New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sandbox failed (error starting container: exit status 125) #271
Comments
I have the same issue with Ubuntu 20.04 and Docker version 20.10.14, build a224086.
|
Thanks for the report and the error message. I'll take a look. |
The issue is that running a container inside a container requires the right filesystem. |
I got it running by adding: Internet searches also suggest changing Docker's storage filesystem can also work around the issue. I will update the docs. |
This solves incompatible filesystem issues when podman attempts to run. Fixes: #271
) This solves incompatible filesystem issues when podman attempts to run. Fixes: #271
Can you please try again with the updated command. Feel free to re-open this issue if it doesn't work. |
I gave it a try adding var lib containers. No change in result. |
I suspect the issue may be GVisor currently doesn't support cgroups v2 and has to use v1 instead (see: google/gvisor#3481) This is set during boot. I'm not sure what boot loader your Linux system uses, but for Grub you can do this:
|
I'll also check if a more recent version of GVisor is available |
I am not familiar with gvisor or cgroups. update-grub doesn't like that line. I installed Ubuntu 22.04 LTS Server: Then heading right into the command that fails. |
Please try again! I've updated the GVisor version and refreshed the container images. You might need to rm the analysis image from docker to get the new one (or add |
Thanks for your patience @tbiens. I can reproduce this with cgroups v2 enabled. We'll take a closer look at this next week and hopefully resolve this. |
No problem, have a great weekend! |
That did the job, output is scrolling well. Great job Oliver! |
Hello, I saw the blog post about this project. I'm excited to give it a try. Completely fresh ubuntu 22 lts server install vm. Docker.io is installed and functioning. golang and libpcap-dev installed.
$ mkdir /tmp/results
$ docker run --privileged -ti
-v /tmp/results:/results
gcr.io/ossf-malware-analysis/analysis analyze
-package Django -ecosystem pypi
-upload file:///results/
https://imgur.com/a/Y578M0W
running with sudo vs root doesn't seem to make any significant difference. Thanks for the help!
The text was updated successfully, but these errors were encountered: