search

ktock / container2wasm

Container to WASM converter
https://ktock.github.io/container2wasm-demo/
Apache License 2.0
1.98k stars 72 forks source link

Do not mimimize a docker image during conversion #222

Closed Pigrenok closed 7 months ago

Pigrenok commented 7 months ago

Hello!

It is more of a feature request rather than an issue.

I am converting a custom image (built on top of ubuntu:22.04 docker image) using command c2w as follows:

c2w custom-image:latest out.wasm

This custom-image is built in such a way that man command works and even sudo command is available for the user (also created in Dockerfile for the custom-image).

But after conversion I get the following:

To restore this content, including manpages, you can run the 'unminimize' command. You will still need to ensure the 'man-db' package is installed.

- When I try to use `sudo -s`, I get

sudo: The "no new privileges" flag is set, which prevents sudo from running as root. sudo: If sudo is running in a container, you may need to adjust the container configuration to disable the flag.



Both commands work fine if I just run this image in a docker container (via `docker run ...`).

I can probably live without `sudo`, but `man` is a necessity for my project.

I assume the image is being modified during conversion. Is it possible avoid this conversion and tell c2w command to just use the image as is without any modifications. Or there is a reason for this that cannot be avoided?

Thank you very much in advance for your help.
ktock commented 7 months ago

Thanks for reporting this. Could you provide a minimal Dockerfile that reproduces this issue?

Pigrenok commented 7 months ago

Here is the Dockerfile that I use to produce my image

FROM ubuntu:22.04

RUN apt-get clean && apt-get update && apt-get -y upgrade

RUN yes | unminimize

RUN apt-get -y install apt-utils curl \
    less nano tree perl file sudo\
    man man-db manpages manpages-posix
RUN apt autoremove && apt clean

RUN useradd -m learner && echo "learner:learner" | chpasswd
RUN echo 'learner ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers

WORKDIR /home/learner/

USER learner

CMD [ "/bin/bash" ]
Pigrenok commented 7 months ago

OK, an update.

After clearing docker cache and rebuilding the wasm image and moving unminimize command to the top of the Dockerfile, man started to work just fine. I apologise for that.

Although, sudo still tells that "no new privileges" set. Although, it I run a container based on this image in docker, it all works. So, this flag must be set somewhere during building the wasm image/wrapper. But simple search over various ways to set this flag did not bring any result.

It is not critical, but would be nice to have.

Just for the reference, the Dockerfile I used in the latest test is

FROM ubuntu:22.04

RUN yes | unminimize

RUN apt-get clean && apt-get update && apt-get -y upgrade

RUN apt-get -y install apt-utils curl \
    less nano tree file\
    sudo\
    man-db manpages manpages-posix
RUN apt autoremove && apt clean

RUN useradd -m learner && echo "learner:learner" | chpasswd

RUN echo 'learner ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
RUN chsh -s /bin/bash root
RUN chsh -s /bin/bash learner

WORKDIR /home/learner/

USER learner

CMD [ "/bin/bash" ]

Thanks.

ktock commented 7 months ago

Fixed in #225