slimtoolkit / slim

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
Apache License 2.0
19.64k stars 737 forks source link

Sensor failure due to FANOTIFY exceptions (was - /creport.json: no such file or directory stack=goroutine 1 [running]): #36

Open k3ck3c opened 7 years ago

k3ck3c commented 7 years ago

Hello

I noticed the issue 27, here are some details on my similar problem I launch my container with

docker run -e DISPLAY -v $HOME/.Xauthority:/home/developer/.Xauthority -v /tmp/.X11-unix:/tmp/.X11-unix:ro --net=host k3ck3c/captvty_2562

I get an error

$ ./docker-slim build k3ck3c/captvty_2562 docker-slim: [build] image=k3ck3c/captvty_2562 http-probe=false remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[] INFO[0000] docker-slim: inspecting 'fat' image metadata... INFO[0000] docker-slim: [sha256:98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067] 'fat' image size => 3043839780 (3.0 GB)

INFO[0000] docker-slim: processing 'fat' image info...
INFO[0000] docker-slim: starting instrumented 'fat' container... INFO[0000] docker-slim: created container => 49441d79446d7e64dc3e57781751772900cc52a7bf6c7a3ee86f6fff3710b226 INFO[0000] docker-slim: watching container monitor...
docker-slim: press when you are done using the container...

INFO[0069] sendCmd(): receive timeout...
INFO[0069] docker-slim: waiting for the container finish its work... WARN[0189] docker-slim: warning error=receive time out stack=goroutine 1 [running]: runtime/debug.Stack(0x0, 0x0, 0x0) /usr/local/go/src/runtime/debug/stack.go:24 +0x79 github.com/docker-slim/docker-slim/utils.WarnOn(0x97bc60, 0xc42000f9e0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:18 +0x51 github.com/docker-slim/docker-slim/master/inspectors/container.(Inspector).FinishMonitoring(0xc42013c240) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/inspectors/container/container_inspector.go:246 +0x1d7 github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffdec0c529d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:112 +0xa7f main.init.1.func4(0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713 reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...) /usr/local/go/src/reflect/value.go:434 +0x5c8 reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc42002c800, 0xc4200dd910, 0x4b25f6) /usr/local/go/src/reflect/value.go:302 +0xa4 github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0 github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b github.com/codegangsta/cli.(App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611 main.runCli() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55 main.main() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19

INFO[0189] docker-slim: shutting down 'fat' container... WARN[0190] docker-slim: warning error=Container not running: 49441d79446d7e64dc3e57781751772900cc52a7bf6c7a3ee86f6fff3710b226 stack=goroutine 1 [running]: runtime/debug.Stack(0x55, 0x0, 0x0) /usr/local/go/src/runtime/debug/stack.go:24 +0x79 github.com/docker-slim/docker-slim/utils.WarnOn(0x97bda0, 0xc42034bda0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:18 +0x51 github.com/docker-slim/docker-slim/master/inspectors/container.(Inspector).ShutdownContainer(0xc42013c240, 0x1, 0x1) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/inspectors/container/container_inspector.go:224 +0xd0 github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffdec0c529d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:115 +0xb26 main.init.1.func4(0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713 reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...) /usr/local/go/src/reflect/value.go:434 +0x5c8 reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc42002c800, 0xc4200dd910, 0x4b25f6) /usr/local/go/src/reflect/value.go:302 +0xa4 github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0 github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b github.com/codegangsta/cli.(App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611 main.runCli() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55 main.main() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19

INFO[0190] docker-slim: processing instrumented 'fat' container info... INFO[0190] docker-slim: generating AppArmor profile...
FATA[0190] docker-slim: failure error=stat /home/gg/bbc/strip-docker-image/docker_slim/dist_linux/.images/98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067/artifacts/creport.json: no such file or directory stack=goroutine 1 [running]: runtime/debug.Stack(0x4a0d9b, 0xc4200128c0, 0xc4200dcbf0) /usr/local/go/src/runtime/debug/stack.go:24 +0x79 github.com/docker-slim/docker-slim/utils.FailOn(0x97c960, 0xc42021abd0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:11 +0x51 github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffdec0c529d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:120 +0xbfd main.init.1.func4(0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713 reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...) /usr/local/go/src/reflect/value.go:434 +0x5c8 reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc42002c800, 0xc4200dd910, 0x4b25f6) /usr/local/go/src/reflect/value.go:302 +0xa4 github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0 github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b github.com/codegangsta/cli.(*App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611 main.runCli() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55 main.main() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19

Thanks for your time

kcq commented 7 years ago

Thanks a lot for the report! I really appreciate it! Looks like the container died. I wonder if you managed to save the log from the container docker-slim created? Either way, it'll be useful to collect the target container's log automatically and produce a more obvious error.

k3ck3c commented 7 years ago

I just launched it again, and docker logs of the container showed

$ docker logs 8fb time="2017-03-26T11:08:44Z" level=info msg="sensor: args => []string{\"/opt/dockerslim/bin/sensor\"}\n" time="2017-03-26T11:08:44Z" level=info msg="sensor: creating event publisher..." time="2017-03-26T11:08:44Z" level=info msg="sensor: creating cmd server..." time="2017-03-26T11:08:44Z" level=info msg="sensor: waiting for commands..." time="2017-03-26T11:08:44Z" level=info msg="sensor: monitor starting..." time="2017-03-26T11:08:44Z" level=info msg="fanmon: starting..." time="2017-03-26T11:08:44Z" level=fatal msg="docker-slim: failure" error="operation not permitted" stack="goroutine 1 [running]:\nruntime/debug.Stack(0xc4200e8180, 0x66de00, 0xc4200e6190)\n\t/usr/local/go/src/runtime/debug/stack.go:24 +0x79\ngithub.com/docker-slim/docker-slim/utils.FailOn(0x66de00, 0xc4200e6190)\n\t/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:11 +0x51\ngithub.com/docker-slim/docker-slim/sensor/monitors/fanotify.Run(0x5b14ba, 0x1, 0xc4200e8120, 0x12)\n\t/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/sensor/monitors/fanotify/monitor.go:29 +0xd7\nmain.monitor(0xc4200b8150, 0xc4200b03c0, 0xc4200b0420, 0xc4200b81c0, 0xc4200b0600, 0xc42000aa58, 0x8)\n\t/GITHUB/docker-slim-org/docker-slim/apps/docker-slim-sensor/main.go:46 +0x173\nmain.main()\n\t/GITHUB/docker-slim-org/docker-slim/apps/docker-slim-sensor/main.go:128 +0x976\n"

When I started docker-slim, I got

$ ./docker-slim build k3ck3c/captvty_2562 docker-slim: [build] image=k3ck3c/captvty_2562 http-probe=false remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[] INFO[0000] docker-slim: inspecting 'fat' image metadata... INFO[0000] docker-slim: [sha256:98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067] 'fat' image size => 3043839780 (3.0 GB)

INFO[0000] docker-slim: processing 'fat' image info...
INFO[0000] docker-slim: starting instrumented 'fat' container... INFO[0000] docker-slim: created container => 8fb0b52a7a0311452488a50bca134828e63a415b1507f91ed46bc9b7e8c19e01 INFO[0001] docker-slim: watching container monitor...
docker-slim: press when you are done using the container...

