weber-software / diuid Goto Github PK
View Code? Open in Web Editor NEWDocker in UserModeLinux in Docker
License: GNU General Public License v3.0
diuid's Issues
Needs LICENSE file
Does not timeout
Hi,
I have launched a diuid container, but it fails to start, and the dots are pilling up for a day now.
[ ok ] Starting OpenBSD Secure Shell server: sshd.
waiting for dockerd .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Should there be a timeout after which you consider the start of dockerd should be considered failed?
Best,
Request: enable CI (travis?)
Does not finish `entrypoint.sh`
It seems to sometimes be stuck on this line:
https://github.com/weber-software/diuid/blob/master/entrypoint.sh#L41
as the line under it "waiting for dockerd" never gets shown in the console.
This seems to happen when I rerun the docker container. For example:
# entrypoint.sh does not finish here:
~/Projects/learning/scenarios/src/docker (main*) » docker-compose up docker
Starting docker_docker_1 ... done
Attaching to docker_docker_1
docker_1 | Docker: Docker version 20.10.12, build 459d0df
docker_1 | Kernel: 5.15.0
docker_1 | Rootfs: Debian GNU/Linux 11 (bullseye)
docker_1 |
docker_1 | Configuration: MEM=2G DISK=10G
docker_1 | Starting OpenBSD Secure Shell server: sshd.
docker_1 | For better performance, consider mounting a tmpfs on /umlshm like this: `docker run --tmpfs /umlshm:rw,nosuid,nodev,exec,size=8g`
^CGracefully stopping... (press Ctrl+C again to force)
Stopping docker_docker_1 ...
^CKilling docker_docker_1 ...
^CERROR: Aborting.
-------------------------------------------------
# ... so I remove the volume + container
~/Projects/learning/scenarios/src/docker (main*) » docker-compose rm -v 1 ↵
Going to remove docker_docker_1
Are you sure? [yN] y
Removing docker_docker_1 ... done
-------------------------------------------------
# ... then when it's started up again it works
~/Projects/learning/scenarios/src/docker (main*) » docker-compose up docker
Creating docker_docker_1 ... done
Attaching to docker_docker_1
docker_1 | Docker: Docker version 20.10.12, build 459d0df
docker_1 | Kernel: 5.15.0
docker_1 | Rootfs: Debian GNU/Linux 11 (bullseye)
docker_1 |
docker_1 | Configuration: MEM=2G DISK=10G
docker_1 | Starting OpenBSD Secure Shell server: sshd.
docker_1 | Formatting /persistent/var_lib_docker.img
docker_1 | For better performance, consider mounting a tmpfs on /umlshm like this: `docker run --tmpfs /umlshm:rw,nosuid,nodev,exec,size=8g`
docker_1 | waiting for dockerd ....
docker_1 | Executing "bash"
docker_docker_1 exited with code 0
-------------------------------------------------
# ... but the second time it does not.
~/Projects/learning/scenarios/src/docker (main*) » docker-compose up docker
Starting docker_docker_1 ... done
Attaching to docker_docker_1
docker_1 | Docker: Docker version 20.10.12, build 459d0df
docker_1 | Kernel: 5.15.0
docker_1 | Rootfs: Debian GNU/Linux 11 (bullseye)
docker_1 |
docker_1 | Configuration: MEM=2G DISK=10G
docker_1 | Starting OpenBSD Secure Shell server: sshd.
docker_1 | For better performance, consider mounting a tmpfs on /umlshm like this: `docker run --tmpfs /umlshm:rw,nosuid,nodev,exec,size=8g`On the non-starting container some logs are:
# cat /tmp/env
DIUID_DOCKERD_FLAGS=""
DIUID_DOCKERD_GROUP="docker"
# cat /tmp/kernel.log
Core dump limits :
soft - NONE
hard - NONE
Checking that ptrace can change system call numbers...OK
Checking syscall emulation patch for ptrace...OK
Checking advanced syscall emulation patch for ptrace...OK
Checking environment variables for a tempdir.../umlshm
Checking if /umlshm is on tmpfs...no
Warning: tempdir /umlshm is not on tmpfs
Checking PROT_EXEC mmap in /umlshm...OK
Adding 1454080 bytes to physical memory to account for exec-shield gap
Linux version 5.15.0 (root@buildkitsandbox) (gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 Fri Jan 7 10:17:39 UTC 2022
Zone ranges:
Normal [mem 0x0000000000000000-0x00000000e0162fff]
Movable zone start for each node
Early memory node ranges
node 0: [mem 0x0000000000000000-0x0000000080162fff]
Initmem setup node 0 [mem 0x0000000000000000-0x0000000080162fff]
Built 1 zonelists, mobility grouping on. Total pages: 516445
Kernel command line: rootfstype=hostfs rw vec0:transport=bess,dst=/run/slirp4netns-bess.sock,depth=128,gro=1 mem=2G init=/init.sh root=98:0 console=tty
Unknown command line parameters: mem=2G
Dentry cache hash table entries: 262144 (order: 9, 2097152 bytes, linear)
Inode-cache hash table entries: 131072 (order: 8, 1048576 bytes, linear)
mem auto-init: stack:off, heap alloc:off, heap free:off
Memory: 2054144K/2098572K available (4340K kernel code, 1154K rwdata, 1196K rodata, 161K init, 179K bss, 44428K reserved, 0K cma-reserved)
NR_IRQS: 64
clocksource: timer: mask: 0xffffffffffffffff max_cycles: 0x1cd42e205, max_idle_ns: 881590404426 ns
Calibrating delay loop... 6660.91 BogoMIPS (lpj=33304576)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
Mountpoint-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
Checking that host ptys support output SIGIO...Yes
devtmpfs: initialized
random: get_random_u32 called from bucket_table_alloc.isra.0+0x128/0x153 with crng_init=0
clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
futex hash table entries: 256 (order: 0, 6144 bytes, linear)
NET: Registered PF_NETLINK/PF_ROUTE protocol family
pps_core: LinuxPPS API ver. 1 registered
pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <[email protected]>
PTP clock support registered
clocksource: Switched to clocksource timer
VFS: Disk quotas dquot_6.6.0
VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
NET: Registered PF_INET protocol family
IP idents hash table entries: 32768 (order: 6, 262144 bytes, linear)
tcp_listen_portaddr_hash hash table entries: 1024 (order: 2, 16384 bytes, linear)
TCP established hash table entries: 16384 (order: 5, 131072 bytes, linear)
TCP bind hash table entries: 16384 (order: 5, 131072 bytes, linear)
TCP: Hash tables configured (established 16384 bind 16384)
UDP hash table entries: 1024 (order: 3, 32768 bytes, linear)
UDP-Lite hash table entries: 1024 (order: 3, 32768 bytes, linear)
NET: Registered PF_UNIX/PF_LOCAL protocol family
printk: console [stderr0] disabled
mconsole (version 2) initialized on /root/.uml/bPQvo0/mconsole
Checking host MADV_REMOVE support...OK
UML Audio Relay (host dsp = /dev/sound/dsp, host mixer = /dev/sound/mixer)
hwrng: no data available
workingset: timestamp_bits=46 max_order=19 bucket_order=0
io scheduler mq-deadline registered
io scheduler kyber registered
io scheduler bfq registered
loop: module loaded
tun: Universal TUN/TAP device driver, 1.6
PPP generic driver version 2.4.2
xt_time: kernel timezone is -0000
IPVS: Registered protocols ()
IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
IPVS: ipvs loaded.
NET: Registered PF_PACKET protocol family
8021q: 802.1Q VLAN Support v1.8
9pnet: Installing 9P2000 support
Initialized stdio console driver
Console initialized on /dev/tty0
printk: console [tty0] enabled
Initializing software serial port version 1
Choosing a random ethernet address for device vec0
printk: console [mc-1] enabled
Failed to initialize ubd device 0 :Couldn't determine size of device's file
epollctl add err fd 1, Operation not permitted
epollctl add err fd 0, Operation not permitted
VFS: Mounted root (hostfs filesystem) on device 0:13.
devtmpfs: mounted
This architecture does not have kernel memory protection.
Run /init.sh as init process
+ source /tmp/env
++ DIUID_DOCKERD_FLAGS=
++ DIUID_DOCKERD_GROUP=docker
+ mount -t proc proc /proc/
+ mount -t sysfs sys /sys/
+ mount -t cgroup2 none /sys/fs/cgroup
+ mkdir /sys/fs/cgroup/init.tmp
+ echo 1
+ cat /sys/fs/cgroup/cgroup.controllers
cpu io memory pids misc
+ echo '+cpu +io +memory +pids'
+ echo 1
+ rmdir /sys/fs/cgroup/init.tmp
+ mount -t tmpfs none /run
+ mkdir /dev/pts
+ mount -t devpts devpts /dev/pts
+ rm /dev/ptmx
+ ln -s /dev/pts/ptmx /dev/ptmx
+ rngd -r /dev/urandom
random: rngd: uninitialized urandom read (4 bytes read)
random: rngd: uninitialized urandom read (4 bytes read)
+ mkdir -p /var/lib/docker/
random: rngd: uninitialized urandom read (2500 bytes read)
random: crng init done
random: 2 urandom warning(s) missed due to ratelimiting
+ mount -t ext4 /persistent/var_lib_docker.img /var/lib/docker/
loop0: detected capacity change from 0 to 20971520
EXT4-fs (loop0): recovery complete
EXT4-fs (loop0): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
+ ip link set dev lo up
+ ip link set dev vec0 up
+ ip addr add 10.0.2.100/24 dev vec0
+ ip route add default via 10.0.2.2
+ ssh -f -N -o StrictHostKeyChecking=no -R/var/run/docker.sock:/var/run/docker.sock -R0.0.0.0:2375:127.0.0.1:2375 -R0.0.0.0:2376:127.0.0.1:2376 10.0.2.2
Warning: remote port forwarding failed for listen path /var/run/docker.sock
+ chmod 0660 /var/run/docker.sock
chmod: cannot access '/var/run/docker.sock': No such file or directory
++ which diuid-docker-proxy
+ PATH=/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.
+ dockerd --userland-proxy-path=/usr/bin/diuid-docker-proxy -H unix:///var/run/docker.sock
INFO[2022-10-24T10:25:16.795237212Z] Starting up
INFO[2022-10-24T10:25:16.812600668Z] libcontainerd: started new containerd process pid=56
INFO[2022-10-24T10:25:16.813172572Z] parsed scheme: "unix" module=grpc
INFO[2022-10-24T10:25:16.813310300Z] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2022-10-24T10:25:16.813460828Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock <nil> 0 <nil>}] <nil> <nil>} module=grpc
INFO[2022-10-24T10:25:16.813596508Z] ClientConn switching balancer to "pick_first" module=grpc
INFO[2022-10-24T10:25:17.162216284Z] starting containerd revision=7b11cfaabd73bb80907dd23182b9347b4245eb5d version=1.4.12
INFO[2022-10-24T10:25:17.236243548Z] loading plugin "io.containerd.content.v1.content"... type=io.containerd.content.v1
INFO[2022-10-24T10:25:17.236773468Z] loading plugin "io.containerd.snapshotter.v1.aufs"... type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.237795420Z] skip loading plugin "io.containerd.snapshotter.v1.aufs"... error="aufs is not supported (modprobe aufs failed: exec: \"modprobe\": executable file not found in $PATH \"\"): skip plugin" type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.237992284Z] loading plugin "io.containerd.snapshotter.v1.btrfs"... type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.238533468Z] skip loading plugin "io.containerd.snapshotter.v1.btrfs"... error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs (ext4) must be a btrfs filesystem to be used with the btrfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.238600028Z] loading plugin "io.containerd.snapshotter.v1.devmapper"... type=io.containerd.snapshotter.v1
WARN[2022-10-24T10:25:17.238924124Z] failed to load plugin io.containerd.snapshotter.v1.devmapper error="devmapper not configured"
INFO[2022-10-24T10:25:17.239025244Z] loading plugin "io.containerd.snapshotter.v1.native"... type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.239264604Z] loading plugin "io.containerd.snapshotter.v1.overlayfs"... type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.240228700Z] loading plugin "io.containerd.snapshotter.v1.zfs"... type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.240650588Z] skip loading plugin "io.containerd.snapshotter.v1.zfs"... error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
INFO[2022-10-24T10:25:17.240718172Z] loading plugin "io.containerd.metadata.v1.bolt"... type=io.containerd.metadata.v1
WARN[2022-10-24T10:25:17.240819292Z] could not use snapshotter devmapper in metadata plugin error="devmapper not configured"
INFO[2022-10-24T10:25:17.240876380Z] metadata content store policy set policy=shared
INFO[2022-10-24T10:25:17.243032668Z] loading plugin "io.containerd.differ.v1.walking"... type=io.containerd.differ.v1
INFO[2022-10-24T10:25:17.243225180Z] loading plugin "io.containerd.gc.v1.scheduler"... type=io.containerd.gc.v1
INFO[2022-10-24T10:25:17.244016732Z] loading plugin "io.containerd.service.v1.introspection-service"... type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244180828Z] loading plugin "io.containerd.service.v1.containers-service"... type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244254812Z] loading plugin "io.containerd.service.v1.content-service"... type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244314716Z] loading plugin "io.containerd.service.v1.diff-service"... type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244534108Z] loading plugin "io.containerd.service.v1.images-service"... type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244657500Z] loading plugin "io.containerd.service.v1.leases-service"... type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244785500Z] loading plugin "io.containerd.service.v1.namespaces-service"... type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244906076Z] loading plugin "io.containerd.service.v1.snapshots-service"... type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.244970844Z] loading plugin "io.containerd.runtime.v1.linux"... type=io.containerd.runtime.v1
INFO[2022-10-24T10:25:17.245654876Z] loading plugin "io.containerd.runtime.v2.task"... type=io.containerd.runtime.v2
INFO[2022-10-24T10:25:17.246407772Z] loading plugin "io.containerd.monitor.v1.cgroups"... type=io.containerd.monitor.v1
INFO[2022-10-24T10:25:17.248518748Z] loading plugin "io.containerd.service.v1.tasks-service"... type=io.containerd.service.v1
INFO[2022-10-24T10:25:17.248655196Z] loading plugin "io.containerd.internal.v1.restart"... type=io.containerd.internal.v1
INFO[2022-10-24T10:25:17.249348956Z] loading plugin "io.containerd.grpc.v1.containers"... type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249470044Z] loading plugin "io.containerd.grpc.v1.content"... type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249588060Z] loading plugin "io.containerd.grpc.v1.diff"... type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249655644Z] loading plugin "io.containerd.grpc.v1.events"... type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249715804Z] loading plugin "io.containerd.grpc.v1.healthcheck"... type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249782108Z] loading plugin "io.containerd.grpc.v1.images"... type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249843292Z] loading plugin "io.containerd.grpc.v1.leases"... type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249902428Z] loading plugin "io.containerd.grpc.v1.namespaces"... type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.249960540Z] loading plugin "io.containerd.internal.v1.opt"... type=io.containerd.internal.v1
INFO[2022-10-24T10:25:17.250168924Z] loading plugin "io.containerd.grpc.v1.snapshots"... type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.250349404Z] loading plugin "io.containerd.grpc.v1.tasks"... type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.250439260Z] loading plugin "io.containerd.grpc.v1.version"... type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.250501980Z] loading plugin "io.containerd.grpc.v1.introspection"... type=io.containerd.grpc.v1
INFO[2022-10-24T10:25:17.254302556Z] serving... address=/var/run/docker/containerd/containerd-debug.sock
INFO[2022-10-24T10:25:17.254658908Z] serving... address=/var/run/docker/containerd/containerd.sock.ttrpc
INFO[2022-10-24T10:25:17.255007836Z] serving... address=/var/run/docker/containerd/containerd.sock
INFO[2022-10-24T10:25:17.255089244Z] containerd successfully booted in 0.097627s
WARN[2022-10-24T10:25:17.304159836Z] unable to modify root key limit, number of containers could be limited by this quota: open /proc/sys/kernel/keys/root_maxkeys: no such file or directory
INFO[2022-10-24T10:25:17.309119836Z] parsed scheme: "unix" module=grpc
INFO[2022-10-24T10:25:17.309181532Z] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2022-10-24T10:25:17.309234780Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock <nil> 0 <nil>}] <nil> <nil>} module=grpc
INFO[2022-10-24T10:25:17.309281372Z] ClientConn switching balancer to "pick_first" module=grpc
INFO[2022-10-24T10:25:17.321136732Z] parsed scheme: "unix" module=grpc
INFO[2022-10-24T10:25:17.321197148Z] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2022-10-24T10:25:17.321248092Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock <nil> 0 <nil>}] <nil> <nil>} module=grpc
INFO[2022-10-24T10:25:17.321292892Z] ClientConn switching balancer to "pick_first" module=grpc
INFO[2022-10-24T10:25:17.341079900Z] [graphdriver] using prior storage driver: overlay2
WARN[2022-10-24T10:25:17.368008028Z] Unable to find cpuset controller
INFO[2022-10-24T10:25:17.376886620Z] Loading containers: start.
WARN[2022-10-24T10:25:17.379827036Z] Running modprobe bridge br_netfilter failed with message: , error: exec: "modprobe": executable file not found in $PATH
WARN[2022-10-24T10:25:18.129315164Z] Could not load necessary modules for IPSEC rules: protocol not supported
INFO[2022-10-24T10:25:18.134140764Z] failed to read ipv6 net.ipv6.conf.<bridge>.accept_ra bridge=docker0 syspath=/proc/sys/net/ipv6/conf/docker0/accept_ra
INFO[2022-10-24T10:25:18.134286940Z] failed to read ipv6 net.ipv6.conf.<bridge>.accept_ra bridge=docker0 syspath=/proc/sys/net/ipv6/conf/docker0/accept_ra
INFO[2022-10-24T10:25:19.134311260Z] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address
INFO[2022-10-24T10:25:19.134814300Z] failed to read ipv6 net.ipv6.conf.<bridge>.accept_ra bridge=docker0 syspath=/proc/sys/net/ipv6/conf/docker0/accept_ra
INFO[2022-10-24T10:25:19.848769116Z] Loading containers: done.
INFO[2022-10-24T10:25:20.034106972Z] Docker daemon commit=459d0df graphdriver(s)=overlay2 version=20.10.12
INFO[2022-10-24T10:25:20.035414364Z] Daemon has completed initialization
INFO[2022-10-24T10:25:20.166991708Z] API listen on /var/run/docker.sock
docker-compose exec docker sh
# docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
docker-compose:
version: "3.9"
services:
docker:
image: weberlars/diuidoverlayfs failure
$ docker run ---rm weberlars/diuid@sha256:d884fc60a64aa0e2cac87fac731199aff7fa21bd9b4b9202da353f0e090ca06c docker run --rm debian:9.9 bash -c "apt-get update && apt-get install -y gcc"
[ ok ] Starting OpenBSD Secure Shell server: sshd.
For better performance, consider mounting a tmpfs on /umlshm like this: `docker run --tmpfs /umlshm:rw,nosuid,nodev,exec,size=8g`
waiting for dockerd .......
Unable to find image 'debian:9.9' locally
9.9: Pulling from library/debian
6f2f362378c5: Pull complete
Digest: sha256:118cf8f3557e1ea766c02f36f05f6ac3e63628427ea8965fb861be904ec35a6f
Status: Downloaded newer image for debian:9.9
Ign:2 http://cdn-fastly.deb.debian.org/debian stretch InRelease
Get:3 http://cdn-fastly.deb.debian.org/debian stretch-updates InRelease [91.0 kB]
...
Get:24 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 libc-dev-bin amd64 2.24-11+deb9u4 [259 kB]
Get:25 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 libc6-dev amd64 2.24-11+deb9u4 [2364 kB]
Get:26 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 manpages-dev all 4.10-2 [2145 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 29.5 MB in 4s (6598 kB/s)
Selecting previously unselected package manpages.
(Reading database ... 6499 files and directories currently installed.)
Preparing to unpack .../00-manpages_4.10-2_all.deb ...
Unpacking manpages (4.10-2) ...
dpkg: error processing archive /tmp/apt-dpkg-install-nRslku/00-manpages_4.10-2_all.deb (--unpack):
unable to install new version of './usr/share/doc/manpages': Invalid cross-device link
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Selecting previously unselected package binutils.
Preparing to unpack .../01-binutils_2.28-5_amd64.deb ...
Unpacking binutils (2.28-5) ...
dpkg: error processing archive /tmp/apt-dpkg-install-nRslku/01-binutils_2.28-5_amd64.deb (--unpack):
unable to install new version of './usr/lib/compat-ld': Invalid cross-device link
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
...
Unpacking manpages-dev (4.10-2) ...
dpkg: error processing archive /tmp/apt-dpkg-install-nRslku/25-manpages-dev_4.10-2_all.deb (--unpack):
unable to install new version of './usr/share/man/man2': Invalid cross-device link
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Errors were encountered while processing:
/tmp/apt-dpkg-install-nRslku/00-manpages_4.10-2_all.deb
/tmp/apt-dpkg-install-nRslku/01-binutils_2.28-5_amd64.deb
/tmp/apt-dpkg-install-nRslku/02-libgmp10_2%3a6.1.2+dfsg-1_amd64.deb
/tmp/apt-dpkg-install-nRslku/03-libisl15_0.18-1_amd64.deb
/tmp/apt-dpkg-install-nRslku/04-libmpfr4_3.1.5-1_amd64.deb
/tmp/apt-dpkg-install-nRslku/05-libmpc3_1.0.3-1+b2_amd64.deb
/tmp/apt-dpkg-install-nRslku/07-cpp_4%3a6.3.0-4_amd64.deb
/tmp/apt-dpkg-install-nRslku/19-libgcc-6-dev_6.3.0-18+deb9u1_amd64.deb
/tmp/apt-dpkg-install-nRslku/20-gcc-6_6.3.0-18+deb9u1_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)source: 2c585ab
Wrong group for docker.sock prevent users requests
Hi! Thank you for great solution! You rock!
I'm trying to allow users to use DinD but got an error:
# docker run -it --rm -e DIUID_DOCKERD_FLAGS="--group docker" weberlars/diuid bash
root# useradd -m -G docker penguin && chsh -s /bin/bash penguin && su - penguin
penguin$ docker ps # Got permission denied...
penguin$ stat /var/run/docker.sock
Access: (0600/srw-------) Uid: ( 0/ root) Gid: ( 0/ root)
As you can see --group flag was ignored and the permission is 0600 root:root. How can I fix it to 0660 root:docker?
cc @AkihiroSuda
Docker arguments are ignored when starting the diuid container
If I try to start the diuid container all args I pass are completely ignored, for example, if I execute this:
docker run -it weberlars/diuid sh
the container will just exit after waiting for dockerd .... and the bash is never executed
Doesn't work on recent envs (Ubuntu 19.04, Docker 19.03+)
$ docker run -it --rm --cap-add=SYS_PTRACE -e TMPDIR=/umlshm --tmpfs /umlshm:rw,nosuid,nodev,exec,size=8g weberlars/diuid@sha256:7cb6ae37616dc4466f37aeb73d064e46381db488935fa17c70fc761eb56f1a64 docker info
[ ok ] Starting OpenBSD Secure Shell server: sshd.
waiting for dockerd ........
failed to start uml kernel:
Checking that ptrace can change system call numbers...OK
Checking syscall emulation patch for ptrace...OK
Checking advanced syscall emulation patch for ptrace...OK$ docker version
Client:
Version: 19.09.0-dev
API version: 1.40
Go version: go1.12.6
Git commit: c9db0fe9
Built: Tue Jul 9 06:59:02 2019
OS/Arch: linux/amd64
Experimental: true
Server:
Engine:
Version: dev
API version: 1.41 (minimum version 1.12)
Go version: go1.12.6
Git commit: fb459f6671
Built: Tue Jul 9 06:57:16 2019
OS/Arch: linux/amd64
Experimental: true
containerd:
Version: v1.2.7
GitCommit: 85f6aa58b8a3170aec9824568f7a31832878b603
runc:
Version: 1.0.0-rc8
GitCommit: 425e105d5a03fabd737a126ad93d62a9eeede87f
docker-init:
Version: 0.18.0
GitCommit: fec3683$ docker info
...
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 17
Server Version: dev
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: kata runc runnc runsc runsc-kvm crun
Default Runtime: runc
Init Binary: docker-init
containerd version: 85f6aa58b8a3170aec9824568f7a31832878b603
runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.0.0-20-generic
Operating System: Ubuntu 19.04
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.826GiB
Name: suda-ws01
ID: E2YB:EGZO:6BNW:EPHS:4WFQ:EIDV:ZZ6D:QBZK:6673:CIOR:DLZ6:SI3D
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 22
Goroutines: 41
System Time: 2019-07-09T16:02:18.142609596+09:00
EventsListeners: 0
Username: akihirosuda
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit supportRecommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.