New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error oci runtime error: exec: "/opt/dockerslim/bin/sensor": permission denied #34
Comments
A don't know how, but after reinstall docker and docker-machine error gone away. But i have new error when build: MacBook-Pro:dist_mac alex$ ./docker-slim b 02c41a90c4ae
docker-slim: [build] image=02c41a90c4ae http-probe=false remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[]
INFO[0000] docker-slim: inspecting 'fat' image metadata...
INFO[0000] docker-slim: [sha256:02c41a90c4aeaf54d4438bc73b6bd71e2cf2568f13e421f05b2954b5a1918647] 'fat' image size => 584267897 (584 MB)
INFO[0000] docker-slim: processing 'fat' image info...
INFO[0000] docker-slim: starting instrumented 'fat' container...
INFO[0000] docker-slim: created container => 70582fd314ce5d6ab62c58e45460dc7999c7ee6d8e8bbe4270ff2fe3f4da0232
INFO[0000] docker-slim: watching container monitor...
docker-slim: press <enter> when you are done using the container...
INFO[0003] docker-slim: waiting for the container finish its work...
INFO[0005] docker-slim: shutting down 'fat' container...
INFO[0005] docker-slim: processing instrumented 'fat' container info...
INFO[0005] docker-slim: generating AppArmor profile...
INFO[0005] docker-slim: building 'slim' image...
FATA[0005] docker-slim: failure error=no permission to read from '/Users/alex/Downloads/dist_mac/.images/02c41a90c4aeaf54d4438bc73b6bd71e2cf2568f13e421f05b2954b5a1918647/artifacts/files/run/crond.reboot' stack=goroutine 1 [running]:
runtime/debug.Stack(0xc420030010, 0x0, 0x0)
/usr/local/go/src/runtime/debug/stack.go:24 +0x79
github.com/docker-slim/docker-slim/utils.FailOn(0x582d80, 0xc420476080)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:11 +0x51
github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000dc50, 0x7fff5fbff728, 0xc, 0x0, 0x0, 0xc42000dc00, 0x5c27d8, ...)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:135 +0xf2c
main.init.1.func4(0xc42009a8c0, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713
reflect.Value.call(0x36e4a0, 0x41b388, 0x13, 0x3e96a9, 0x4, 0xc420127920, 0x1, 0x1, 0xaa218, 0x3dd0a0, ...)
/usr/local/go/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x36e4a0, 0x41b388, 0x13, 0xc420127920, 0x1, 0x1, 0x0, 0xc4200e3910, 0xb3526)
/usr/local/go/src/reflect/value.go:302 +0xa4
github.com/codegangsta/cli.HandleAction(0x36e4a0, 0x41b388, 0xc42009a8c0, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0
github.com/codegangsta/cli.Command.Run(0x3e9bc7, 0x5, 0x0, 0x0, 0xc420015ca0, 0x1, 0x1, 0x3fbdb7, 0x3e, 0x0, ...)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b
github.com/codegangsta/cli.(*App).Run(0xc4200f2000, 0xc42000c270, 0x3, 0x3, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611
main.runCli()
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55
main.main()
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19
|
I seem to have gotten this same or same kind of error. Running on macOS 10.12.5 and Docker 17.06.0-ce-mac19 (18663) Tried to run this as sudo, too, which gave a different error. |
Do you still have the same problem with the latest version of Docker for Mac? |
And can you also check the file permissions on the 'docker-slim-sensor' binary (ls -lh)? |
I have a different error now:
the permissions:
Using Docker for Mac version 17.06.1-ce-mac24 (18950) |
Same error as @Uninen, also the same permissions. ❯ docker -v
Docker version 17.07.0-ce, build 87847530f7
❯ m info
ProductName: Mac OS X
ProductVersion: 10.13
BuildVersion: 17A360a |
go version docker -v docker-machine version ls -lh /opt/dockerslim/bin/ /opt/dockerslim/bin/docker-slim build --http-probe my/sample-node-app2017/11/28 13:05:14 Couldn't set key CPE_NAME, no corresponding struct field found |
@Uninen / @hiddeco sorry it took a while to respond with this issue! The permission failure is related to the location where |
Hello `docker-slim[build]: state=started docker-slim[build]: info=params target=geo-ip-api continue.mode=timeout docker-slim[build]: state=inspecting.image docker-slim[build]: info=image size.bytes=798481056 size.human=798 MB docker-slim[build]: info=image.layers index=0 name='golang' tags='1.11.1' docker-slim[build]: info=image.layers index=1 name='geo-ip-api' tags='latest' docker-slim[build]: state=inspecting.container docker-slim[build]: info=container status=created id=bef71bb2e9526978fc4ce053648a28f1164acd5c6f7a58da87df9f467478494c time="2019-04-24T08:59:06Z" level=fatal msg="docker-slim: failure" error="API error (400): {"message":"oci runtime error: container_linux.go:265: starting container process caused "exec: \"/opt/dockerslim/bin/sensor\": permission denied"\n"} runtime/debug.Stack(0x3, 0xc00029e000, 0xc00018b280) |
@kareem-elsayed is this only with your CircleCi setup? What's the configuration you are using? |
@kcq yes it's just in CircleCi and here is the part from config
|
That's super helpful! Thank you! I'll try to repro the condition to see how it can be addressed. |
Thanks @kcq |
Trying to repro it with the latest version (1.25.0), but i'm not getting the same behavior with a local Ubuntu setup. Setting up a CircleCi account for a full repro... |
@kareem-elsayed can you share more info about your CircleCi configuration? What kind of executor are you using? docker or machine? |
A quick summary of what we have in this issue... We have a couple of problems here. First, the sensor binary doesn't always get mounted. This happens for a number of reasons depending on the host environment. For example, on Mac OS X it happens (used to happen) when you install Second, the collected files have permissions that prevent the master app from accessing them. There's a separate ticket (#73) to address that. The permissions on |
Had this problem too running But I have several repo's using docker-slim so I decided to make an own docker-image containing |
@khassel the initial setup worked because Gitlab uses a special There's a couple of enhancements planned for 1.25.1 where one of them will use a different way to transfer artifacts to and from the target container without using mounted volumes, so it's no longer a problem for these types of environments. By the way, I recently created a |
no, this didn't work, because the mount overrides the existing
so I'm waiting for this release ...
Thanks :-) I'm happy so far and I'm not a native english speaker, so it's always a language struggle for me, so chatting would be difficult and time consuming ... |
Yes, that's what I meant to say about the No worries, just wanted to make sure I could answer your question and provide extra background information. |
@kcq Hi! I'm still having "permission denied" issues when running docker-slim in gitlab-ci. I joined gitter, maybe we can talk over there so I can give you faster info about the issue? |
Do you have more information about your setup? |
Hey Kyle, I'm having another issue now: we install aws-cli on our base image and then run docker-slim on it. Thing is, when the .slim image comes up, aws cli is gone. For example:
If I go the base image, the aws-cli appears in /edit: |
@chuleh , yes, there are a number of What is the base image function? Is it just a set of tools or is it one main tool with a number of optional tools or is it actually an application container image with a server running in it?
|
@chuleh The new 1.26.0 release has a better containerized environment support... (there's also a docker container distribution for |
add |
@chuleh curious if you had much luck with your aws cli container image :) one other possible way to make sure everything gets included is to mount a test script that runs a number of important aws cli commands and temporarily setting the cmd (with |
Hi!
I downloaded latest dist for mac v1.17, cloned samples from
docker-slim/docker-slim/tree/master/sample/apps/node
and built image from Dockerfiledocker build -t my/sample-node-app .
When i tried run
./docker-slim build --http-probe my/sample-node-app
and got error:The text was updated successfully, but these errors were encountered: