Closed hongyi-zhao closed 3 years ago
/x11docker/cmdrc: 51: /x11docker/cmdrc: [startdde]: not found
The [ ]
around the command are odd.
Your Dockerfile shows CMD ["startdde"]
which is a valid syntax.
x11docker recently got a change in parsing the docker inspect
output where it reads the CMD instruction. So possibly a bug was introduced.
However, my own test images work well, like:
FROM x11docker/xfce
CMD ["xfce4-terminal"]
So I cannot reproduce the issue.
Could you switch to the current release with x11docker --update
instead of master and check if it shows the same error?
You could also check if your image really contains command startdde
, e.g. with
docker run --rm hongyizhao/deepin-wine:latest which startdde
Btw., x11docker meanwhile supports a passwordless sudo
:
--sudouser [=nopasswd] Allow su and sudo for container user. Use with care,
severe reduction of default x11docker security!
Optionally passwordless sudo with argument nopasswd.
Default password is 'x11docker'.
Could you switch to the current release with x11docker --update instead of master and check if it shows the same error?
This will fix the problem reported here, as shown below:
$ git checkout v6.9.0
$ x11docker --version
6.9.0
You could also check if your image really contains command startdde
$ docker run --rm hongyizhao/deepin-wine:latest which startdde /usr/bin/startdde
Btw., x11docker meanwhile supports a passwordless sudo:
I tried with --sudouser=nopasswd
, but the sudo -i
still requires password:
It seems I have to check the parser. Could you please show me the output of:
docker inspect hongyizhao/deepin-wine:latest
I tried with --sudouser=nopasswd, but the sudo -i still requires password:
Odd. It works well here, with v6.9.0 as well as with latest master. Please try if sudo -i
works here:
x11docker -ti hongyizhao/deepin-wine:latest bash
It seems I have to check the parser. Could you please show me the output of:
docker inspect hongyizhao/deepin-wine:latest
$ docker inspect hongyizhao/deepin-wine:latest
[
{
"Id": "sha256:52e2e33bb8176e4a7a2f713768915108a7eed9bafc667b0ae6a3f29e3fc96573",
"RepoTags": [
"hongyizhao/deepin-wine:latest"
],
"RepoDigests": [
"hongyizhao/deepin-wine@sha256:62c1c4903d78b33bc9caa7877c6fd4feea52d8372356c3945ac458b99f28888f"
],
"Parent": "",
"Comment": "",
"Created": "2021-05-22T16:39:18.326612412Z",
"Container": "8de8b5ea4f2d47c70602ec3feb29266474effe46196791e078c4ca4f71a1b88b",
"ContainerConfig": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"SHELL=/bin/bash",
"LANG=en_US.UTF-8",
"XMODIFIERS=@im=fcitx",
"QT4_IM_MODULE=fcitx",
"QT_IM_MODULE=fcitx",
"GTK_IM_MODULE=fcitx"
],
"Cmd": [
"|4",
"DEEPIN_APPSTORE_MIRROR=https://mirror.deepines.com/appstore",
"DEEPIN_APPSTORE_RELEASE=eagle",
"DEEPIN_MIRROR=https://mirrors.tuna.tsinghua.edu.cn/deepin",
"DEEPIN_RELEASE=apricot",
"/bin/sh",
"-c",
"apt-get update && env DEBIAN_FRONTEND=noninteractive apt-get install -y fcitx fcitx-googlepinyin fcitx-module-cloudpinyin && mkdir -p /etc/xdg/autostart && echo \"[Desktop Entry]\\nEncoding=UTF-8\\nVersion=0.9.4\\nType=Application\\nName=fcitx\\nComment=\\nExec=/usr/bin/fcitx-autostart\\n\" > /etc/xdg/autostart/fcitx.desktop"
],
"Image": "sha256:162ab2d1348717e9cf43ba9320e00a7ec6398761c1481c86c635b3c3760978eb",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": null
},
"DockerVersion": "19.03.8",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"SHELL=/bin/bash",
"LANG=en_US.UTF-8",
"XMODIFIERS=@im=fcitx",
"QT4_IM_MODULE=fcitx",
"QT_IM_MODULE=fcitx",
"GTK_IM_MODULE=fcitx"
],
"Cmd": [
"startdde"
],
"Image": "sha256:162ab2d1348717e9cf43ba9320e00a7ec6398761c1481c86c635b3c3760978eb",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": null
},
"Architecture": "amd64",
"Os": "linux",
"Size": 4838773421,
"VirtualSize": 4838773421,
"GraphDriver": {
"Data": {
"LowerDir": "/opt/docker/overlay2/3b15c2319df580af14ca45a1ae69278381a17ff2b45680d16a1816d6e976caf6/diff:/opt/docker/overlay2/30e317f12ae741a2937904a129f81b5bf913096750cbd0c2308b2f6d1fd00257/diff:/opt/docker/overlay2/8128fe2cd0a0aa15059f0a2c5b77d7205e4e66a8507f0d4a0fd40a7914d30ad4/diff:/opt/docker/overlay2/2cb5bf01f2e114076f503207d1b7c3f0e932f50352fbf44943d66e74f3d10f5b/diff:/opt/docker/overlay2/8bf05e021ba5a5edddd7ec902ff7d42e6210e9615033fe2f7a6215ee2d4a351c/diff:/opt/docker/overlay2/dffe655ec5d5910822c467bcaa7e6024780e60b6ed74d4f4d9d9c7df04c61be2/diff:/opt/docker/overlay2/805fc245ec78daf4a8b430e9427193ab634ec1a450a0bba04477c46980544754/diff:/opt/docker/overlay2/2ebebf486816adfccde586f20d98bef40536fcb54f90dd42edcd8d5310e41e6f/diff",
"MergedDir": "/opt/docker/overlay2/14373f5691e83aa001478d46ac15009c7de57474df27b1b56d9e2d06d4a45720/merged",
"UpperDir": "/opt/docker/overlay2/14373f5691e83aa001478d46ac15009c7de57474df27b1b56d9e2d06d4a45720/diff",
"WorkDir": "/opt/docker/overlay2/14373f5691e83aa001478d46ac15009c7de57474df27b1b56d9e2d06d4a45720/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:5f48daee7ed6bed7e49dda9e3d9f97b5f989340cc9501512a82e853049aec6a9",
"sha256:2655e522277556d5746d43569acd09bb05923d29ccae80ef5943794bad37a4e8",
"sha256:b54faad624c4f41b47b0381c6c66c70ec146b528087e4e972699a7c097d5cd98",
"sha256:72dc232aa994842eec37e8de5e5f1a07cbe4614e6e21eaebc2ac82563836dc47",
"sha256:0d055b82ddf3427264cf14d0cfc0f78e678a22c8ac78f49a97a7ddfbd4a0cd0b",
"sha256:7f2f2acdb3607185b3a1c15c18572cb2440c1bb75d54ffddea400810b83a7108",
"sha256:33414a4e19775908ed074b33524794ba30575067c10cc1aab403616c508131f5",
"sha256:8398347bd0512dc54e4f9ad74fe75a645da45ef1f82ffede4b9d3662438d2403",
"sha256:80e72052ac1991eb8147a906a7fc00e91e925d6e0dbad5b081ecb0d7400b0a7c"
]
},
"Metadata": {
"LastTagTime": "0001-01-01T00:00:00Z"
}
}
]
I tried with --sudouser=nopasswd, but the sudo -i still requires password:
Odd. It works well here, with v6.9.0 as well as with latest master. Please try if
sudo -i
works here:x11docker -ti hongyizhao/deepin-wine:latest bash
It freezes as below forever:
$ x11docker -ti hongyizhao/deepin-wine:latest bash
x11docker WARNING: User werner is member of group docker.
That allows unprivileged processes on host to gain root privileges.
x11docker WARNING: You are running GNOME desktop in outdated version
GNOME Shell 3.36.4
This might cause issues with host applications if using additional X servers.
It is recommended to use another desktop environment or GNOME >= 3.38.
Only otherwise discouraged option --hostdisplay might work as expected.
I have no idea what is going wrong.
The parser gives a correct result for the docker inspect
output, it returns 'startdde'
.
It freezes as below forever:
Odd as well. You should get an interactive tty, works here.
Please run tests with other images and the latest x11docker master version, for example:
x11docker x11docker/check
x11docker -ti --sudouser=nopasswd x11docker/check bash
Both were failed as shown below:
$ x11docker --version
6.9.1-beta-3
$ x11docker x11docker/check
x11docker WARNING: User werner is member of group docker.
That allows unprivileged processes on host to gain root privileges.
x11docker WARNING: You are running GNOME desktop in outdated version
GNOME Shell 3.36.4
This might cause issues with host applications if using additional X servers.
It is recommended to use another desktop environment or GNOME >= 3.38.
Only --xorg or discouraged option --hostdisplay might work as expected.
x11docker note: Using X server option --hostdisplay
x11docker WARNING: Clipboard isolation may fail.
x11docker note: To allow protection against X security leaks,
please install 'xinit' and one or more of:
xpra, Xephyr, nxagent, weston+Xwayland, kwin_wayland+Xwayland or Xnest,
or run a second Xorg server with option --xorg.
x11docker WARNING: Option --hostdisplay provides only low container isolation!
It is recommended to use another X server option like --nxagent or --xpra.
To improve security with --hostdisplay x11docker uses untrusted cookies.
This can lead to strange behaviour of some applications.
If you encounter application errors, enable option --clipboard
that disables security restrictions for --hostdisplay as a side effect.
x11docker note: Option --hostdisplay may fail with proprietary NVIDIA driver
on host. In that case try other X server options like
--nxagent, --xpra or --xephyr.
/x11docker/cmdrc: 51: /x11docker/cmdrc: [/bin/sh,: not found
$ x11docker -ti --sudouser=nopasswd x11docker/check bash
x11docker WARNING: User werner is member of group docker.
That allows unprivileged processes on host to gain root privileges.
x11docker note: Option --sudouser: If you want to run GUI application
with su or sudo, you might need to add either option --xoverip
or (discouraged) option --network=host.
x11docker WARNING: Option --sudouser severly reduces container security.
Container gains additional capabilities to allow sudo and su.
If an application breaks out of container, it can harm your system
in many ways without you noticing. Default password: x11docker
x11docker note: Option --sudouser: Enabling option --newprivileges=yes.
You can avoid this with --newprivileges=no
x11docker WARNING: Option --newprivileges=yes: x11docker does not set
docker run option --security-opt=no-new-privileges.
That degrades container security.
However, this is still within a default docker setup.
werner@ffc2631a88f0:~$ sudo -i
bash: sudo: command not found
Sorry for my late response.
Can you please show me the output of python --version
?
Here I get Python 2.7.18
, it works well. Also tested with python3 Python 3.9.2
.
Can you please show me the output of python --version?
Thank you very much for pointing this out.
The system python version is:
$ python --version
Python 3.8.5
I use pyenv as the python version manager, and have the following python versions installed:
$ pyenv versions| egrep '^[ 0-9.]+$'
2.7.18
3.5.6
3.6.10
3.7.7
3.8.3
3.9.1
3.9.2
Here I get Python 2.7.18, it works well. Also tested with python3 Python 3.9.2.
By testing with the following x11docker git master version, on my side, Python 2.7.18 works, while 3.8.5 (system's default version) and 3.9.2 failed:
$ x11docker --version
6.9.1-beta-3
I found and fixed the bug. I could reproduce it with python 3.9.2. I have missed to check a late change in the code with python3.
Thank you for reporting and testing! x11docker 6.9.1-beta-4
should work now on your system.
Yes. But there is a very small probability that this problem will still occur.
Another issue: the problem reported previously about the following option remains the same:
--sudouser=nopasswd
Sorry for my late response. I'll have a look at --sudouser=nopasswd
.
I finally checked again; --sudouser=nopasswd
works as intended here.
If you still have issues with it, please open a new ticket.
werner@ffc2631a88f0:~$ sudo -i
bash: sudo: command not found
It will obviously only work if sudo
is installed in the image.
OK. I'll continue to follow-up.
On Ubuntu 20.04, I try to start my docker container deepin-wine with the latest git master version of x11docker, but failed. See below for the more detailed info:
Any hints for this problem?
Regards, HY