Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect you are running in a docker container - buildx #47420

Closed
bsutton opened this issue Feb 21, 2024 · 1 comment
Closed

Detect you are running in a docker container - buildx #47420

bsutton opened this issue Feb 21, 2024 · 1 comment
Labels
kind/feature Functionality or other elements that the project doesn't currently have. Features are new and shiny status/0-triage

Comments

@bsutton
Copy link

bsutton commented Feb 21, 2024

Description

I’m the maintainer of the dcli package which is intended to replace bash using dart as an alternate scripting language.

https://pub.dev/packages/dcli

DCli has a feature that allow users to run privileged code by running sudo.

When running in a docker container we don’t need to use sudo (it doesn’t exist anyway).

As such, dcli needs a generic way to detect if it is running in a docker container.

Previously we have used the presence of ‘/.dockerenv’ to determine if we are in a docker container.

It however looks like that when running under buildx the .dockerenv file no longer exists.

As such I’m looking of a reliable way of detecting if dcli is running in a docker container.

Is there any official/correct way to determine if you are running in a docker container?

You can see from this thread there are a few suggested ways but these are all rather hacky.
https://forums.docker.com/t/detect-you-are-running-in-a-docker-container-buildx/139673

We need a reliable, stable and documented method to determine if we are running in a container.

For the likes of dcli, relying of an environment variable being injected (or any other user action) isn't sustainable as the user is unlikely to know the requirement and dcli needs to behave correctly 'out of the box'.
@bsutton bsutton added kind/feature Functionality or other elements that the project doesn't currently have. Features are new and shiny status/0-triage labels Feb 21, 2024
@cpuguy83
Copy link
Member

Every way of trying to detect you are running in a container is going to be hacky.
We generally don't have a way to do this on purpose, because software should work the same no matter if it is in a container or not (with some caveats around restricting default capabilities to prevent container breakouts).

The most fail-safe way to detect if you need sudo is to check if your process has the capabilities it needs to perform whatever actions it needs to perform.
You can read your capability set from /proc/self/status, or if its file perms or something that's the issue, you can check your uid/gid and see if they match (or try to perform the action and catch EPERM from the kernel).

This is really what you want anyway, it doesn't matter if you are in a container or not.
A process in a container can require sudo just as much as a process outside one.

Alternatively, a cheap trick would be check if sudo exists and use that if it does.

@cpuguy83 cpuguy83 closed this as not planned Won't fix, can't repro, duplicate, stale Feb 21, 2024
@moby moby locked and limited conversation to collaborators Feb 21, 2024
@cpuguy83 cpuguy83 converted this issue into discussion #47421 Feb 21, 2024

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
kind/feature Functionality or other elements that the project doesn't currently have. Features are new and shiny status/0-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cpuguy83 @bsutton