Trying to run in a sidecar container fails with "Permission denied"

mu88 commented 1 month ago

Description

I want to get started with dotnet monitor and since I'm using Docker Compose instead of K8s, I created the following docker-compose.yml based on the dotnet monitor K8s docs:

services:
  exampleapp:
    image: mcr.microsoft.com/dotnet/samples:aspnetapp
    user: app
    volumes:
      - diagvol:/diag
    environment:
      - DOTNET_DiagnosticPorts=/diag/dotnet-monitor.sock
  dotnet-monitor:
    image: mcr.microsoft.com/dotnet/monitor:8
    volumes:
      - diagvol:/diag
    command: ["collect", "--no-auth"]
    environment:
      - DOTNETMONITOR_DiagnosticPort__ConnectionMode=Listen
      - DOTNETMONITOR_Storage__DefaultSharedPath=/diag
      - DOTNETMONITOR_Urls=http://localhost:52323
      - DOTNETMONITOR_Metrics__Endpoints=http://+:52325

volumes:
  diagvol:

When starting the stack via docker compose up, it fails with dotnet-monitor-1 | Unhandled exception: System.Net.Sockets.SocketException (13): Permission denied.

Logs

``` dotnet-monitor-1 | {"Timestamp":"2024-07-21T12:25:21.1489363Z","EventId":60,"LogLevel":"Information","Category":"Microsoft.Diagnostics.Tools.Monitor.Startup","Message":"Tell us about your experience with dotnet monitor: https://aka.ms/dotnet-monitor-survey","State":{"Message":"Tell us about your experience with dotnet monitor: https://aka.ms/dotnet-monitor-survey","link":"https://aka.ms/dotnet-monitor-survey","{OriginalFormat}":"Tell us about your experience with dotnet monitor: {link}"},"Scopes":[]} dotnet-monitor-1 | {"Timestamp":"2024-07-21T12:25:21.1678369Z","EventId":77,"LogLevel":"Information","Category":"Microsoft.Diagnostics.Tools.Monitor.Startup","Message":"Connection mode: Listen at \u0027/diag/dotnet-monitor.sock\u0027","State":{"Message":"Connection mode: Listen at \u0027/diag/dotnet-monitor.sock\u0027","path":"/diag/dotnet-monitor.sock","{OriginalFormat}":"Connection mode: Listen at \u0027{path}\u0027"},"Scopes":[]} dotnet-monitor-1 | {"Timestamp":"2024-07-21T12:25:21.1735368Z","EventId":13,"LogLevel":"Warning","Category":"Microsoft.Diagnostics.Tools.Monitor.Startup","Message":"WARNING: Authentication has been disabled. This can pose a security risk and is not intended for production environments.","State":{"Message":"WARNING: Authentication has been disabled. This can pose a security risk and is not intended for production environments.","{OriginalFormat}":"WARNING: Authentication has been disabled. This can pose a security risk and is not intended for production environments."},"Scopes":[]} dotnet-monitor-1 | {"Timestamp":"2024-07-21T12:25:21.5483490Z","EventId":14,"LogLevel":"Information","Category":"Microsoft.Hosting.Lifetime","Message":"Now listening on: http://localhost:52323","State":{"Message":"Now listening on: http://localhost:52323","address":"http://localhost:52323","{OriginalFormat}":"Now listening on: {address}"},"Scopes":[]} dotnet-monitor-1 | {"Timestamp":"2024-07-21T12:25:21.5487628Z","EventId":14,"LogLevel":"Information","Category":"Microsoft.Hosting.Lifetime","Message":"Now listening on: http://[::]:52325","State":{"Message":"Now listening on: http://[::]:52325","address":"http://[::]:52325","{OriginalFormat}":"Now listening on: {address}"},"Scopes":[]} dotnet-monitor-1 | {"Timestamp":"2024-07-21T12:25:21.6122573Z","EventId":11,"LogLevel":"Error","Category":"Microsoft.Extensions.Hosting.Internal.Host","Message":"Hosting failed to start","Exception":"System.Net.Sockets.SocketException (13): Permission denied\n at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)\n at System.Net.Sockets.Socket.Bind(EndPoint localEP)\n at Microsoft.Diagnostics.NETCore.Client.IpcUnixDomainSocket.Bind(IpcUnixDomainSocketEndPoint localEP)\n at Microsoft.Diagnostics.NETCore.Client.IpcUnixDomainSocketServerTransport.CreateNewSocketServer()\n at Microsoft.Diagnostics.NETCore.Client.IpcUnixDomainSocketServerTransport..ctor(String path, Int32 backlog, IIpcServerTransportCallbackInternal transportCallback)\n at Microsoft.Diagnostics.NETCore.Client.IpcServerTransport.Create(String address, Int32 maxConnections, Kind kind, IIpcServerTransportCallbackInternal transportCallback)\n at Microsoft.Diagnostics.NETCore.Client.ReversedDiagnosticsServer.Start(Int32 maxConnections)\n at Microsoft.Diagnostics.Tools.Monitor.ServerEndpointInfoSource.ExecuteAsync(CancellationToken stoppingToken)\n at Microsoft.Diagnostics.Tools.Monitor.ServerEndpointInfoSource.ExecuteAsync(CancellationToken stoppingToken)\n at Microsoft.Extensions.Hosting.Internal.Host.\u003CStartAsync\u003Eb__15_1(IHostedService service, CancellationToken token)\n at Microsoft.Extensions.Hosting.Internal.Host.ForeachService[T](IEnumerable\u00601 services, CancellationToken token, Boolean concurrent, Boolean abortOnFirstException, List\u00601 exceptions, Func\u00603 operation)","State":{"Message":"Hosting failed to start","{OriginalFormat}":"Hosting failed to start"},"Scopes":[]} dotnet-monitor-1 | Unhandled exception: System.Net.Sockets.SocketException (13): Permission denied dotnet-monitor-1 | at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress) dotnet-monitor-1 | at System.Net.Sockets.Socket.Bind(EndPoint localEP) dotnet-monitor-1 | at Microsoft.Diagnostics.NETCore.Client.IpcUnixDomainSocket.Bind(IpcUnixDomainSocketEndPoint localEP) dotnet-monitor-1 | at Microsoft.Diagnostics.NETCore.Client.IpcUnixDomainSocketServerTransport.CreateNewSocketServer() dotnet-monitor-1 | at Microsoft.Diagnostics.NETCore.Client.IpcUnixDomainSocketServerTransport..ctor(String path, Int32 backlog, IIpcServerTransportCallbackInternal transportCallback) dotnet-monitor-1 | at Microsoft.Diagnostics.NETCore.Client.IpcServerTransport.Create(String address, Int32 maxConnections, Kind kind, IIpcServerTransportCallbackInternal transportCallback) dotnet-monitor-1 | at Microsoft.Diagnostics.NETCore.Client.ReversedDiagnosticsServer.Start(Int32 maxConnections) dotnet-monitor-1 | at Microsoft.Diagnostics.Tools.Monitor.ServerEndpointInfoSource.ExecuteAsync(CancellationToken stoppingToken) dotnet-monitor-1 | at Microsoft.Diagnostics.Tools.Monitor.ServerEndpointInfoSource.ExecuteAsync(CancellationToken stoppingToken) dotnet-monitor-1 | at Microsoft.Extensions.Hosting.Internal.Host.b__15_1(IHostedService service, CancellationToken token) dotnet-monitor-1 | at Microsoft.Extensions.Hosting.Internal.Host.ForeachService[T](IEnumerable`1 services, CancellationToken token, Boolean concurrent, Boolean abortOnFirstException, List`1 exceptions, Func`3 operation) dotnet-monitor-1 | at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken) dotnet-monitor-1 | at Microsoft.Diagnostics.Tools.Monitor.Commands.CollectCommandHandler.Invoke(CancellationToken token, String[] urls, String[] metricUrls, Boolean metrics, String diagnosticPort, Boolean noAuth, Boolean tempApiKey, Boolean noHttpEgress, FileInfo configurationFilePath, Boolean exitOnStdinDisconnect) dotnet-monitor-1 | at Microsoft.Diagnostics.Tools.Monitor.Commands.CollectCommandHandler.Invoke(CancellationToken token, String[] urls, String[] metricUrls, Boolean metrics, String diagnosticPort, Boolean noAuth, Boolean tempApiKey, Boolean noHttpEgress, FileInfo configurationFilePath, Boolean exitOnStdinDisconnect) dotnet-monitor-1 | at System.CommandLine.Invocation.InvocationPipeline.InvokeAsync(ParseResult parseResult, CancellationToken cancellationToken) dotnet-monitor-1 exited with code 1 exampleapp-1 | The runtime has been configured to pause during startup and is awaiting a Diagnostics IPC ResumeStartup command from a Diagnostic Port. exampleapp-1 | DOTNET_DiagnosticPorts="/diag/dotnet-monitor.sock" exampleapp-1 | DOTNET_DefaultDiagnosticPortSuspend=0 ```

Configuration

Is this related to a specific tool? No
What OS and version, and what distro if applicable? Win11 23H2 (OS Build 10.0.22631.3880)
What is the architecture? x64
Do you know whether it is specific to that configuration? I don't know
Are you running in any particular type of environment? Docker Desktop for Windows (i.e. WSL2 2.0.4.0)
Is it a self-contained published application? Somehow - it's a prebuilt Docker image (example app of ASP.NET Core, provided by Microsoft)
What's the output of dotnet info:

Output of `dotnet info`

``` .NET SDK: Version: 8.0.303 Commit: 29ab8e3268 Workload version: 8.0.300-manifests.34944930 MSBuild version: 17.10.4+10fbfbf2e Runtime Environment: OS Name: Windows OS Version: 10.0.22631 OS Platform: Windows RID: win-x64 Base Path: C:\Program Files\dotnet\sdk\8.0.303\ .NET workloads installed: [aspire] Installation Source: VS 17.10.35027.167 Manifest Version: 8.0.0/8.0.100 Manifest Path: C:\Program Files\dotnet\sdk-manifests\8.0.100\microsoft.net.sdk.aspire\8.0.0\WorkloadManifest.json Install Type: FileBased Host: Version: 8.0.7 Architecture: x64 Commit: 2aade6beb0 .NET SDKs installed: 3.1.426 [C:\Program Files\dotnet\sdk] 5.0.408 [C:\Program Files\dotnet\sdk] 6.0.100 [C:\Program Files\dotnet\sdk] 6.0.131 [C:\Program Files\dotnet\sdk] 6.0.321 [C:\Program Files\dotnet\sdk] 8.0.303 [C:\Program Files\dotnet\sdk] .NET runtimes installed: Microsoft.AspNetCore.App 3.1.32 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.17 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 6.0.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 6.0.5 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 6.0.6 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 6.0.8 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 6.0.10 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 6.0.11 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 6.0.26 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 6.0.31 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 6.0.32 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 7.0.20 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 8.0.7 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.NETCore.App 3.1.32 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.17 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.0 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.4 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.5 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.6 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.8 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.10 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.11 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.12 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.15 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.26 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.31 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.32 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 7.0.20 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 8.0.7 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.WindowsDesktop.App 3.1.32 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 5.0.17 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 6.0.0 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 6.0.4 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 6.0.5 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 6.0.6 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 6.0.8 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 6.0.10 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 6.0.11 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 6.0.15 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 6.0.26 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 6.0.31 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 6.0.32 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 7.0.20 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 8.0.7 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Other architectures found: x86 [C:\Program Files (x86)\dotnet] registered at [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x86\InstallLocation] Environment variables: Not set global.json file: Not found Learn more: https://aka.ms/dotnet/info Download .NET: https://aka.ms/dotnet/download ```

Regression?

I don't know, but I found this post in a Docker forum, so I assume that it used to work for the user.

Other information

/

github-actions[bot] commented 1 month ago

Welcome to dotnet-monitor!

Thanks for creating your first issue; let us know what you think of dotnet-monitor by filling out our survey.

wiktork commented 4 weeks ago

@mu88 There are two requirements to establish connectivity with dotnet-monitor and the app:

The users of each container should ideally be the same
The user needs r/w permissions to the volume mount

In 8.0, we no longer run as root by default. I'm not that familiar with docker compose, but to fix your example, I was able to add user: root to both containers.

Ideally you would have the same non-privileged user running both containers, but you'll need to also grant permissions for that user to the volume.

mu88 commented 3 weeks ago

Thx @wiktork ! Where would I have found this information in the docs?

mu88 commented 2 weeks ago

@wiktork: with the following docker-compose.yml, I can now successfully start the stack:

services:
  exampleapp:
    image: mcr.microsoft.com/dotnet/samples:aspnetapp
    user: root
    ports:
      - "8080:8080"
    volumes:
      - diagvol:/diag
    environment:
      - DOTNET_DiagnosticPorts=/diag/dotnet-monitor.sock
  dotnet-monitor:
    image: mcr.microsoft.com/dotnet/monitor:8
    ports:
      - "52323:52323"
      - "52325:52325"
    user: root
    volumes:
      - diagvol:/diag
    command: ["collect", "--no-auth"]
    environment:
      - DOTNETMONITOR_DiagnosticPort__ConnectionMode=Listen
      - DOTNETMONITOR_Storage__DefaultSharedPath=/diag
      - DOTNETMONITOR_Urls=http://localhost:52323
      - DOTNETMONITOR_Metrics__Endpoints=http://+:52325

volumes:
  diagvol:

According to the API docs of GET /processes, I'd assume that the command curl http://localhost:52323/processes should now work, right? However, this gives me the following error:

myUser@myRaspi:~/temp $ curl http://localhost:52323/processes
curl: (56) Recv failure: Connection reset by peer

dotnet / dotnet-monitor