INFO[0047] sendCmd(): receive timeout...
INFO[0047] docker-slim: waiting for the container finish its work... WARN[0167] docker-slim: warning error=receive time out stack=goroutine 1 [running]: runtime/debug.Stack(0x0, 0x0, 0x0) /usr/local/go/src/runtime/debug/stack.go:24 +0x79 github.com/docker-slim/docker-slim/utils.WarnOn(0x97bc60, 0xc42000f9e0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:18 +0x51 github.com/docker-slim/docker-slim/master/inspectors/container.(Inspector).FinishMonitoring(0xc42013e240) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/inspectors/container/container_inspector.go:246 +0x1d7 github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffcf0adc29d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:112 +0xa7f main.init.1.func4(0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713 reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...) /usr/local/go/src/reflect/value.go:434 +0x5c8 reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc420058000, 0xc4200dd910, 0x4b25f6) /usr/local/go/src/reflect/value.go:302 +0xa4 github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0 github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b github.com/codegangsta/cli.(App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611 main.runCli() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55 main.main() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19

INFO[0167] docker-slim: shutting down 'fat' container... WARN[0168] docker-slim: warning error=Container not running: 8fb0b52a7a0311452488a50bca134828e63a415b1507f91ed46bc9b7e8c19e01 stack=goroutine 1 [running]: runtime/debug.Stack(0x55, 0x0, 0x0) /usr/local/go/src/runtime/debug/stack.go:24 +0x79 github.com/docker-slim/docker-slim/utils.WarnOn(0x97bda0, 0xc4203ad7e0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:18 +0x51 github.com/docker-slim/docker-slim/master/inspectors/container.(Inspector).ShutdownContainer(0xc42013e240, 0x1, 0x1) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/inspectors/container/container_inspector.go:224 +0xd0 github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffcf0adc29d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:115 +0xb26 main.init.1.func4(0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713 reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...) /usr/local/go/src/reflect/value.go:434 +0x5c8 reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc420058000, 0xc4200dd910, 0x4b25f6) /usr/local/go/src/reflect/value.go:302 +0xa4 github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0 github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b github.com/codegangsta/cli.(App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611 main.runCli() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55 main.main() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19

INFO[0168] docker-slim: processing instrumented 'fat' container info... INFO[0168] docker-slim: generating AppArmor profile...
FATA[0168] docker-slim: failure error=stat /home/gg/bbc/strip-docker-image/docker_slim/dist_linux/.images/98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067/artifacts/creport.json: no such file or directory stack=goroutine 1 [running]: runtime/debug.Stack(0x4a0d9b, 0xc4200128c0, 0xc4200dcbf0) /usr/local/go/src/runtime/debug/stack.go:24 +0x79 github.com/docker-slim/docker-slim/utils.FailOn(0x97c960, 0xc42027ab40) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:11 +0x51 github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffcf0adc29d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:120 +0xbfd main.init.1.func4(0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713 reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...) /usr/local/go/src/reflect/value.go:434 +0x5c8 reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc420058000, 0xc4200dd910, 0x4b25f6) /usr/local/go/src/reflect/value.go:302 +0xa4 github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0 github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b github.com/codegangsta/cli.(*App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611 main.runCli() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55 main.main() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19

kcq commented 7 years ago

Thank you for the container logs!

The logs show that the docker-slim sensor exited when FANOTIFY failed to initialize ("operation not permitted" error). This happens sometimes due to network filesystem related gotchas (nfs, cifs) or missing CAP_SYS_ADMIN capability. Need to investigate a bit more.

Thanks again for the bug report!

kcq commented 5 years ago

@k3ck3c The new 1.24 release ( https://github.com/docker-slim/docker-slim/releases/tag/1.24 ) added support for non-default users, which may resolve the issue you reported because FANOTIFY can also fail if you run with a user that doesn't have permissions to initialize FANOTIFY. Wonder if you have any cycles to see if it works with your image now. Thanks again for reporting the issue!

k3ck3c commented 5 years ago

Hello

I will try in a few hours and let you know.

Thanks for your time

Le mer. 13 mars 2019 à 04:39, Kyle Quest notifications@github.com a écrit :

@k3ck3c https://github.com/k3ck3c The new 1.24 release ( https://github.com/docker-slim/docker-slim/releases/tag/1.24 ) added support for non-default users, which may resolve the issue you reported because FANOTIFY can also fail if you run with a user that doesn't have permissions to initialize FANOTIFY. Wonder if you have any cycles to see if it works with your image now. Thanks again for reporting the issue!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/docker-slim/docker-slim/issues/36#issuecomment-472267408, or mute the thread https://github.com/notifications/unsubscribe-auth/AC-z06geRV9DeYhswcrU4l0v0BoGZK-Dks5vWHL5gaJpZM4MaonG .

kcq commented 5 years ago

Very curious to hear the results!

k3ck3c commented 5 years ago

Hello

Sorry for the delay

I downloaded your latest version

It does not crash, but it trims way too much the image,

gg@gg-UX305UA:~/bbc$ docker images k3ck3c/captvty_2562 REPOSITORY TAG IMAGE ID CREATED SIZE k3ck3c/captvty_2562 latest 98976d017751 2 years ago 3.04GB gg@gg-UX305UA:~/bbc$ docker images k3ck3c/captvty_2562.slim REPOSITORY TAG IMAGE ID CREATED SIZE k3ck3c/captvty_2562.slim latest 88c8e75a5702 About a minute ago 7.31MB gg@gg-UX305UA:~/bbc$

The build works fine

gg@gg-UX305UA:~/docker-slim/bin/linux$ sudo ./docker-slim build k3ck3c/captvty_2562 [sudo] Mot de passe de gg : docker-slim[build]: state=started docker-slim[build]: info=params target=k3ck3c/captvty_2562 continue.mode=enter docker-slim[build]: state=inspecting.image docker-slim[build]: info=image id=sha256:98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067 size.bytes=3043839780 size.human=3.0 GB docker-slim[build]: info=image.users exe='[gg]' all='[gg]' docker-slim[build]: info=image.layers index=0 name='k3ck3c/captvty_2562' tags='latest' docker-slim[build]: state=inspecting.container docker-slim[build]: info=container status=created id=810aa3c18956af4c12b365f1ec60a4111044144f549c3daa87dc946a4bcf44d7 docker-slim[build]: info=cmd.startmonitor status=sent docker-slim[build]: info=event.startmonitor.done status=received docker-slim[build]: info=container name=dockerslimk_2076_20190321121503 id=810aa3c18956af4c12b365f1ec60a4111044144f549c3daa87dc946a4bcf44d7 target.port.list=[] target.port.info=[] docker-slim[build]: info=prompt message='press when you are done using the container'

docker-slim[build]: state=processing docker-slim[build]: state=building message='building minified image' docker-slim[build]: state=completed docker-slim[build]: info=results status='MINIFIED BY 416.34X [3043839780 (3.0 GB) => 7311032 (7.3 MB)]' docker-slim[build]: info=results image.name=k3ck3c/captvty_2562.slim image.size='7.3 MB' data=true docker-slim[build]: info=results artifacts.location='/home/gg/docker-slim/bin/linux/.images/98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067/artifacts' docker-slim[build]: info=results artifacts.report=creport.json docker-slim[build]: info=results artifacts.dockerfile.original=Dockerfile.fat docker-slim[build]: info=results artifacts.dockerfile.new=Dockerfile docker-slim[build]: info=results artifacts.seccomp=k3ck3c-captvty_2562-seccomp.json docker-slim[build]: info=results artifacts.apparmor=k3ck3c-captvty_2562-apparmor-profile docker-slim[build]: state=done gg@gg-UX305UA:~/docker-slim/bin/linux$

some info

gg@gg-UX305UA:~/docker-slim/bin/linux$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.2 LTS" gg@gg-UX305UA:~/docker-slim/bin/linux$ uname -arn Linux gg-UX305UA 4.15.0-46-generic #49-Ubuntu SMP Wed Feb 6 09:33:07 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux gg@gg-UX305UA:~/docker-slim/bin/linux$

kcq commented 5 years ago

Thanks for the update!

What do you have in your k3ck3c/captvty_2562 image? What is your ENTRYPOINT and your CMD instructions in the image? What happens when you run the minified container? What do you mean by 'it trims way too much'?

k3ck3c commented 5 years ago

in captvty_2562, I have wine, many winetricks modules.

CMD is wine Captvty/Captvty.exe no ENTRYPOINT

I have not tried using the minified container, but it should be at the very least 1.5 GB, an Ubuntu docker image, wine, DotNet40...

it can't be that small

k3ck3c commented 5 years ago

for example, winetricks installs (among other things) windows6.1-KB976932-X86.exe, which is 563 MB, so I doubt the container could be trimmed to 7,31 MB

kcq commented 5 years ago

Yes, it does sound like there should be more stuff in the image :-)

Is there any chance you could share your Dockerfile. I'd love to repro this. You have a very unique setup.

k3ck3c commented 5 years ago

I no longer the Dockerfile of of this one, but a very similar, and more up to date Dockerfile is

FROM ubuntu:16.04 ENV DEBIAN_FRONTEND noninteractive

activate i386 arch for Wine and install stuff we need

RUN dpkg --add-architecture i386 && \ apt-get update && \ BUILD_PACKAGES='wget software-properties-common unzip apt-transport-https openssh-server xauth cabextract winbind squashfs-tools pulseaudio sudo x11-apps xfce4 c ups joe xfce4-terminal xvfb socat x11vnc firefox' &&\ apt-get -qy upgrade && apt-get -qy install $BUILD_PACKAGES && \ AUTO_ADDED_PACKAGES=apt-mark showauto && \

install latest Wine

wget -qO- https://dl.winehq.org/wine-builds/Release.key | apt-key add - && \
apt-add-repository https://dl.winehq.org/wine-builds/ubuntu/ && \
apt-get update && apt-get -qy install --install-recommends winehq-devel && \
# create our user for Wine

useradd -d /home/gg -m -s /bin/bash gg && \ echo gg:gg | chpasswd && \

winetricks

wget https://raw.githubusercontent.com/Winetricks/winetricks/master/src/winetricks -O /tmp/winetricks && \
chmod +x /tmp/winetricks
    USER gg 

ENV WINEDEBUG=-all WINEPREFIX=/home/gg/.wine WINEARCH=win32 RUN winecfg && \ xvfb-run -a /tmp/winetricks -q vcrun2010 dotnet40 gdiplus comctl32 ie8 USER root
RUN apt-get autoremove -y --purge software-properties-common && \ apt-get autoremove -y --purge && \ apt-get remove --purge -y $BUILD_PACKAGES $AUTO_ADDED_PACKAGES && \ apt-get clean -y && \ rm -rf /home/wine/.cache && \ rm -rf /var/lib/apt/lists/ /tmp/ /var/tmp/ USER gg RUN wget -q -O- http://captvty.fr/ | egrep -o '\/\/.+?.zip' | sed 's/\/\//http:\/\//' | xargs wget -O /tmp/Captvty.zip && \ ls -alrt /tmp/Capzip && unzip -d ~/Captvty /tmp/Captvty.zip && rm /tmp/Captvty.zip CMD wine /home/gg/Captvty/Captvty.exe

this soft, available at captvty.fr , is Windows XP compatible, and will ne soon "retired"

The future is at

v3.captvty.fr

it needs DotNet 45 Here is the associated Dockerfile

FROM ubuntu:16.04

inspired by webanck/docker-wine-steam

preparations

ENV DEBIAN_FRONTEND noninteractive ENV LANG fr_FR.UTF-8 ENV LANGUAGE fr_FR:en ENV LC_ALL fr_FR.UTF-8

activate i386 arch for Wine and install stuff we need

RUN locale-gen fr_FR.UTF-8 && \ dpkg --add-architecture i386 && \ apt-get update && \ BUILD_PACKAGES='wget software-properties-common unzip apt-transport-https openssh-server xauth cabextract winbind squashfs-tools pulseaudio x11-apps xfce4 cups joe xfce4-terminal xvfb socat x11vnc' &&\ apt-get -qy upgrade && apt-get -qy install $BUILD_PACKAGES && \ AUTO_ADDED_PACKAGES=apt-mark showauto && \

install latest Wine

wget -qO- https://dl.winehq.org/wine-builds/Release.key | apt-key add - && \
apt-add-repository https://dl.winehq.org/wine-builds/ubuntu/ && \
apt-get update && apt-get -qy install --no-install-recommends winehq-devel && \

# make sshd work and enable X11 forwarding
# create our user for Wine

useradd -d /home/gg -m -s /bin/bash gg && \ echo gg:gg | chpasswd && \

winetricks

wget https://raw.githubusercontent.com/Winetricks/winetricks/master/src/winetricks -O /tmp/winetricks && \
chmod +x /tmp/winetricks && \

echo $AUTO_ADDED_PACKAGES && \ sleep 11 USER gg ENV WINEDEBUG=-all WINEPREFIX=/home/gg/.wine WINEARCH=win32 RUN winecfg && \ xvfb-run -a /tmp/winetricks -q --unattended dotnet45 corefonts comctl32 gdiplus vcrun2010 ie8 USER root

cleaning up

RUN apt-get autoremove -y --purge software-properties-common && \
apt-get autoremove -y --purge && \
apt-get remove --purge -y software-properties-common apt-transport-https openssh-server xauth cabextract winbind squashfs-tools pulseaudio x11-apps xfce4 cups joe xfce4-terminal xvfb socat x11vnc && \
apt-get clean -y && \
rm -rf /home/wine/.cache && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /tmp/inetricks

USER gg RUN wget -q -O- http://v3.captvty.fr/ | egrep -o '\/\/.+?.zip' | sed 's/\/\//http:\/\//' | xargs wget -O /tmp/v3Captvty.zip && \ ls -alrt /tmp/v3Capzip && unzip -d ~/Captvtyv3 /tmp/v3Captvty.zip && rm /tmp/v3Captvty.zip USER root RUN apt-get remove --purge -y wget &&\ apt-get clean -y && \ apt-get autoremove -y && \ rm -rf /home/wine/.cache && \ rm -rf /var/lib/apt/lists/ /tmp/ /var/tmp/ USER gg CMD wine /home/gg/Captvtyv3/Captvty.exe

k3ck3c commented 5 years ago

you have at

https://github.com/k3ck3c/docker_captvty?files=1

the 2 Dockerfiles in a more readable form

kcq commented 5 years ago

Thank you! Really appreciate the info!

s3rj1k commented 5 years ago

@kcq I was playing a bit with fanotify and I noticed you have similar code what I use, sensors tries to parse /proc/pid/* files after fanotify event, sometimes you will have quickly spawned and killed processes and code would not be able to parse those procfs files because PID is vanished before go gets to the code that parses procfs files.

I wonder could this be related to this issue?

kcq commented 5 years ago

@s3rj1k yes, definitely a race condition there! Need to double check if it's related or not, but it definitely should handle the case when the name is not available... Looking into it.

s3rj1k commented 5 years ago

@kcq I am curious how you gonna solve this, I have some ideas for my code, need to check them first, Ill report if they solve my problem.

kcq commented 5 years ago

@s3rj1k nothing specific yet... there are a few options including leveraging the process creation information from other monitoring engines (e.g., ptrace)

kcq commented 5 years ago

would love to hear about your solution

s3rj1k commented 5 years ago

@kcq Well I managed to solve similar problem with fanotify. Not the greatest solution, I dislike the need to store some data in between events.

So here it goes:

This approach uses permission checks to delay PID life until we parse all needed data from it.

Also you can use "golang.org/x/sys/unix" for fanotify, at least for older API, (pre linux 5.1 kernel).

Checkout https://github.com/s3rj1k/go-fanotify/blob/master/fanotify/fanotify.go to see how code base can be simplified.

I would like to here a solution with PTRACE, how you would recursively monitor file changes with it? How much load to a server ptrace will bring compared to fanotify.

Thanks.