search

mviereck / x11docker

Run GUI applications and desktops in docker and podman containers. Focus on security.
MIT License
5.62k stars 378 forks source link

Error building: unable to prepare context, path not found [snap] #448

Closed jostrn closed 2 years ago

jostrn commented 2 years ago 
$ x11docker --build x11docker/xserver
x11docker note: Download of https://raw.githubusercontent.com/mviereck/dockerfile-x11docker-xserver/master/Dockerfile

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  5272  100  5272    0     0  13945      0 --:--:-- --:--:-- --:--:-- 13984
x11docker note: Download of https://raw.githubusercontent.com/mviereck/dockerfile-x11docker-xserver/master/XlibNoSHM.so

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    14  100    14    0     0     40      0 --:--:-- --:--:-- --:--:--    40
x11docker note: Building x11docker/xserver

unable to prepare context: path "/tmp/x11docker-build-x11docker-xserver" not found

x11docker ERROR: Option --build: Building image 'x11docker/xserver' failed.
$ ls /tmp/
snap.docker                                                                   systemd-private-db52d4e636bd495c8d689132e365264d-systemd-logind.service-t5ZadI     x11docker-build-x11docker-fvwm
snap.lxd                                                                      systemd-private-db52d4e636bd495c8d689132e365264d-systemd-resolved.service-H0BwyZ   x11docker-build-x11docker-lxde
systemd-private-db52d4e636bd495c8d689132e365264d-ModemManager.service-RJ2WDY  systemd-private-db52d4e636bd495c8d689132e365264d-systemd-timesyncd.service-b5uZPc  x11docker-build-x11docker-xserver
$ ls /tmp/x11docker-build-x11docker-xserver
Dockerfile  XlibNoSHM.so

I tried

  1. x11docker --build x11docker/xserver,
  2. x11docker --build x11docker/fvwm, and
  3. x11docker --build x11docker/lxde.

Error was

  1. unable to prepare context: path "/tmp/x11docker-build-x11docker-xserver" not found,
  2. unable to prepare context: path "/tmp/x11docker-build-x11docker-fvwm" not found,
  3. unable to prepare context: path "/tmp/x11docker-build-x11docker-lxde" not found.

The environment is a freshly installed Ubuntu 22.04 LTS x64 in a VirtualBox with nothing except Docker (20.10.14, build a224086349), xdg-utils (+162 dependencies), and x11docker (7.1.4).

mviereck commented 2 years ago

Thank you for the report! I had a similar issue two days ago that only affected x11docker/xserver: https://github.com/mviereck/dockerfile-x11docker-xserver/issues/1 That one is fixed in latest master version.

However, your issue is different. Your output of ls /tmp indicates that you are using docker in snap instead of a native package installation with apt (typical for ubuntu server only). It seems to me that docker in snap cannot access /tmp from host.

I'll think of a solution. Maybe x11docker should use $HOME instead of /tmp.

Overall I discourage Docker in snap and recommend a native package installation with apt. Docker in snap causes some restrictions for x11docker making some features impossible. However, x11docker --build should work with docker in snap, too.

mviereck commented 2 years ago

I've changed the build path from /tmp to $HOME. Please update to latest master and try if that works for you. ( x11docker --update-master ).

jostrn commented 2 years ago

Wow, your response was super-fast! And you're completely right: I got Docker via snap.

$ snap list
Name    Version        Rev    Tracking       Publisher   Notes
core18  20220428       2409   latest/stable  canonical✓  base
core20  20220527       1518   latest/stable  canonical✓  base
docker  20.10.14       1779   latest/stable  canonical✓  -
lxd     5.0.0-b0287c1  22923  5.0/stable/…   canonical✓  -
snapd   2.56           16010  latest/stable  canonical✓  snapd

Since Ubuntu is pushing into this direction, I thought it would be the best way, but I'm not married with snap at all. If traditional install is better, I'll change my setup.

Your new version fixed the error, but the build only takes about 3 seconds? That seems very fast... How can I test for success? So far I can say that there's no new image in Docker.

x11docker --build x11docker/xserver
Traceback (most recent call last):
  File "<stdin>", line 42, in <module>
  File "<stdin>", line 19, in parse_inspect
IndexError: string index out of range
x11docker note: Download of https://raw.githubusercontent.com/mviereck/dockerfile-x11docker-xserver/master/Dockerfile

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  5272  100  5272    0     0  15308      0 --:--:-- --:--:-- --:--:-- 15325
x11docker note: Download of https://raw.githubusercontent.com/mviereck/dockerfile-x11docker-xserver/master/XlibNoSHM.c

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3971  100  3971    0     0  10616      0 --:--:-- --:--:-- --:--:-- 10646
x11docker note: Building x11docker/xserver
mviereck commented 2 years ago

Something seems to have failed. That Traceback error message should not appear, and the build should take a long time. Here it succeeds. After success the image should appear in docker images.

I have made a lot of code changes and commits today. Can you please update again and try to build again? Maybe you got an intermediate buggy version. (I am still at bug hunting yet, working on conceptional changes to support multiple rootless and rootful backends)

jostrn commented 2 years ago

I removed x11docker with --remove and installed it again with curl ... | sudo bash .... That leads to the original error message. After updating master I again get the IndexError: string index out of range.

Building with the Debug-flags I get traperror: Command at Line 988 returned with error code 1. Maybe that can help you. Here's the full Debug output:

$ x11docker --build x11docker/xserver -D -v -V
==> /home/admin1/.cache/x11docker/14462299081-xserver/share/stderr <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/stdout <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/compositor.log <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/container.log <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/systemd.journal.log <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/message.log <==

DEBUGNOTE[21:21:03,538]: Detected cgroup v2
DEBUGNOTE[21:21:03,707]: check_host(): ps can watch root processes: yes
DEBUGNOTE[21:21:03,791]: host user: admin1 1000:1000 /home/admin1
DEBUGNOTE[21:21:04,417]: storeinfo(): cache=/home/admin1/.cache/x11docker/14462299081-xserver
DEBUGNOTE[21:21:04,439]: storeinfo(): stdout=/home/admin1/.cache/x11docker/14462299081-xserver/share/stdout
DEBUGNOTE[21:21:04,459]: storeinfo(): stderr=/home/admin1/.cache/x11docker/14462299081-xserver/share/stderr

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/xinit.log <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/xpra.client.log <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/xpra.server.log <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/stderr <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/stdout <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/compositor.log <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/container.log <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/systemd.journal.log <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/message.log <==

DEBUGNOTE[21:21:03,538]: Detected cgroup v2
DEBUGNOTE[21:21:03,707]: check_host(): ps can watch root processes: yes
DEBUGNOTE[21:21:03,791]: host user: admin1 1000:1000 /home/admin1
DEBUGNOTE[21:21:04,417]: storeinfo(): cache=/home/admin1/.cache/x11docker/14462299081-xserver
DEBUGNOTE[21:21:04,439]: storeinfo(): stdout=/home/admin1/.cache/x11docker/14462299081-xserver/share/stdout
DEBUGNOTE[21:21:04,459]: storeinfo(): stderr=/home/admin1/.cache/x11docker/14462299081-xserver/share/stderr

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/xinit.log <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/xpra.client.log <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/share/xpra.server.log <==

==> /home/admin1/.cache/x11docker/14462299081-xserver/message.log <==
DEBUGNOTE[21:21:04,599]: waitforlogentry(): tailstderr: Waiting for logentry "x11docker=ready" in store.info
DEBUGNOTE[21:21:04,608]: waitforlogentry(): tailstdout: Waiting for logentry "x11docker=ready" in store.info
DEBUGNOTE[21:21:04,675]: storeinfo(): containeruser=admin1
DEBUGNOTE[21:21:04,699]: container user: admin1 1000:1000 /home/admin1
Traceback (most recent call last):
  File "<stdin>", line 42, in <module>
  File "<stdin>", line 19, in parse_inspect
IndexError: string index out of range
DEBUGNOTE[21:21:04,954]: traperror: Command at Line 988 returned with error code 1:
  $Pythonbin - "$@"
  5040 - ::parse_inspect::check_runtime::check_backend::main::main
DEBUGNOTE[21:21:04,972]: storeinfo(): error=64
DEBUGNOTE[21:21:04,996]: time to say goodbye (traperror)
DEBUGNOTE[21:21:05,009]: Default runtime:
x11docker[21:21:05,034]: Image name: x11docker/xserver
  Container command:

