search

dcermak / container-layer-sizes

Visualizer of container layer sizes
MIT License
84 stars 5 forks source link

Permission denied error immediately after loading image on Docker Desktop (Mac M1) #161

Open ghost opened 1 year ago

ghost commented 1 year ago

Using Docker Desktop on macOS with M1 (ARM64) processor:

docker run --rm -p 5050:5050 ghcr.io/dcermak/container-layer-sizes:latest

We see the following error logged to stderr at startup:

WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested

Going via the 'Container registry' using 'prom/prometheus:latest' allows me to retrieve the available platforms. I have chosen both arm64 and amd64, and the image is downloaded. As soon as the download and unpack is complete, I get the following error:

Error occurred while pulling the image, got error: writing blob: adding layer with blob "sha256:...": ApplyLayer exit status 1 stdout: Error while loading /var/lib/containers/storage/vfs/dir/...: Permission denied stderr:

I have also tried running the container using the following, with no change in behaviour:

docker run -u root --rm -p 5050:5050 ghcr.io/dcermak/container-layer-sizes:latest
docker run --privileged -u root --rm -p 5050:5050 ghcr.io/dcermak/container-layer-sizes:latest
docker run --cap-add=all --rm -p 5050:5050 ghcr.io/dcermak/container-layer-sizes:latest
docker run --security-opt apparmor=unconfined --rm -p 5050:5050 ghcr.io/dcermak/container-layer-sizes:latest

I have also tried using a local image (first using docker save ... and then bind-mounting the directory it was saved to), with the same result.

ghost commented 1 year ago

I cloned the repo and built using Docker Desktop on my Mac M1.

With one small fix I'm happy to report that it works:

$ git diff
diff --git a/Dockerfile b/Dockerfile
index 3e25b18..5e3abb0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -30,7 +30,7 @@ FROM registry.suse.com/bci/bci-minimal:15.3 as deploy
 WORKDIR /app/
 COPY --from=go-builder /app/analyzer .
 COPY --from=node-builder /app/public/ public/
-COPY --from=go-builder /var/cache/zypp/packages/SLE_BCI/x86_64/ .
+COPY --from=go-builder /var/cache/zypp/packages/SLE_BCI/aarch64/ .

 RUN rpm -i --nodeps --force *rpm && rm -rf *rpm
 RUN mkdir -p /etc/containers/ /var/lib/containers/storage /var/run/containers/storage && \
dcermak commented 1 year ago

Thanks for giving the analyzer a try @pythiankerr!

I have tried to enable building the container for multiple architectures in #162. Could you please try to pull the container image from ghcr.io again and see if it works for you?