search

wrfly / container-web-tty

Connect your containers via a web-tty
https://container-web-tty.kfd.me/
Apache License 2.0
246 stars 45 forks source link

fix #30 #31

Closed wrfly closed 5 years ago

wrfly commented 5 years ago
wrfly commented 5 years ago

Since docker will not re-bind the files to the containers after it restarts, so if we mount the docker.sock to the container, we will lose the connection to the restarted docker daemon since the docker daemon recreated its socket file, the docker.sock inside the container is actually a deleted file(we cannot see it in the outside, but we can get it inside the container).

The obvious solution is to restart the container so that the docker will re-bind the socket file.

Another way to solve this is to mount the whole /var/run directory to the container since the directory won't be deleted, the container-web-tty can still connect to the new docker daemon.

docker run --rm -ti --name web-tty \
    -p 8080:8080 \
    -v /var/run/:/var/run/ \
    wrfly/container-web-tty

Maybe it's a bug of docker, and it's quite easy to reproduce. Just mount a file to a container and delete that file, and you can still get the contant inside the container. At mainwhile, any changes before delete the file can be seen inside the container since the file is the same, it has the same inode number. But after delete the file in the host, we lost control of this file, and the file can be and only be found in the container. We can use lsof -L1 | grep deleted to get all the deleted files (in the host but not the container) and when we tail -f the "deleted" file inside the container, we can see the process is reading a "deleted" file. And we can also get the contant from its file descriptor(just cat it).