DEBUGNOTE[21:21:05,191]: waitforlogentry(): tailstderr: Stopped waiting for x11docker=ready in store.info due to terminating signal.
DEBUGNOTE[21:21:05,189]: waitforlogentry(): tailstdout: Stopped waiting for x11docker=ready in store.info due to terminating signal.
x11docker note: Option --build does not support option --debug

x11docker note: Option --build does not support option --verbose

x11docker note: Download of https://raw.githubusercontent.com/mviereck/dockerfile-x11docker-xserver/master/Dockerfile

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  5272  100  5272    0     0  14799      0 --:--:-- --:--:-- --:--:-- 14808
x11docker note: Download of https://raw.githubusercontent.com/mviereck/dockerfile-x11docker-xserver/master/XlibNoSHM.c

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3971  100  3971    0     0  20117      0 --:--:-- --:--:-- --:--:-- 20157
x11docker note: Building x11docker/xserver

DEBUGNOTE[21:21:06,444]: Terminating x11docker.
DEBUGNOTE[21:21:06,457]: time to say goodbye (finish)
DEBUGNOTE[21:21:06,511]: x11docker exit code: 64
mviereck commented 2 years ago

Building with the Debug-flags I get traperror: Command at Line 988 returned with error code 1. Maybe that can help you. Here's the full Debug output:

That helps indeed! I could encircle where the issue happens. Though, I am still curious why it fails at all and suspect something special concerning snap.

Does the command docker info --format='{{json .}}' give a useful output? That one seems to have failed without returning an error code. I have added a check for empy output to catch this case.

Yet I am downloading an ubuntu server iso to reproduce the issue in a VM.

jostrn commented 2 years ago

Maybe it is a permission issue! I tried the build with normal user permissions.

