weber-software / diuid Goto Github PK

Docker in UserModeLinux in Docker

License: GNU General Public License v3.0

Shell 41.85% Dockerfile 37.34% Go 20.81%

diuid's Introduction

Docker in User Mode Linux

An image for running a dockerd inside a user mode linux kernel. This way it is possible to run and build docker images without forwarding the docker socket or using privileged flags. Therefore this image can be used to build docker images with the gitlab-ci-multi-runner docker executor.

How it works

It starts a user mode linux kernel with a dockerd inside. The network communication is bridged by slirp. I didn't managed to get the "redir" of slirp to work and so i'm forwarding the docker socket using reverse tunneling over an SSH connection from the uml kernel to the container.

Security

Because uml linux is using ptrace the image might need to be started with --cap-add=SYS_PTRACE depending on your Docker version and kernel version. The flag is not needed since Docker 19.03+ with kernel 4.8+.

Example

docker run -it --rm weberlars/diuid docker info

For better performance, mount a tmpfs with exec access on /umlshm:

docker run -it --rm --tmpfs /umlshm:rw,nosuid,nodev,exec,size=8g weberlars/diuid docker info

To set dockerd flags:

docker run -it --rm -e DIUID_DOCKERD_FLAGS="--experimental --debug" weberlars/diuid docker info

To run as a daemon and expose the API socket to other hosts:

docker run -d -p 2376:2376 -v /secret:/s \
 -e DIUID_DOCKERD_FLAGS="-H tcp://0.0.0.0:2376 --tlsverify --tlscacert /s/ca.pem --tlscert /s/cert.pem --tlskey /s/key.pem" \
 weblars/diuid tail -f /tmp/kernel.log

To configure memory size and /var/lib/docker size:

docker run -it --rm -e MEM=4G -e DISK=20G weberlars/diuid docker info

To preserve /var/lib/docker disk:

docker run -it --rm -v /somewhere:/persistent weberlars/diuid docker info

diuid's People

Contributors

Stargazers

Watchers

diuid's Issues

Docker arguments are ignored when starting the diuid container

If I try to start the diuid container all args I pass are completely ignored, for example, if I execute this:

docker run -it weberlars/diuid sh

the container will just exit after waiting for dockerd .... and the bash is never executed

Does not finish `entrypoint.sh`

It seems to sometimes be stuck on this line:
https://github.com/weber-software/diuid/blob/master/entrypoint.sh#L41

as the line under it "waiting for dockerd" never gets shown in the console.

This seems to happen when I rerun the docker container. For example:

# entrypoint.sh does not finish here:
~/Projects/learning/scenarios/src/docker (main*) » docker-compose up docker 
Starting docker_docker_1 ... done
Attaching to docker_docker_1
docker_1     | Docker: Docker version 20.10.12, build 459d0df
docker_1     | Kernel: 5.15.0
docker_1     | Rootfs: Debian GNU/Linux 11 (bullseye)
docker_1     |
docker_1     | Configuration: MEM=2G DISK=10G
docker_1     | Starting OpenBSD Secure Shell server: sshd.
docker_1     | For better performance, consider mounting a tmpfs on /umlshm like this: `docker run --tmpfs /umlshm:rw,nosuid,nodev,exec,size=8g`
^CGracefully stopping... (press Ctrl+C again to force)
Stopping docker_docker_1 ...
^CKilling docker_docker_1  ...
^CERROR: Aborting.
-------------------------------------------------
# ... so I remove the volume + container
~/Projects/learning/scenarios/src/docker (main*) » docker-compose rm -v  1 ↵ 
Going to remove docker_docker_1
Are you sure? [yN] y
Removing docker_docker_1 ... done
-------------------------------------------------
# ... then when it's started up again it works
~/Projects/learning/scenarios/src/docker (main*) » docker-compose up docker  
Creating docker_docker_1 ... done
Attaching to docker_docker_1
docker_1     | Docker: Docker version 20.10.12, build 459d0df
docker_1     | Kernel: 5.15.0
docker_1     | Rootfs: Debian GNU/Linux 11 (bullseye)
docker_1     |
docker_1     | Configuration: MEM=2G DISK=10G
docker_1     | Starting OpenBSD Secure Shell server: sshd.
docker_1     | Formatting /persistent/var_lib_docker.img
docker_1     | For better performance, consider mounting a tmpfs on /umlshm like this: `docker run --tmpfs /umlshm:rw,nosuid,nodev,exec,size=8g`
docker_1     | waiting for dockerd ....
docker_1     | Executing "bash"
docker_docker_1 exited with code 0
-------------------------------------------------
# ... but the second time it does not.
~/Projects/learning/scenarios/src/docker (main*) » docker-compose up docker  
Starting docker_docker_1 ... done
Attaching to docker_docker_1
docker_1     | Docker: Docker version 20.10.12, build 459d0df
docker_1     | Kernel: 5.15.0
docker_1     | Rootfs: Debian GNU/Linux 11 (bullseye)
docker_1     |
docker_1     | Configuration: MEM=2G DISK=10G
docker_1     | Starting OpenBSD Secure Shell server: sshd.
docker_1     | For better performance, consider mounting a tmpfs on /umlshm like this: `docker run --tmpfs /umlshm:rw,nosuid,nodev,exec,size=8g`

