pufferffish
commented
7 months ago Which distro are you using and what command did you use to launch wireproxy?
Closed fanite closed 7 months ago
pufferffish
commented
7 months ago Which distro are you using and what command did you use to launch wireproxy?
fanite
commented
7 months ago docker default command to launch wireproxy, the image inspecti:
{
"status": {
"id": "sha256:d914cb4ae4ec2f9217761efca4966c3a14e0e35419fa56d2225f160c555bbf84",
"repoTags": [
"ghcr.io/pufferffish/wireproxy:latest"
],
"repoDigests": [
"ghcr.io/pufferffish/wireproxy@sha256:edb64bf0841d9cf66dbade115806b405bdc80c484c0d5d44259e28aaceec0f78"
],
"size": "4476069",
"uid": {
"value": "65532"
},
"username": "",
"spec": null,
"pinned": false
},
"info": {
"chainID": "sha256:ef2465a50a15631f4febb8a5d48f57e1e980aeb81bcd4fd172657910bd4d5d5c",
"imageSpec": {
"created": "2024-04-13T01:40:33.915740631Z",
"architecture": "amd64",
"os": "linux",
"config": {
"User": "65532",
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"
],
"Entrypoint": [
"/usr/bin/wireproxy"
],
"Cmd": [
"--config",
"/etc/wireproxy/config"
],
"Volumes": {
"/etc/wireproxy": {}
},
"WorkingDir": "/home/nonroot",
"Labels": {
"org.opencontainers.image.created": "2024-04-13 01:39:04+00:00",
"org.opencontainers.image.description": "Wireguard client that exposes itself as a socks5 proxy",
"org.opencontainers.image.documentation": "https://github.com/pufferffish/wireproxy",
"org.opencontainers.image.licenses": "ISC",
"org.opencontainers.image.ref.name": "master",
"org.opencontainers.image.revision": "a6797166eba8cfd77de54e8ede1051a9bf4baeee",
"org.opencontainers.image.source": "https://github.com/pufferffish/wireproxy",
"org.opencontainers.image.title": "wireproxy",
"org.opencontainers.image.url": "https://github.com/pufferffish/wireproxy/packages",
"org.opencontainers.image.vendor": "pufferffish"
},
"ArgsEscaped": true
},
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:32ae37dc07be998c2ea491ff1a9826b2873cd0cf6b5c40ccfc65990bb649b7ad",
"sha256:577c8ee06f39e2bc276615f1058fa40081255ce5e2f072df4875e27868de5660",
"sha256:9ed498e122b248a801130d052c25418381ee7bf215cdf7990965bae0dc37dcc2",
"sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368",
"sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc",
"sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc",
"sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b",
"sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1",
"sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849",
"sha256:c048279a7d9f8e94b4c022b699ad8e8a0cb08b717b014ce4af15afaf375a6ac2",
"sha256:2388d21e8e2b74e055216652e6af384768e97513ad568e10c27bacec389b7f0a",
"sha256:68535514a7818d9bf0de594c7e853f03454b4354db81ea5006c3d386f589bbd4"
]
},
"history": [
{
"created": "2024-04-13T01:40:33.915740631Z",
"created_by": "COPY /usr/src/wireproxy/wireproxy /usr/bin/wireproxy # buildkit",
"comment": "buildkit.dockerfile.v0"
},
{
"created": "2024-04-13T01:40:33.915740631Z",
"created_by": "VOLUME [/etc/wireproxy]",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
},
{
"created": "2024-04-13T01:40:33.915740631Z",
"created_by": "ENTRYPOINT [\"/usr/bin/wireproxy\"]",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
},
{
"created": "2024-04-13T01:40:33.915740631Z",
"created_by": "CMD [\"--config\" \"/etc/wireproxy/config\"]",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
},
{
"created": "2024-04-13T01:40:33.915740631Z",
"created_by": "LABEL org.opencontainers.image.title=wireproxy",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
},
{
"created": "2024-04-13T01:40:33.915740631Z",
"created_by": "LABEL org.opencontainers.image.description=Wireguard client that exposes itself as a socks5 proxy",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
},
{
"created": "2024-04-13T01:40:33.915740631Z",
"created_by": "LABEL org.opencontainers.image.licenses=ISC",
"comment": "buildkit.dockerfile.v0",
"empty_layer": true
}
]
}
}
}k8s manifest:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: warp
labels:
helm.sh/chart: warp-0.1.0
app.kubernetes.io/name: warp
app.kubernetes.io/instance: warp
app.kubernetes.io/version: "latest"
app.kubernetes.io/managed-by: Helm
spec:
serviceName: warp
selector:
matchLabels:
app.kubernetes.io/name: warp
app.kubernetes.io/instance: warp
template:
metadata:
labels:
app.kubernetes.io/name: warp
app.kubernetes.io/instance: warp
spec:
containers:
- name: warp
image: "ghcr.io/pufferffish/wireproxy:latest"
imagePullPolicy: IfNotPresent
ports:
- name: socks5
containerPort: 10801
protocol: TCP
- name: http
containerPort: 10802
protocol: TCP
env:
- name: TZ
value: Asia/Shanghai
volumeMounts:
- name: wireproxy
mountPath: /etc/wireproxy
volumes:
- name: wireproxy
configMap:
name: warp
items:
- key: wgcf-profile.conf
path: config
- key: wgcf-account.toml
path: wgcf-account.tomlWhich distro are you using and what command did you use to launch wireproxy?
Updated issue information
jinnatar
commented
7 months ago Facing this as well. It seems the landlock config at https://github.com/pufferffish/wireproxy/blob/a6797166eba8cfd77de54e8ede1051a9bf4baeee/cmd/wireproxy/main.go#L78 assumes that a whole bunch of paths will exist, which in fact do not and should not exist in a container environment.
2024/04/17 21:42:40 populating ruleset for "/etc/localtime" with access {execute,read_file}: open: no such file or directory