Open k3ck3c opened 7 years ago
kcq
commented
7 years ago Thanks a lot for the report! I really appreciate it! Looks like the container died. I wonder if you managed to save the log from the container docker-slim created? Either way, it'll be useful to collect the target container's log automatically and produce a more obvious error.
k3ck3c
commented
7 years ago I just launched it again, and docker logs of the container showed
$ docker logs 8fb time="2017-03-26T11:08:44Z" level=info msg="sensor: args => []string{\"/opt/dockerslim/bin/sensor\"}\n" time="2017-03-26T11:08:44Z" level=info msg="sensor: creating event publisher..." time="2017-03-26T11:08:44Z" level=info msg="sensor: creating cmd server..." time="2017-03-26T11:08:44Z" level=info msg="sensor: waiting for commands..." time="2017-03-26T11:08:44Z" level=info msg="sensor: monitor starting..." time="2017-03-26T11:08:44Z" level=info msg="fanmon: starting..." time="2017-03-26T11:08:44Z" level=fatal msg="docker-slim: failure" error="operation not permitted" stack="goroutine 1 [running]:\nruntime/debug.Stack(0xc4200e8180, 0x66de00, 0xc4200e6190)\n\t/usr/local/go/src/runtime/debug/stack.go:24 +0x79\ngithub.com/docker-slim/docker-slim/utils.FailOn(0x66de00, 0xc4200e6190)\n\t/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:11 +0x51\ngithub.com/docker-slim/docker-slim/sensor/monitors/fanotify.Run(0x5b14ba, 0x1, 0xc4200e8120, 0x12)\n\t/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/sensor/monitors/fanotify/monitor.go:29 +0xd7\nmain.monitor(0xc4200b8150, 0xc4200b03c0, 0xc4200b0420, 0xc4200b81c0, 0xc4200b0600, 0xc42000aa58, 0x8)\n\t/GITHUB/docker-slim-org/docker-slim/apps/docker-slim-sensor/main.go:46 +0x173\nmain.main()\n\t/GITHUB/docker-slim-org/docker-slim/apps/docker-slim-sensor/main.go:128 +0x976\n"
When I started docker-slim, I got
$ ./docker-slim build k3ck3c/captvty_2562 docker-slim: [build] image=k3ck3c/captvty_2562 http-probe=false remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[] INFO[0000] docker-slim: inspecting 'fat' image metadata... INFO[0000] docker-slim: [sha256:98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067] 'fat' image size => 3043839780 (3.0 GB)
INFO[0000] docker-slim: processing 'fat' image info...
INFO[0000] docker-slim: starting instrumented 'fat' container...
INFO[0000] docker-slim: created container => 8fb0b52a7a0311452488a50bca134828e63a415b1507f91ed46bc9b7e8c19e01
INFO[0001] docker-slim: watching container monitor...
docker-slim: press
INFO[0047] sendCmd(): receive timeout...
INFO[0047] docker-slim: waiting for the container finish its work...
WARN[0167] docker-slim: warning error=receive time out stack=goroutine 1 [running]:
runtime/debug.Stack(0x0, 0x0, 0x0)
/usr/local/go/src/runtime/debug/stack.go:24 +0x79
github.com/docker-slim/docker-slim/utils.WarnOn(0x97bc60, 0xc42000f9e0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:18 +0x51
github.com/docker-slim/docker-slim/master/inspectors/container.(Inspector).FinishMonitoring(0xc42013e240)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/inspectors/container/container_inspector.go:246 +0x1d7
github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffcf0adc29d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:112 +0xa7f
main.init.1.func4(0xc420090a00, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713
reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...)
/usr/local/go/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc420058000, 0xc4200dd910, 0x4b25f6)
/usr/local/go/src/reflect/value.go:302 +0xa4
github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0
github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b
github.com/codegangsta/cli.(App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611
main.runCli()
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55
main.main()
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19
INFO[0167] docker-slim: shutting down 'fat' container... WARN[0168] docker-slim: warning error=Container not running: 8fb0b52a7a0311452488a50bca134828e63a415b1507f91ed46bc9b7e8c19e01 stack=goroutine 1 [running]: runtime/debug.Stack(0x55, 0x0, 0x0) /usr/local/go/src/runtime/debug/stack.go:24 +0x79 github.com/docker-slim/docker-slim/utils.WarnOn(0x97bda0, 0xc4203ad7e0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:18 +0x51 github.com/docker-slim/docker-slim/master/inspectors/container.(Inspector).ShutdownContainer(0xc42013e240, 0x1, 0x1) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/inspectors/container/container_inspector.go:224 +0xd0 github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffcf0adc29d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:115 +0xb26 main.init.1.func4(0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713 reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...) /usr/local/go/src/reflect/value.go:434 +0x5c8 reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc420058000, 0xc4200dd910, 0x4b25f6) /usr/local/go/src/reflect/value.go:302 +0xa4 github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0 github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b github.com/codegangsta/cli.(App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611 main.runCli() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55 main.main() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19
INFO[0168] docker-slim: processing instrumented 'fat' container info...
INFO[0168] docker-slim: generating AppArmor profile...
FATA[0168] docker-slim: failure error=stat /home/gg/bbc/strip-docker-image/docker_slim/dist_linux/.images/98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067/artifacts/creport.json: no such file or directory stack=goroutine 1 [running]:
runtime/debug.Stack(0x4a0d9b, 0xc4200128c0, 0xc4200dcbf0)
/usr/local/go/src/runtime/debug/stack.go:24 +0x79
github.com/docker-slim/docker-slim/utils.FailOn(0x97c960, 0xc42027ab40)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:11 +0x51
github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffcf0adc29d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:120 +0xbfd
main.init.1.func4(0xc420090a00, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713
reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...)
/usr/local/go/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc420058000, 0xc4200dd910, 0x4b25f6)
/usr/local/go/src/reflect/value.go:302 +0xa4
github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0
github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b
github.com/codegangsta/cli.(*App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611
main.runCli()
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55
main.main()
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19
kcq
commented
7 years ago Thank you for the container logs!
The logs show that the docker-slim sensor exited when FANOTIFY failed to initialize ("operation not permitted" error). This happens sometimes due to network filesystem related gotchas (nfs, cifs) or missing CAP_SYS_ADMIN capability. Need to investigate a bit more.
Thanks again for the bug report!
kcq
commented
5 years ago @k3ck3c The new 1.24 release ( https://github.com/docker-slim/docker-slim/releases/tag/1.24 ) added support for non-default users, which may resolve the issue you reported because FANOTIFY can also fail if you run with a user that doesn't have permissions to initialize FANOTIFY. Wonder if you have any cycles to see if it works with your image now. Thanks again for reporting the issue!
k3ck3c
commented
5 years ago Hello
I will try in a few hours and let you know.
Thanks for your time
Le mer. 13 mars 2019 à 04:39, Kyle Quest notifications@github.com a écrit :
@k3ck3c https://github.com/k3ck3c The new 1.24 release ( https://github.com/docker-slim/docker-slim/releases/tag/1.24 ) added support for non-default users, which may resolve the issue you reported because FANOTIFY can also fail if you run with a user that doesn't have permissions to initialize FANOTIFY. Wonder if you have any cycles to see if it works with your image now. Thanks again for reporting the issue!
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/docker-slim/docker-slim/issues/36#issuecomment-472267408, or mute the thread https://github.com/notifications/unsubscribe-auth/AC-z06geRV9DeYhswcrU4l0v0BoGZK-Dks5vWHL5gaJpZM4MaonG .
kcq
commented
5 years ago Very curious to hear the results!
k3ck3c
commented
5 years ago Hello
Sorry for the delay
I downloaded your latest version
It does not crash, but it trims way too much the image,
gg@gg-UX305UA:~/bbc$ docker images k3ck3c/captvty_2562 REPOSITORY TAG IMAGE ID CREATED SIZE k3ck3c/captvty_2562 latest 98976d017751 2 years ago 3.04GB gg@gg-UX305UA:~/bbc$ docker images k3ck3c/captvty_2562.slim REPOSITORY TAG IMAGE ID CREATED SIZE k3ck3c/captvty_2562.slim latest 88c8e75a5702 About a minute ago 7.31MB gg@gg-UX305UA:~/bbc$
The build works fine
gg@gg-UX305UA:~/docker-slim/bin/linux$ sudo ./docker-slim build k3ck3c/captvty_2562
[sudo] Mot de passe de gg :
docker-slim[build]: state=started
docker-slim[build]: info=params target=k3ck3c/captvty_2562 continue.mode=enter
docker-slim[build]: state=inspecting.image
docker-slim[build]: info=image id=sha256:98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067 size.bytes=3043839780 size.human=3.0 GB
docker-slim[build]: info=image.users exe='[gg]' all='[gg]'
docker-slim[build]: info=image.layers index=0 name='k3ck3c/captvty_2562' tags='latest'
docker-slim[build]: state=inspecting.container
docker-slim[build]: info=container status=created id=810aa3c18956af4c12b365f1ec60a4111044144f549c3daa87dc946a4bcf44d7
docker-slim[build]: info=cmd.startmonitor status=sent
docker-slim[build]: info=event.startmonitor.done status=received
docker-slim[build]: info=container name=dockerslimk_2076_20190321121503 id=810aa3c18956af4c12b365f1ec60a4111044144f549c3daa87dc946a4bcf44d7 target.port.list=[] target.port.info=[]
docker-slim[build]: info=prompt message='press
docker-slim[build]: state=processing docker-slim[build]: state=building message='building minified image' docker-slim[build]: state=completed docker-slim[build]: info=results status='MINIFIED BY 416.34X [3043839780 (3.0 GB) => 7311032 (7.3 MB)]' docker-slim[build]: info=results image.name=k3ck3c/captvty_2562.slim image.size='7.3 MB' data=true docker-slim[build]: info=results artifacts.location='/home/gg/docker-slim/bin/linux/.images/98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067/artifacts' docker-slim[build]: info=results artifacts.report=creport.json docker-slim[build]: info=results artifacts.dockerfile.original=Dockerfile.fat docker-slim[build]: info=results artifacts.dockerfile.new=Dockerfile docker-slim[build]: info=results artifacts.seccomp=k3ck3c-captvty_2562-seccomp.json docker-slim[build]: info=results artifacts.apparmor=k3ck3c-captvty_2562-apparmor-profile docker-slim[build]: state=done gg@gg-UX305UA:~/docker-slim/bin/linux$
some info
gg@gg-UX305UA:~/docker-slim/bin/linux$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.2 LTS" gg@gg-UX305UA:~/docker-slim/bin/linux$ uname -arn Linux gg-UX305UA 4.15.0-46-generic #49-Ubuntu SMP Wed Feb 6 09:33:07 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux gg@gg-UX305UA:~/docker-slim/bin/linux$
kcq
commented
5 years ago Thanks for the update!
What do you have in your k3ck3c/captvty_2562 image? What is your ENTRYPOINT and your CMD instructions in the image? What happens when you run the minified container? What do you mean by 'it trims way too much'?
k3ck3c
commented
5 years ago in captvty_2562, I have wine, many winetricks modules.
CMD is wine Captvty/Captvty.exe no ENTRYPOINT
I have not tried using the minified container, but it should be at the very least 1.5 GB, an Ubuntu docker image, wine, DotNet40...
it can't be that small
k3ck3c
commented
5 years ago for example, winetricks installs (among other things) windows6.1-KB976932-X86.exe, which is 563 MB, so I doubt the container could be trimmed to 7,31 MB
kcq
commented
5 years ago Yes, it does sound like there should be more stuff in the image :-)
Is there any chance you could share your Dockerfile. I'd love to repro this. You have a very unique setup.
k3ck3c
commented
5 years ago I no longer the Dockerfile of of this one, but a very similar, and more up to date Dockerfile is
FROM ubuntu:16.04 ENV DEBIAN_FRONTEND noninteractive
RUN dpkg --add-architecture i386 && \
apt-get update && \
BUILD_PACKAGES='wget software-properties-common unzip apt-transport-https openssh-server xauth cabextract winbind squashfs-tools pulseaudio sudo x11-apps xfce4 c
ups joe xfce4-terminal xvfb socat x11vnc firefox' &&\
apt-get -qy upgrade && apt-get -qy install $BUILD_PACKAGES && \
AUTO_ADDED_PACKAGES=apt-mark showauto && \
wget -qO- https://dl.winehq.org/wine-builds/Release.key | apt-key add - && \
apt-add-repository https://dl.winehq.org/wine-builds/ubuntu/ && \
apt-get update && apt-get -qy install --install-recommends winehq-devel && \
# create our user for Wineuseradd -d /home/gg -m -s /bin/bash gg && \ echo gg:gg | chpasswd && \
wget https://raw.githubusercontent.com/Winetricks/winetricks/master/src/winetricks -O /tmp/winetricks && \
chmod +x /tmp/winetricks
USER gg ENV WINEDEBUG=-all WINEPREFIX=/home/gg/.wine WINEARCH=win32
RUN winecfg && \
xvfb-run -a /tmp/winetricks -q vcrun2010 dotnet40 gdiplus comctl32 ie8
USER root
RUN apt-get autoremove -y --purge software-properties-common && \
apt-get autoremove -y --purge && \
apt-get remove --purge -y $BUILD_PACKAGES $AUTO_ADDED_PACKAGES && \
apt-get clean -y && \
rm -rf /home/wine/.cache && \
rm -rf /var/lib/apt/lists/ /tmp/ /var/tmp/
USER gg
RUN wget -q -O- http://captvty.fr/ | egrep -o '\/\/.+?.zip' | sed 's/\/\//http:\/\//' | xargs wget -O /tmp/Captvty.zip && \
ls -alrt /tmp/Capzip && unzip -d ~/Captvty /tmp/Captvty.zip && rm /tmp/Captvty.zip
CMD wine /home/gg/Captvty/Captvty.exe
this soft, available at captvty.fr , is Windows XP compatible, and will ne soon "retired"
The future is at
v3.captvty.fr
it needs DotNet 45 Here is the associated Dockerfile
FROM ubuntu:16.04
ENV DEBIAN_FRONTEND noninteractive ENV LANG fr_FR.UTF-8 ENV LANGUAGE fr_FR:en ENV LC_ALL fr_FR.UTF-8
RUN locale-gen fr_FR.UTF-8 && \
dpkg --add-architecture i386 && \
apt-get update && \
BUILD_PACKAGES='wget software-properties-common unzip apt-transport-https openssh-server xauth cabextract winbind squashfs-tools pulseaudio x11-apps xfce4 cups joe xfce4-terminal xvfb socat x11vnc' &&\
apt-get -qy upgrade && apt-get -qy install $BUILD_PACKAGES && \
AUTO_ADDED_PACKAGES=apt-mark showauto && \
wget -qO- https://dl.winehq.org/wine-builds/Release.key | apt-key add - && \
apt-add-repository https://dl.winehq.org/wine-builds/ubuntu/ && \
apt-get update && apt-get -qy install --no-install-recommends winehq-devel && \
# make sshd work and enable X11 forwarding
# create our user for Wineuseradd -d /home/gg -m -s /bin/bash gg && \ echo gg:gg | chpasswd && \
wget https://raw.githubusercontent.com/Winetricks/winetricks/master/src/winetricks -O /tmp/winetricks && \
chmod +x /tmp/winetricks && \echo $AUTO_ADDED_PACKAGES && \ sleep 11 USER gg ENV WINEDEBUG=-all WINEPREFIX=/home/gg/.wine WINEARCH=win32 RUN winecfg && \ xvfb-run -a /tmp/winetricks -q --unattended dotnet45 corefonts comctl32 gdiplus vcrun2010 ie8 USER root
RUN apt-get autoremove -y --purge software-properties-common && \
apt-get autoremove -y --purge && \
apt-get remove --purge -y software-properties-common apt-transport-https openssh-server xauth cabextract winbind squashfs-tools pulseaudio x11-apps xfce4 cups joe xfce4-terminal xvfb socat x11vnc && \
apt-get clean -y && \
rm -rf /home/wine/.cache && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /tmp/inetricksUSER gg RUN wget -q -O- http://v3.captvty.fr/ | egrep -o '\/\/.+?.zip' | sed 's/\/\//http:\/\//' | xargs wget -O /tmp/v3Captvty.zip && \ ls -alrt /tmp/v3Capzip && unzip -d ~/Captvtyv3 /tmp/v3Captvty.zip && rm /tmp/v3Captvty.zip USER root RUN apt-get remove --purge -y wget &&\ apt-get clean -y && \ apt-get autoremove -y && \ rm -rf /home/wine/.cache && \ rm -rf /var/lib/apt/lists/ /tmp/ /var/tmp/ USER gg CMD wine /home/gg/Captvtyv3/Captvty.exe
k3ck3c
commented
5 years ago you have at
https://github.com/k3ck3c/docker_captvty?files=1
the 2 Dockerfiles in a more readable form
kcq
commented
5 years ago Thank you! Really appreciate the info!
s3rj1k
commented
5 years ago @kcq
I was playing a bit with fanotify and I noticed you have similar code what I use, sensors tries to parse /proc/pid/* files after fanotify event, sometimes you will have quickly spawned and killed processes and code would not be able to parse those procfs files because PID is vanished before go gets to the code that parses procfs files.
I wonder could this be related to this issue?
kcq
commented
5 years ago @s3rj1k yes, definitely a race condition there! Need to double check if it's related or not, but it definitely should handle the case when the name is not available... Looking into it.
s3rj1k
commented
5 years ago @kcq I am curious how you gonna solve this, I have some ideas for my code, need to check them first, Ill report if they solve my problem.
kcq
commented
5 years ago @s3rj1k nothing specific yet... there are a few options including leveraging the process creation information from other monitoring engines (e.g., ptrace)
kcq
commented
5 years ago would love to hear about your solution
s3rj1k
commented
5 years ago @kcq Well I managed to solve similar problem with fanotify. Not the greatest solution, I dislike the need to store some data in between events.
So here it goes:
FAN_CLOEXEC|FAN_CLASS_CONTENT and open flags os.O_RDONLY|unix.O_LARGEFILE|unix.O_CLOEXEC.FAN_OPEN_PERM instead of FAN_OPEN.FAN_OPEN_PERM firstly, then after getting process PID, parse all needed /proc/ files./proc/ at some global dictionary be some key like 'PID:PATH'.FAN_OPEN_PERM, send FAN_ALLOW to allow access for this PID.FAN_CLOSE_WRITE, FAN_MODIFY, because for every write to file, file must be opened before, you will have additional /proc info at a dictionary.FAN_CLOSE_WRITE or FAN_CLOSE_NOWRITE event.This approach uses permission checks to delay PID life until we parse all needed data from it.
Also you can use "golang.org/x/sys/unix" for fanotify, at least for older API, (pre linux 5.1 kernel).
Checkout https://github.com/s3rj1k/go-fanotify/blob/master/fanotify/fanotify.go to see how code base can be simplified.
I would like to here a solution with PTRACE, how you would recursively monitor file changes with it? How much load to a server ptrace will bring compared to fanotify.
Thanks.
Hello
I noticed the issue 27, here are some details on my similar problem I launch my container with
docker run -e DISPLAY -v $HOME/.Xauthority:/home/developer/.Xauthority -v /tmp/.X11-unix:/tmp/.X11-unix:ro --net=host k3ck3c/captvty_2562
I get an error
$ ./docker-slim build k3ck3c/captvty_2562 docker-slim: [build] image=k3ck3c/captvty_2562 http-probe=false remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[] INFO[0000] docker-slim: inspecting 'fat' image metadata... INFO[0000] docker-slim: [sha256:98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067] 'fat' image size => 3043839780 (3.0 GB)
INFO[0000] docker-slim: processing 'fat' image info... when you are done using the container...
INFO[0000] docker-slim: starting instrumented 'fat' container... INFO[0000] docker-slim: created container => 49441d79446d7e64dc3e57781751772900cc52a7bf6c7a3ee86f6fff3710b226 INFO[0000] docker-slim: watching container monitor...
docker-slim: press
INFO[0069] sendCmd(): receive timeout...
INFO[0069] docker-slim: waiting for the container finish its work... WARN[0189] docker-slim: warning error=receive time out stack=goroutine 1 [running]: runtime/debug.Stack(0x0, 0x0, 0x0) /usr/local/go/src/runtime/debug/stack.go:24 +0x79 github.com/docker-slim/docker-slim/utils.WarnOn(0x97bc60, 0xc42000f9e0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:18 +0x51 github.com/docker-slim/docker-slim/master/inspectors/container.(Inspector).FinishMonitoring(0xc42013c240) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/inspectors/container/container_inspector.go:246 +0x1d7 github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffdec0c529d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:112 +0xa7f main.init.1.func4(0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713 reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...) /usr/local/go/src/reflect/value.go:434 +0x5c8 reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc42002c800, 0xc4200dd910, 0x4b25f6) /usr/local/go/src/reflect/value.go:302 +0xa4 github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0 github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b github.com/codegangsta/cli.(App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611 main.runCli() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55 main.main() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19
INFO[0189] docker-slim: shutting down 'fat' container... WARN[0190] docker-slim: warning error=Container not running: 49441d79446d7e64dc3e57781751772900cc52a7bf6c7a3ee86f6fff3710b226 stack=goroutine 1 [running]: runtime/debug.Stack(0x55, 0x0, 0x0) /usr/local/go/src/runtime/debug/stack.go:24 +0x79 github.com/docker-slim/docker-slim/utils.WarnOn(0x97bda0, 0xc42034bda0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:18 +0x51 github.com/docker-slim/docker-slim/master/inspectors/container.(Inspector).ShutdownContainer(0xc42013c240, 0x1, 0x1) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/inspectors/container/container_inspector.go:224 +0xd0 github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffdec0c529d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:115 +0xb26 main.init.1.func4(0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713 reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...) /usr/local/go/src/reflect/value.go:434 +0x5c8 reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc42002c800, 0xc4200dd910, 0x4b25f6) /usr/local/go/src/reflect/value.go:302 +0xa4 github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0 github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b github.com/codegangsta/cli.(App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611 main.runCli() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55 main.main() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19
INFO[0190] docker-slim: processing instrumented 'fat' container info... INFO[0190] docker-slim: generating AppArmor profile...
FATA[0190] docker-slim: failure error=stat /home/gg/bbc/strip-docker-image/docker_slim/dist_linux/.images/98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067/artifacts/creport.json: no such file or directory stack=goroutine 1 [running]: runtime/debug.Stack(0x4a0d9b, 0xc4200128c0, 0xc4200dcbf0) /usr/local/go/src/runtime/debug/stack.go:24 +0x79 github.com/docker-slim/docker-slim/utils.FailOn(0x97c960, 0xc42021abd0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:11 +0x51 github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffdec0c529d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:120 +0xbfd main.init.1.func4(0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713 reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...) /usr/local/go/src/reflect/value.go:434 +0x5c8 reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc42002c800, 0xc4200dd910, 0x4b25f6) /usr/local/go/src/reflect/value.go:302 +0xa4 github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0 github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b github.com/codegangsta/cli.(*App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0) /GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611 main.runCli() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55 main.main() /GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19
Thanks for your time