On the non-starting container some logs are:

# cat /tmp/env
DIUID_DOCKERD_FLAGS=""
DIUID_DOCKERD_GROUP="docker"

# cat /tmp/kernel.log
Core dump limits :
	soft - NONE
	hard - NONE
Checking that ptrace can change system call numbers...OK
Checking syscall emulation patch for ptrace...OK
Checking advanced syscall emulation patch for ptrace...OK
Checking environment variables for a tempdir.../umlshm
Checking if /umlshm is on tmpfs...no
Warning: tempdir /umlshm is not on tmpfs
Checking PROT_EXEC mmap in /umlshm...OK
Adding 1454080 bytes to physical memory to account for exec-shield gap
Linux version 5.15.0 (root@buildkitsandbox) (gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 Fri Jan 7 10:17:39 UTC 2022
Zone ranges:
  Normal   [mem 0x0000000000000000-0x00000000e0162fff]
Movable zone start for each node
Early memory node ranges
  node   0: [mem 0x0000000000000000-0x0000000080162fff]
Initmem setup node 0 [mem 0x0000000000000000-0x0000000080162fff]
Built 1 zonelists, mobility grouping on.  Total pages: 516445
Kernel command line: rootfstype=hostfs rw vec0:transport=bess,dst=/run/slirp4netns-bess.sock,depth=128,gro=1 mem=2G init=/init.sh root=98:0 console=tty
Unknown command line parameters: mem=2G
Dentry cache hash table entries: 262144 (order: 9, 2097152 bytes, linear)
Inode-cache hash table entries: 131072 (order: 8, 1048576 bytes, linear)
mem auto-init: stack:off, heap alloc:off, heap free:off
Memory: 2054144K/2098572K available (4340K kernel code, 1154K rwdata, 1196K rodata, 161K init, 179K bss, 44428K reserved, 0K cma-reserved)
NR_IRQS: 64
clocksource: timer: mask: 0xffffffffffffffff max_cycles: 0x1cd42e205, max_idle_ns: 881590404426 ns
Calibrating delay loop... 6660.91 BogoMIPS (lpj=33304576)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
Mountpoint-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
Checking that host ptys support output SIGIO...Yes
devtmpfs: initialized
random: get_random_u32 called from bucket_table_alloc.isra.0+0x128/0x153 with crng_init=0
clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
futex hash table entries: 256 (order: 0, 6144 bytes, linear)
NET: Registered PF_NETLINK/PF_ROUTE protocol family
pps_core: LinuxPPS API ver. 1 registered
pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <[email protected]>
PTP clock support registered
clocksource: Switched to clocksource timer
VFS: Disk quotas dquot_6.6.0
VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
NET: Registered PF_INET protocol family
IP idents hash table entries: 32768 (order: 6, 262144 bytes, linear)
tcp_listen_portaddr_hash hash table entries: 1024 (order: 2, 16384 bytes, linear)
TCP established hash table entries: 16384 (order: 5, 131072 bytes, linear)
TCP bind hash table entries: 16384 (order: 5, 131072 bytes, linear)
TCP: Hash tables configured (established 16384 bind 16384)
UDP hash table entries: 1024 (order: 3, 32768 bytes, linear)
UDP-Lite hash table entries: 1024 (order: 3, 32768 bytes, linear)
NET: Registered PF_UNIX/PF_LOCAL protocol family
printk: console [stderr0] disabled
mconsole (version 2) initialized on /root/.uml/bPQvo0/mconsole
Checking host MADV_REMOVE support...OK
UML Audio Relay (host dsp = /dev/sound/dsp, host mixer = /dev/sound/mixer)
hwrng: no data available
workingset: timestamp_bits=46 max_order=19 bucket_order=0
io scheduler mq-deadline registered
io scheduler kyber registered
io scheduler bfq registered
loop: module loaded
tun: Universal TUN/TAP device driver, 1.6
PPP generic driver version 2.4.2
xt_time: kernel timezone is -0000
IPVS: Registered protocols ()
IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
IPVS: ipvs loaded.
NET: Registered PF_PACKET protocol family
8021q: 802.1Q VLAN Support v1.8
9pnet: Installing 9P2000 support
