search

dfir-iris / iris-web

Collaborative Incident Response platform
GNU Lesser General Public License v3.0
1.03k stars 159 forks source link

[BUG] ERROR: Service 'app' failed to build: OCI runtime create failed #196

Closed Linow974 closed 1 year ago

Linow974 commented 1 year ago

Describe the bug

I followed the steps to install IRIS but when I build the docker-compose I get the above error.

To Reproduce

1. Clone the iris-web repository

git clone https://github.com/dfir-iris/iris-web.git cd iris-web

2. Checkout to the last tagged version

git checkout v1.4.5

3. Copy the environment file

cp .env.model .env

4. Build the dockers

docker-compose build

Expected behavior ERROR: Service 'app' failed to build: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: operation not permitted: unknown

Docker info

Client:
 Context:    default
 Debug Mode: false

Server:
 Containers: 5
  Running: 0
  Paused: 0
  Stopped: 5
 Images: 3
 Server Version: 20.10.5+dfsg1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 1.4.13~ds1-1~deb11u3
 runc version: 1.0.0~rc93+ds1-5+deb11u2
 init version: 
 Security Options:
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.15.60-1-pve
 Operating System: Debian GNU/Linux 11 (bullseye)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 4.883GiB
 Name: ct-test
 ID: 7SWF:RBLN:COVT:MABL:A33H:ZVQ7:CKM3:3VL7:DLBS:CBJV:CUL7:S223
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: Support for cgroup v2 is experimental

Other information

I think it's because I'm installing it on an LXC container. Namely, the error is the same whether it is a "privileged" or "non-privileged" container. So I wanted to know if it is possible to install IRIS without using Docker? Maybe it would then be a problem to perform the updates? Moreover, I would like to use remote databases... So for my case it would be more suitable to install snas docker

whikernel commented 1 year ago

Hi @Linow974

Unfortunately we don't support installing IRIS other than with docker. This is indeed way easier for shipping, making sure it works almost out of the box and for the updates. If you really want to install it without docker you can replicate what the docker compose and dockers files are doing.

You should be able to use a remote database - you can change your .env and set the POSTGRES_SERVER and POSTGRES_PORT parameters accordingly.

Cheers

whikernel commented 1 year ago

@Linow974 If I'm not mistaken your issue seems to be more related to lxc and docker than IRIS itself : https://forum.proxmox.com/threads/process_linux-go-458-setting-cgroup-config-for-prochooks-process-caused-cant-load-program-operation-not-permitted-unknown-docker.115731/

Linow974 commented 1 year ago

i

Hi @whikernel !

Thank you for your answer, I think I'll keep the idea of ​​installing the tool by following the steps of docker-compose.

However, do you think this will be a problem with new updates of the tool?

Linow974 commented 1 year ago

@Linow974 If I'm not mistaken your issue seems to be more related to lxc and docker than IRIS itself : https://forum.proxmox.com/threads/process_linux-go-458-setting-cgroup-config-for-prochooks-process-caused-cant-load-program-operation-not-permitted-unknown-docker.115731/

Indeed, before coming here, I had done some research on the error found. However, whether on this link or others, nothing solved my problem. But, I think like you that the problem comes from my system architecture.

Good evening !

whikernel commented 1 year ago

It shouldn't be a problem for the updates. IRIS is handling the migration of the DB schema. You may just need to reinstall the worker and webapp manually each time you want to update. 👍

Linow974 commented 1 year ago

It shouldn't be a problem for the updates. IRIS is handling the migration of the DB schema. You may just need to reinstall the worker and webapp manually each time you want to update. 👍

Ok I will look into that, thanks for helping me! :)