search

bitnami / minideb

A small image based on Debian designed for use in containers
https://bitnami.com
Apache License 2.0
2.06k stars 178 forks source link

Don't include `/dev` content in your image #171

Closed cgwalters closed 4 days ago

cgwalters commented 3 weeks ago 
$ skopeo inspect -n --format '{{.Digest}}' docker://docker.io/bitnami/minideb:bookworm
sha256:c0059619fc750c544dc852595c17b844e7d44910e283469b59e235f65f40f98c
$ skopeo copy docker://docker.io/bitnami/minideb@sha256:c0059619fc750c544dc852595c17b844e7d44910e283469b59e235f65f40f98c oci:minideb
$ tar ztvf minideb/blobs/sha256/7c18bb8814bb5e7e17d97a163b2d287caf05bbbd3f583560ebdc230eb808ac62|grep /dev
drwxr-xr-x root/root         0 2024-06-15 07:22 ./dev/
crw-rw-rw- root/root       1,3 2024-06-15 07:22 ./dev/null
crw-rw-rw- root/root       1,7 2024-06-15 07:22 ./dev/full
crw-rw-rw- root/root       5,2 2024-06-15 07:22 ./dev/ptmx
crw-rw-rw- root/root       1,8 2024-06-15 07:22 ./dev/random
crw-rw-rw- root/root       1,5 2024-06-15 07:22 ./dev/zero
lrwxrwxrwx root/root         0 2024-06-15 07:22 ./dev/fd -> /proc/self/fd
drwxr-xr-x root/root         0 2024-06-15 07:22 ./dev/pts/
crw-rw-rw- root/root       1,9 2024-06-15 07:22 ./dev/urandom
lrwxrwxrwx root/root         0 2024-06-15 07:22 ./dev/stderr -> /proc/self/fd/2
lrwxrwxrwx root/root         0 2024-06-15 07:22 ./dev/stdin -> /proc/self/fd/0
lrwxrwxrwx root/root         0 2024-06-15 07:22 ./dev/stdout -> /proc/self/fd/1
drwxr-xr-x root/root         0 2024-06-15 07:22 ./dev/shm/
crw-rw-rw- root/root       5,1 2024-06-15 07:22 ./dev/console
crw-rw-rw- root/root       5,0 2024-06-15 07:22 ./dev/tty
$

There's no reason to include this /dev content in your image - it just gets overmounted by the container runtimes. But the even stronger reason to do this is it's not compatible with ostree, which specifically intentionally doesn't support devices because there's no good reason at all to ship them in images. xref https://github.com/ostreedev/ostree/issues/2568

gongomgra commented 2 weeks ago

Hi @cgwalters,

Thank you for your contribution! Although your change looks fine we would need to investigate it a bit further on our side to ensure it won't break any of our integrations. We will keep you posted.

cgwalters commented 1 week ago

Just to highlight more strongly, there's an open PR here https://github.com/bitnami/minideb/pull/173