z stdout F Mon Oct 26 16:19:25 2020 -> Portable Executable support enabled.
2020-10-26T16:19:25.9288407Z stdout F Mon Oct 26 16:19:25 2020 -> ELF support enabled.
2020-10-26T16:19:25.9288407Z stdout F Mon Oct 26 16:19:25 2020 -> Mail files support enabled.
2020-10-26T16:19:25.9288407Z stdout F Mon Oct 26 16:19:25 2020 -> OLE2 support enabled.
2020-10-26T16:19:25.9288407Z stdout F Mon Oct 26 16:19:25 2020 -> PDF support enabled.
2020-10-26T16:19:25.9288407Z stdout F Mon Oct 26 16:19:25 2020 -> SWF support enabled.
2020-10-26T16:19:25.9288407Z stdout F Mon Oct 26 16:19:25 2020 -> HTML support enabled.
2020-10-26T16:19:25.9288407Z stdout F Mon Oct 26 16:19:25 2020 -> XMLDOCS support enabled.
2020-10-26T16:19:25.9288407Z stdout F Mon Oct 26 16:19:25 2020 -> HWP3 support enabled.
2020-10-26T16:19:25.9288407Z stdout F Mon Oct 26 16:19:25 2020 -> Self checking every 3600 seconds.
2020-10-26T16:19:27.199204Z stdout F Mon Oct 26 16:19:27 2020 -> Database test passed.
2020-10-26T16:19:27.2002085Z stdout F Mon Oct 26 16:19:27 2020 -> daily.cld updated (version: 25969, sigs: 4335803, f-level: 63, builder: raynman)
2020-10-26T16:19:27.2525476Z stdout F Mon Oct 26 16:19:27 2020 -> main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
2020-10-26T16:19:27.2525476Z stdout F Mon Oct 26 16:19:27 2020 -> bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
2020-10-26T16:19:27.2605237Z stdout F Mon Oct 26 16:19:27 2020 -> Clamd successfully notified about the update.
2020-10-26T16:19:30.1627342Z stdout F Mon Oct 26 16:19:30 2020 -> Reading databases from /var/lib/clamav
2020-10-26T16:20:03.008489Z stdout F Mon Oct 26 16:20:02 2020 -> Database correctly reloaded (8929191 signatures)

from docker-clamav.

WhiteBahamut commented on August 17, 2024

Will create a PR. If possible can you also verify detection also works? Using a https://www.eicar.org/?page_id=3950 file should do the trick.

from docker-clamav.

shaunakv1 commented on August 17, 2024

Thanks @WhiteBahamut give me 30 mins to run all checks, and I will get back to you

from docker-clamav.

shaunakv1 commented on August 17, 2024

@WhiteBahamut Verified, the virus detection works too. Thanks for the quick PR! @mko-x Any chance for a quick merge :) ?

Also in order to prevent future breakages because of the code upgrades, do you guys have any plans/thoughts on going to a semver tags on the docker images so we can lock them down and control the updates?

from docker-clamav.

mko-x commented on August 17, 2024

Merged and pushed to registry. Thank you @WhiteBahamut and @shaunakv1 👍

from docker-clamav.

Stopped working in azure container instances about docker-clamav HOT 13 CLOSED

Comments (13)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent