Missing Details about GDI+ and other sandbox limitations #40126
Comments
|
@JohnGalt1717 Thank you for your feedback! We have assigned this issue to the author to review further and take the right course of action. |
|
I don't believe there are any checks in the runtime itself against these libraries. But will confirm. All the checks happen on the platform the runtime is running on. I cannot think of any reason you wouldn't be able to use a .NET Core Linux compatible library within Azure Functions in Kubernetes (or running in a custom container on any hosted platform - Azure Functions Premium included) |
|
Also note that there are likely system dependencies you'll need to include in the docker environment for this to work. But the runtime isn't blocking them. |
|
@jeffhollan the Azure Functions runtime throws if you use EPPlus or any other Excel library that I've found in it. And it explicitly blocks the calls telling you that they're forbidden. (this is without docker) On Azure Application Services, code that worked 4 months ago, now throws at run time with a method not found error. And yes I have all of the dependencies loaded into our docker image. |
|
@JohnGalt1717 can you create or link a GitHub issue? I can’t repro the runtime blocking these - very possible the Azure platform is (specifically windows consumption). But if runtime causing issue would be a bug that should likely be tracked on azure/azure-functions-host with details of how to repro |
|
@JohnGalt1717 it sounds like this may actually be a bug per Jeff. If so, please open an issue in the host repo. In the meantime, we'll close this documentation issue. #please-close |
|
@jeffhollan @ggailey777 This ticket is ancient. Largely because of this we moved to Kubernetes to avoid having to deal with all of the bugs and issues with Azure Functions. |
Currently in standard Azure functions there are serious limitations because of the sandbox for GDI+ meaning that System.Drawing.Common fails in most cases like using EPPlus to work on excel files.
We're looking at hosting our Azure functions in k8s this way specifically to get around this limitation. But we need to know if there is a way of disabling these checks in the azure functions runtime when published to a k8s hosted environment which of course shouldn't have these issues because it's running on separate hardware (or VMs) on linux.
(in fact these limitations should be disabled if the functions are deployed in docker too because there is no surface attack in the docker image.)
Please update the documentation to clearly outline what the limitations are with regard to GDI access/System.Drawing.Common and how to disable the limitations in the azure function runtime at debug and while deployed in k8s if possible.
Thanks!
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: