search

docker / for-win

Bug reports for Docker Desktop for Windows
https://www.docker.com/products/docker#/windows
1.86k stars 291 forks source link

Docker scout fills up C: drive with tars #13683

Closed ktzsolt closed 1 year ago

ktzsolt commented 1 year ago

Description

Even when the "Experimental features" flag is turned off in the settings docker scout is still scanning images when I "open" one of the images in the images menu.

I wouldn't mind this, but scout is filling up the space in %localappdata%\Temp\docker-scout\ directory, making a tar of all the images that are being scanned and leaving it just there. That can potentially mean tens of gigabytes in a matter of few hours. or less, filling up the C:\ drive.

Reproduce

  1. Open an image in the Desktop GUI "images" menu
  2. Wait for the vulnerability scan to finish
  3. check the content of %localappdata%\Temp\docker-scout\ directory

Expected behavior

docker scout should delete the tar in %localappdata%\Temp\docker-scout\ immediately after it is being sent to the web service for scan.

docker version

Client: Docker Engine - Community
 Version:           24.0.2
 API version:       1.43
 Go version:        go1.20.4
 Git commit:        cb74dfc
 Built:             Thu May 25 21:52:22 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Desktop
 Engine:
  Version:          24.0.6
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.7
  Git commit:       1a79695
  Built:            Mon Sep  4 12:32:16 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.22
  GitCommit:        8165feabfdfe38c65b599c4993d227328c231fca
 runc:
  Version:          1.1.8
  GitCommit:        v1.1.8-0-g82f18fe
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client: Docker Engine - Community
 Version:    24.0.2
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2-desktop.4
    Path:     /usr/local/lib/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.21.0-desktop.1
    Path:     /usr/local/lib/docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.20
    Path:     /usr/local/lib/docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v0.1.0-beta.7
    Path:     /usr/local/lib/docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.26.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-scan
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  0.24.1
    Path:     /usr/local/lib/docker/cli-plugins/docker-scout

Server:
 Containers: 10
  Running: 7
  Paused: 0
  Stopped: 3
 Images: 53
 Server Version: 24.0.6
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8165feabfdfe38c65b599c4993d227328c231fca
 runc version: v1.1.8-0-g82f18fe
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
 Kernel Version: 5.15.90.1-microsoft-standard-WSL2
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 7.76GiB
 Name: docker-desktop
 ID: 21f02297-1902-4966-85c0-a294e5a7b874
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
WARNING: daemon is not using the default seccomp profile

Diagnostics ID

7BC791B4-C209-493E-A4B3-7E60DB0ED42A/20230918082442

Additional Info

No response

rfay commented 1 year ago

On the DDEV test runners I'm having to clean up 150-300GB of C:\Users\Testbot\AppData\Local\Temp\docker-scout. Please improve the hygiene here.

And of course... Did I ask for Docker Scout to be doing anything?

nevmerzhitsky commented 1 year ago

This problem is VERY annoying. Please, make the whole Scout or the temp files of the Scout fully optional in Docker Desktop on Windows!

bsousaa commented 1 year ago

Please try disabling the SBOM background indexer under Settings > Features in development > Experimental features > Enable background SBOM indexing

ktzsolt commented 1 year ago

Please try disabling the SBOM background indexer under Settings > Features in development > Experimental features > Enable background SBOM indexing

It is disabled for me, also Access experimental features is disabled but scout still does it's job when opening image and filling up %localappdata%\Temp\docker-scout\ directory with the images as tar files

kép

ktzsolt commented 1 year ago

With the current version 4.25.0 (126437) this is solved. There is a start scan button now that will start the creation of the tar in %localappdata%\Temp\docker-scout\ and after it is sent to scout the tar is deleted. Thank you!

kép