Initialized stdio console driver
Console initialized on /dev/tty0
printk: console [tty0] enabled
Initializing software serial port version 1
Choosing a random ethernet address for device vec0
printk: console [mc-1] enabled
Failed to initialize ubd device 0 :Couldn't determine size of device's file
epollctl add err fd 1, Operation not permitted
epollctl add err fd 0, Operation not permitted
VFS: Mounted root (hostfs filesystem) on device 0:13.
devtmpfs: mounted
This architecture does not have kernel memory protection.
Run /init.sh as init process
+ source /tmp/env
++ DIUID_DOCKERD_FLAGS=
++ DIUID_DOCKERD_GROUP=docker
+ mount -t proc proc /proc/
+ mount -t sysfs sys /sys/
+ mount -t cgroup2 none /sys/fs/cgroup
+ mkdir /sys/fs/cgroup/init.tmp
+ echo 1
+ cat /sys/fs/cgroup/cgroup.controllers
cpu io memory pids misc
+ echo '+cpu +io +memory +pids'
+ echo 1
+ rmdir /sys/fs/cgroup/init.tmp
+ mount -t tmpfs none /run
+ mkdir /dev/pts
+ mount -t devpts devpts /dev/pts
+ rm /dev/ptmx
+ ln -s /dev/pts/ptmx /dev/ptmx
+ rngd -r /dev/urandom
random: rngd: uninitialized urandom read (4 bytes read)
random: rngd: uninitialized urandom read (4 bytes read)
+ mkdir -p /var/lib/docker/
random: rngd: uninitialized urandom read (2500 bytes read)
random: crng init done
random: 2 urandom warning(s) missed due to ratelimiting
+ mount -t ext4 /persistent/var_lib_docker.img /var/lib/docker/
loop0: detected capacity change from 0 to 20971520
EXT4-fs (loop0): recovery complete
EXT4-fs (loop0): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
+ ip link set dev lo up
+ ip link set dev vec0 up
+ ip addr add 10.0.2.100/24 dev vec0
+ ip route add default via 10.0.2.2
+ ssh -f -N -o StrictHostKeyChecking=no -R/var/run/docker.sock:/var/run/docker.sock -R0.0.0.0:2375:127.0.0.1:2375 -R0.0.0.0:2376:127.0.0.1:2376 10.0.2.2
Warning: remote port forwarding failed for listen path /var/run/docker.sock
+ chmod 0660 /var/run/docker.sock
chmod: cannot access '/var/run/docker.sock': No such file or directory
++ which diuid-docker-proxy
+ PATH=/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.
+ dockerd --userland-proxy-path=/usr/bin/diuid-docker-proxy -H unix:///var/run/docker.sock
INFO[2022-10-24T10:25:16.795237212Z] Starting up
INFO[2022-10-24T10:25:16.812600668Z] libcontainerd: started new containerd process  pid=56
INFO[2022-10-24T10:25:16.813172572Z] parsed scheme: "unix"                         module=grpc
INFO[2022-10-24T10:25:16.813310300Z] scheme "unix" not registered, fallback to default scheme  module=grpc
INFO[2022-10-24T10:25:16.813460828Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc
INFO[2022-10-24T10:25:16.813596508Z] ClientConn switching balancer to "pick_first"  module=grpc
INFO[2022-10-24T10:25:17.162216284Z] starting containerd                           revision=7b11cfaabd73bb80907dd23182b9347b4245eb5d version=1.4.12
INFO[2022-10-24T10:25:17.236243548Z] loading plugin "io.containerd.content.v1.content"...  type=io.containerd.content.v1
INFO[2022-10-24T10:25:17.236773468Z] loading plugin "io.containerd.snapshotter.v1.aufs"...  type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.237795420Z] skip loading plugin "io.containerd.snapshotter.v1.aufs"...  error="aufs is not supported (modprobe aufs failed: exec: \"modprobe\": executable file not found in $PATH \"\"): skip plugin" type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.237992284Z] loading plugin "io.containerd.snapshotter.v1.btrfs"...  type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.238533468Z] skip loading plugin "io.containerd.snapshotter.v1.btrfs"...  error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs (ext4) must be a btrfs filesystem to be used with the btrfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.238600028Z] loading plugin "io.containerd.snapshotter.v1.devmapper"...  type=io.containerd.snapshotter.v1
WARN[2022-10-24T10:25:17.238924124Z] failed to load plugin io.containerd.snapshotter.v1.devmapper  error="devmapper not configured"
INFO[2022-10-24T10:25:17.239025244Z] loading plugin "io.containerd.snapshotter.v1.native"...  type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.239264604Z] loading plugin "io.containerd.snapshotter.v1.overlayfs"...  type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.240228700Z] loading plugin "io.containerd.snapshotter.v1.zfs"...  type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.240650588Z] skip loading plugin "io.containerd.snapshotter.v1.zfs"...  error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.240718172Z] loading plugin "io.containerd.metadata.v1.bolt"...  type=io.containerd.metadata.v1
WARN[2022-10-24T10:25:17.240819292Z] could not use snapshotter devmapper in metadata plugin  error="devmapper not configured"
INFO[2022-10-24T10:25:17.240876380Z] metadata content store policy set             policy=shared
INFO[2022-10-24T10:25:17.243032668Z] loading plugin "io.containerd.differ.v1.walking"...  type=io.containerd.differ.v1
INFO[2022-10-24T10:25:17.243225180Z] loading plugin "io.containerd.gc.v1.scheduler"...  type=io.containerd.gc.v1
INFO[2022-10-24T10:25:17.244016732Z] loading plugin "io.containerd.service.v1.introspection-service"...  type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244180828Z] loading plugin "io.containerd.service.v1.containers-service"...  type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244254812Z] loading plugin "io.containerd.service.v1.content-service"...  type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244314716Z] loading plugin "io.containerd.service.v1.diff-service"...  type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244534108Z] loading plugin "io.containerd.service.v1.images-service"...  type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244657500Z] loading plugin "io.containerd.service.v1.leases-service"...  type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244785500Z] loading plugin "io.containerd.service.v1.namespaces-service"...  type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244906076Z] loading plugin "io.containerd.service.v1.snapshots-service"...  type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244970844Z] loading plugin "io.containerd.runtime.v1.linux"...  type=io.containerd.runtime.v1
INFO[2022-10-24T10:25:17.245654876Z] loading plugin "io.containerd.runtime.v2.task"...  type=io.containerd.runtime.v2
INFO[2022-10-24T10:25:17.246407772Z] loading plugin "io.containerd.monitor.v1.cgroups"...  type=io.containerd.monitor.v1
INFO[2022-10-24T10:25:17.248518748Z] loading plugin "io.containerd.service.v1.tasks-service"...  type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.248655196Z] loading plugin "io.containerd.internal.v1.restart"...  type=io.containerd.internal.v1
INFO[2022-10-24T10:25:17.249348956Z] loading plugin "io.containerd.grpc.v1.containers"...  type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249470044Z] loading plugin "io.containerd.grpc.v1.content"...  type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249588060Z] loading plugin "io.containerd.grpc.v1.diff"...  type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249655644Z] loading plugin "io.containerd.grpc.v1.events"...  type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249715804Z] loading plugin "io.containerd.grpc.v1.healthcheck"...  type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249782108Z] loading plugin "io.containerd.grpc.v1.images"...  type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249843292Z] loading plugin "io.containerd.grpc.v1.leases"...  type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249902428Z] loading plugin "io.containerd.grpc.v1.namespaces"...  type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249960540Z] loading plugin "io.containerd.internal.v1.opt"...  type=io.containerd.internal.v1
INFO[2022-10-24T10:25:17.250168924Z] loading plugin "io.containerd.grpc.v1.snapshots"...  type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.250349404Z] loading plugin "io.containerd.grpc.v1.tasks"...  type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.250439260Z] loading plugin "io.containerd.grpc.v1.version"...  type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.250501980Z] loading plugin "io.containerd.grpc.v1.introspection"...  type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.254302556Z] serving...                                    address=/var/run/docker/containerd/containerd-debug.sock
INFO[2022-10-24T10:25:17.254658908Z] serving...                                    address=/var/run/docker/containerd/containerd.sock.ttrpc
INFO[2022-10-24T10:25:17.255007836Z] serving...                                    address=/var/run/docker/containerd/containerd.sock
INFO[2022-10-24T10:25:17.255089244Z] containerd successfully booted in 0.097627s
WARN[2022-10-24T10:25:17.304159836Z] unable to modify root key limit, number of containers could be limited by this quota: open /proc/sys/kernel/keys/root_maxkeys: no such file or directory
INFO[2022-10-24T10:25:17.309119836Z] parsed scheme: "unix"                         module=grpc
INFO[2022-10-24T10:25:17.309181532Z] scheme "unix" not registered, fallback to default scheme  module=grpc
INFO[2022-10-24T10:25:17.309234780Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc
INFO[2022-10-24T10:25:17.309281372Z] ClientConn switching balancer to "pick_first"  module=grpc
INFO[2022-10-24T10:25:17.321136732Z] parsed scheme: "unix"                         module=grpc
INFO[2022-10-24T10:25:17.321197148Z] scheme "unix" not registered, fallback to default scheme  module=grpc
INFO[2022-10-24T10:25:17.321248092Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc
INFO[2022-10-24T10:25:17.321292892Z] ClientConn switching balancer to "pick_first"  module=grpc
INFO[2022-10-24T10:25:17.341079900Z] [graphdriver] using prior storage driver: overlay2
WARN[2022-10-24T10:25:17.368008028Z] Unable to find cpuset controller
INFO[2022-10-24T10:25:17.376886620Z] Loading containers: start.
WARN[2022-10-24T10:25:17.379827036Z] Running modprobe bridge br_netfilter failed with message: , error: exec: "modprobe": executable file not found in $PATH
WARN[2022-10-24T10:25:18.129315164Z] Could not load necessary modules for IPSEC rules: protocol not supported
INFO[2022-10-24T10:25:18.134140764Z] failed to read ipv6 net.ipv6.conf.<bridge>.accept_ra  bridge=docker0 syspath=/proc/sys/net/ipv6/conf/docker0/accept_ra
INFO[2022-10-24T10:25:18.134286940Z] failed to read ipv6 net.ipv6.conf.<bridge>.accept_ra  bridge=docker0 syspath=/proc/sys/net/ipv6/conf/docker0/accept_ra
INFO[2022-10-24T10:25:19.134311260Z] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address
INFO[2022-10-24T10:25:19.134814300Z] failed to read ipv6 net.ipv6.conf.<bridge>.accept_ra  bridge=docker0 syspath=/proc/sys/net/ipv6/conf/docker0/accept_ra
INFO[2022-10-24T10:25:19.848769116Z] Loading containers: done.
INFO[2022-10-24T10:25:20.034106972Z] Docker daemon                                 commit=459d0df graphdriver(s)=overlay2 version=20.10.12
INFO[2022-10-24T10:25:20.035414364Z] Daemon has completed initialization
INFO[2022-10-24T10:25:20.166991708Z] API listen on /var/run/docker.sock

docker-compose exec docker sh
# docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

docker-compose:

version: "3.9"
services:
  docker:
    image: weberlars/diuid

Wrong group for docker.sock prevent users requests

Hi! Thank you for great solution! You rock!

I'm trying to allow users to use DinD but got an error:

# docker run -it --rm -e DIUID_DOCKERD_FLAGS="--group docker" weberlars/diuid bash
root# useradd -m -G docker penguin && chsh -s /bin/bash penguin && su - penguin
penguin$ docker ps # Got permission denied...
penguin$ stat /var/run/docker.sock
Access: (0600/srw-------)  Uid: (    0/    root)   Gid: (    0/    root)

As you can see --group flag was ignored and the permission is 0600 root:root. How can I fix it to 0660 root:docker?

cc @AkihiroSuda

Request: enable CI (travis?)

Does not timeout

Hi,

I have launched a diuid container, but it fails to start, and the dots are pilling up for a day now.

[ ok ] Starting OpenBSD Secure Shell server: sshd.
waiting for dockerd .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Should there be a timeout after which you consider the start of dockerd should be considered failed?

Best,

Needs LICENSE file

Doesn't work on recent envs (Ubuntu 19.04, Docker 19.03+)

$ docker run -it --rm --cap-add=SYS_PTRACE -e TMPDIR=/umlshm --tmpfs /umlshm:rw,nosuid,nodev,exec,size=8g weberlars/diuid@sha256:7cb6ae37616dc4466f37aeb73d064e46381db488935fa17c70fc761eb56f1a64 docker info
[ ok ] Starting OpenBSD Secure Shell server: sshd.
waiting for dockerd ........
failed to start uml kernel:
Checking that ptrace can change system call numbers...OK
Checking syscall emulation patch for ptrace...OK
Checking advanced syscall emulation patch for ptrace...OK

$ docker version
Client:
 Version:           19.09.0-dev
 API version:       1.40
 Go version:        go1.12.6
 Git commit:        c9db0fe9
 Built:             Tue Jul  9 06:59:02 2019
 OS/Arch:           linux/amd64
 Experimental:      true

Server:
 Engine:
  Version:          dev
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.12.6
  Git commit:       fb459f6671
  Built:            Tue Jul  9 06:57:16 2019
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          v1.2.7
  GitCommit:        85f6aa58b8a3170aec9824568f7a31832878b603
 runc:
  Version:          1.0.0-rc8
  GitCommit:        425e105d5a03fabd737a126ad93d62a9eeede87f
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

$ docker info
...
Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 17
 Server Version: dev
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: kata runc runnc runsc runsc-kvm crun
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 85f6aa58b8a3170aec9824568f7a31832878b603
 runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
 init version: fec3683
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 5.0.0-20-generic
 Operating System: Ubuntu 19.04
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 3.826GiB
 Name: suda-ws01
 ID: E2YB:EGZO:6BNW:EPHS:4WFQ:EIDV:ZZ6D:QBZK:6673:CIOR:DLZ6:SI3D
 Docker Root Dir: /var/lib/docker
 Debug Mode: true
  File Descriptors: 22
  Goroutines: 41
  System Time: 2019-07-09T16:02:18.142609596+09:00
  EventsListeners: 0
 Username: akihirosuda
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: true
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No swap limit support

overlayfs failure

$ docker run ---rm  weberlars/diuid@sha256:d884fc60a64aa0e2cac87fac731199aff7fa21bd9b4b9202da353f0e090ca06c docker run --rm debian:9.9 bash -c "apt-get update && apt-get install -y gcc"
[ ok ] Starting OpenBSD Secure Shell server: sshd.
For better performance, consider mounting a tmpfs on /umlshm like this: `docker run --tmpfs /umlshm:rw,nosuid,nodev,exec,size=8g`
waiting for dockerd .......
Unable to find image 'debian:9.9' locally
9.9: Pulling from library/debian
6f2f362378c5: Pull complete
Digest: sha256:118cf8f3557e1ea766c02f36f05f6ac3e63628427ea8965fb861be904ec35a6f
Status: Downloaded newer image for debian:9.9
Ign:2 http://cdn-fastly.deb.debian.org/debian stretch InRelease
Get:3 http://cdn-fastly.deb.debian.org/debian stretch-updates InRelease [91.0 kB]
...
Get:24 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 libc-dev-bin amd64 2.24-11+deb9u4 [259 kB]
Get:25 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 libc6-dev amd64 2.24-11+deb9u4 [2364 kB]
Get:26 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 manpages-dev all 4.10-2 [2145 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 29.5 MB in 4s (6598 kB/s)
Selecting previously unselected package manpages.
(Reading database ... 6499 files and directories currently installed.)
Preparing to unpack .../00-manpages_4.10-2_all.deb ...
Unpacking manpages (4.10-2) ...
dpkg: error processing archive /tmp/apt-dpkg-install-nRslku/00-manpages_4.10-2_all.deb (--unpack):
 unable to install new version of './usr/share/doc/manpages': Invalid cross-device link
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Selecting previously unselected package binutils.
Preparing to unpack .../01-binutils_2.28-5_amd64.deb ...
Unpacking binutils (2.28-5) ...
dpkg: error processing archive /tmp/apt-dpkg-install-nRslku/01-binutils_2.28-5_amd64.deb (--unpack):
 unable to install new version of './usr/lib/compat-ld': Invalid cross-device link
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
...
Unpacking manpages-dev (4.10-2) ...
dpkg: error processing archive /tmp/apt-dpkg-install-nRslku/25-manpages-dev_4.10-2_all.deb (--unpack):
 unable to install new version of './usr/share/man/man2': Invalid cross-device link
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Errors were encountered while processing:
 /tmp/apt-dpkg-install-nRslku/00-manpages_4.10-2_all.deb
 /tmp/apt-dpkg-install-nRslku/01-binutils_2.28-5_amd64.deb
 /tmp/apt-dpkg-install-nRslku/02-libgmp10_2%3a6.1.2+dfsg-1_amd64.deb
 /tmp/apt-dpkg-install-nRslku/03-libisl15_0.18-1_amd64.deb
 /tmp/apt-dpkg-install-nRslku/04-libmpfr4_3.1.5-1_amd64.deb
 /tmp/apt-dpkg-install-nRslku/05-libmpc3_1.0.3-1+b2_amd64.deb
 /tmp/apt-dpkg-install-nRslku/07-cpp_4%3a6.3.0-4_amd64.deb
 /tmp/apt-dpkg-install-nRslku/19-libgcc-6-dev_6.3.0-18+deb9u1_amd64.deb
 /tmp/apt-dpkg-install-nRslku/20-gcc-6_6.3.0-18+deb9u1_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

source: 2c585ab

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.