$ docker info --format='{{json .}}'
{"ServerErrors":["Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get \"http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info\": dial unix /var/run/docker.sock: connect: permission denied"],"ClientInfo":{"Debug":false,"Context":"default","Plugins":[],"Warnings":null}}
$ sudo docker info --format='{{json .}}'
{"ID":"CGAR:DR5O:7RE6:PIHQ:MF75:MYQE:5RVK:QJE3:I25P:Y3LK:XQBK:I2CK","Containers":4,"ContainersRunning":1,"ContainersPaused":0,"ContainersStopped":3,"Images":4,"Driver":"overlay2","DriverStatus":[["Backing Filesystem","btrfs"],["Supports d_type","true"],["Native Overlay Diff","true"],["userxattr","false"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","ipvlan","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","local","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":false,"KernelMemoryTCP":false,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":true,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":false,"NFd":47,"OomKillDisable":false,"NGoroutines":166,"SystemTime":"2022-06-17T10:15:38.713673564Z","LoggingDriver":"json-file","CgroupDriver":"systemd","CgroupVersion":"2","NEventsListener":0,"KernelVersion":"5.15.0-39-generic","OperatingSystem":"Ubuntu Core 18","OSVersion":"18","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":[],"AllowNondistributableArtifactsHostnames":[],"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":[],"Secure":true,"Official":true}},"Mirrors":[]},"NCPU":1,"MemTotal":2073800704,"GenericResources":null,"DockerRootDir":"/var/snap/docker/common/var-lib-docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"mgmt1","Labels":[],"ExperimentalBuild":false,"ServerVersion":"20.10.14","Runtimes":{"io.containerd.runc.v2":{"path":"runc"},"io.containerd.runtime.v1.linux":{"path":"runc"},"runc":{"path":"runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"nlxns0r9xutdlzn3w9jcud75i","NodeAddr":"192.168.178.166","LocalNodeState":"active","ControlAvailable":true,"Error":"","RemoteManagers":[{"NodeID":"nlxns0r9xutdlzn3w9jcud75i","Addr":"192.168.178.166:2377"}],"Nodes":1,"Managers":1,"Cluster":{"ID":"ba97d8rbai2vcsq370tdews6q","Version":{"Index":1425},"CreatedAt":"2022-06-10T01:04:45.057414883Z","UpdatedAt":"2022-06-17T01:19:40.609715265Z","Spec":{"Name":"default","Labels":{},"Orchestration":{"TaskHistoryRetentionLimit":5},"Raft":{"SnapshotInterval":10000,"KeepOldSnapshots":0,"LogEntriesForSlowFollowers":500,"ElectionTick":10,"HeartbeatTick":1},"Dispatcher":{"HeartbeatPeriod":5000000000},"CAConfig":{"NodeCertExpiry":7776000000000000},"TaskDefaults":{},"EncryptionConfig":{"AutoLockManagers":false}},"TLSInfo":{"TrustRoot":"-----BEGIN CERTIFICATE-----\nMIIBajCCARCgAwIBAgIUInUq+MeXSc3mStyuutGxlVSM0+YwCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMjIwNjEwMDEwMDAwWhcNNDIwNjA1MDEw\nMDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABHFXi0xeCk7eSbpewGRVTpsfjUCxBKs22X3TmjOS3aNE57y2OW4/LPpmEWNE\nxCIIY/E5Y1LappNZMiiOPSsgq/ejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBRnFoHjIrQdC9YrMDYbRrda/7sGcTAKBggqhkjO\nPQQDAgNIADBFAiAQq9OxZJdb9opojJOkXuyJh9dKy8t7xhsaa4L6XN3CXgIhAP9T\nIJtCHUnXQglW15fTWEu9i2XAp2KGNv64qM1KDVaM\n-----END CERTIFICATE-----\n","CertIssuerSubject":"MBMxETAPBgNVBAMTCHN3YXJtLWNh","CertIssuerPublicKey":"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcVeLTF4KTt5Jul7AZFVOmx+NQLEEqzbZfdOaM5Ldo0TnvLY5bj8s+mYRY0TEIghj8TljUtqmk1kyKI49KyCr9w=="},"RootRotationInProgress":false,"DefaultAddrPool":["10.0.0.0/8"],"SubnetSize":24,"DataPathPort":4789}},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"3df54a852345ae127d1fa3092b95168e4a88e2f8","Expected":"3df54a852345ae127d1fa3092b95168e4a88e2f8"},"RuncCommit":{"ID":"","Expected":""},"InitCommit":{"ID":"de40ad0","Expected":"de40ad0"},"SecurityOptions":["name=apparmor","name=seccomp,profile=default","name=cgroupns"],"Warnings":null,"ClientInfo":{"Debug":false,"Context":"default","Plugins":[],"Warnings":null}}

I can unsnap Docker and apt-get install it later.

mviereck commented 2 years ago

Maybe it is a permission issue! I tried the build with normal user permissions.

Good to know! x11docker should have catched that, obviously it does not.

I can unsnap Docker and apt-get install it later.

You can also try sudo x11docker [...] or (security risk) add your user to group docker. However, in the long term I recommend to unsnap docker.

mviereck commented 2 years ago

I've made some tests on Ubuntu 22.04 server and some fixes. The docker info check is fixed, curiously the docker error is printed to stdout and has exit code 0 / success.

x11docker/xserver is not useable in docker-snap, so option --xc is disabled in that case.

I had a deeper look at snap, it does not allow any configuration that would remove some of its restrictions.

jostrn commented 2 years ago

I unsnaped Docker and got it via apt. That solved all issues, all three builds do work now :-) Thank you for identifying the restrictions in snap.

One small error occurred with lxde that didn't appear with xserver and fvwm. Since the image gets build, the issue seems to have no effect at all.

x11docker --build x11docker/lxde
[...]
Successfully built 481936dab503
Successfully tagged x11docker/lxde:latest
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory