Bug#1005906: Strace / Docker build output
reassign -1 docker.io
retitle -1 docker.io: docker seccomp filter does not allow faccessat2
affect -1 src:glibc
Hi,
On 2022-02-18 11:58, David Eccles (gringer) wrote:
> rt_sigaction(SIGINT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8)
> = 0
> rt_sigaction(SIGINT, {sa_handler=0x562a34911a20, sa_mask=~[RTMIN RT_1],
> sa_flags=SA_RESTORER, sa_restorer=0x7f0a2ff79910}, NULL, 8) = 0
> rt_sigaction(SIGQUIT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8)
> = 0
> rt_sigaction(SIGQUIT, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1],
> sa_flags=SA_RESTORER, sa_restorer=0x7f0a2ff79910}, NULL, 8) = 0
> rt_sigaction(SIGTERM, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8)
> = 0
> rt_sigaction(SIGTERM, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1],
> sa_flags=SA_RESTORER, sa_restorer=0x7f0a2ff79910}, NULL, 8) = 0
> read(10, "#!/bin/sh\nif test -x /usr/bin/he"..., 8192) = 103
> syscall_0x(0xff9c, 0x562a3655e490, 0x1, 0x200,
> 0x562a3655e4b0, 0x7f0a300f9c00) = -1 EPERM (Operation not permitted)
The problem is there. The above syscall that is not recognized and
forbidden by docker is faccessat2, which is used since glibc 2.33.
I am therefore reassigning the bug to the docker.io package.
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net
Bug#1005906: Strace / Docker build output
--- Dockerfile --- FROM rocker/r-base:4.1.2 RUN echo "cachebust" COPY ./test_executable.sh /usr/local/bin RUN test_executable.sh RUN apt-get update && apt-get install -y strace nano RUN test_executable.sh --- Dockerfile --- --- test_executable.sh --- #!/bin/sh if test -x /usr/bin/head; then echo "/usr/bin/head is executable"; else echo "dead beef"; fi --- end test_executable.sh --- --- output from `docker build` --- Sending build context to Docker daemon 3.072kB Step 1/6 : FROM rocker/r-base:4.1.2 ---> 91af7f4c94cd Step 2/6 : RUN echo "cachebust" ---> Running in a03d2ef2988f cachebust Removing intermediate container a03d2ef2988f ---> a940509c1f09 Step 3/6 : COPY ./test_executable.sh /usr/local/bin ---> 40e0033678f6 Step 4/6 : RUN test_executable.sh ---> Running in 443f48de4a9a /usr/bin/head is executable Removing intermediate container 443f48de4a9a ---> 7c788c3ecd0e Step 5/6 : RUN apt-get update && apt-get install -y strace nano ---> Running in 20409d48b35c Ign:1 https://eddelbuettel.github.io/ppaR400 ./ InRelease Get:2 https://eddelbuettel.github.io/ppaR400 ./ Release [1,204 B] Ign:3 https://eddelbuettel.github.io/ppaR400 ./ Release.gpg Get:4 http://deb.debian.org/debian testing InRelease [129 kB] Get:5 http://deb.debian.org/debian experimental InRelease [75.4 kB] Get:6 https://eddelbuettel.github.io/ppaR400 ./ Packages [26.4 kB] Get:8 http://deb.debian.org/debian testing/main amd64 Packages [8,310 kB] Get:7 http://cdn-fastly.deb.debian.org/debian sid InRelease [165 kB] Get:9 http://cdn-fastly.deb.debian.org/debian sid/main amd64 Packages [8,979 kB] Get:10 http://deb.debian.org/debian experimental/main amd64 Packages [385 kB] Fetched 18.1 MB in 8s (2,307 kB/s) Reading package lists... Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: libc-bin libc-dev-bin libc-l10n libc6 libc6-dev libunwind8 locales Suggested packages: glibc-doc libnss-nis libnss-nisplus manpages-dev hunspell Recommended packages: manpages manpages-dev libc-devtools The following NEW packages will be installed: libunwind8 nano strace The following packages will be upgraded: libc-bin libc-dev-bin libc-l10n libc6 libc6-dev locales 6 upgraded, 3 newly installed, 0 to remove and 169 not upgraded. Need to get 13.0 MB of archives. After this operation, 7,139 kB of additional disk space will be used. Get:1 http://deb.debian.org/debian testing/main amd64 libc-l10n all 2.33-5 [864 kB] Get:2 http://deb.debian.org/debian testing/main amd64 libc-dev-bin amd64 2.33-5 [243 kB] Get:3 http://deb.debian.org/debian testing/main amd64 libc6-dev amd64 2.33-5 [2,274 kB] Get:4 http://deb.debian.org/debian testing/main amd64 locales all 2.33-5 [4,088 kB] Get:5 http://deb.debian.org/debian testing/main amd64 libc6 amd64 2.33-5 [2,831 kB] Get:6 http://deb.debian.org/debian testing/main amd64 libc-bin amd64 2.33-5 [834 kB] Get:7 http://deb.debian.org/debian testing/main amd64 nano amd64 6.1-1 [707 kB] Get:8 http://deb.debian.org/debian testing/main amd64 libunwind8 amd64 1.3.2-2 [54.5 kB] Get:9 http://deb.debian.org/debian testing/main amd64 strace amd64 5.10-1 [1,084 kB] debconf: delaying package configuration, since apt-utils is not installed Fetched 13.0 MB in 4s (2,988 kB/s) (Reading database ... 18127 files and directories currently installed.) Preparing to unpack .../libc-l10n_2.33-5_all.deb ... Unpacking libc-l10n (2.33-5) over (2.32-4) ... Preparing to unpack .../libc-dev-bin_2.33-5_amd64.deb ... Unpacking libc-dev-bin (2.33-5) over (2.32-4) ... Preparing to unpack .../libc6-dev_2.33-5_amd64.deb ... Unpacking libc6-dev:amd64 (2.33-5) over (2.32-4) ... Preparing to unpack .../locales_2.33-5_all.deb ... Unpacking locales (2.33-5) over (2.32-4) ... Preparing to unpack .../libc6_2.33-5_amd64.deb ... debconf: unable to initialize frontend: Dialog debconf: (TERM is not set, so the dialog frontend is not usable.) debconf: falling back to frontend: Readline Checking for services that may need to be restarted... Checking init scripts... Unpacking libc6:amd64 (2.33-5) over (2.32-4) ... Setting up libc6:amd64 (2.33-5) ... debconf: unable to initialize frontend: Dialog debconf: (TERM is not set, so the dialog frontend is not usable.) debconf: falling back to frontend: Readline (Reading database ... 18133 files and directories currently installed.) Preparing to unpack .../libc-bin_2.33-5_amd64.deb ... Unpacking libc-bin (2.33-5) over (2.32-4) ... Setting up libc-bin (2.33-5) ... Selecting previously unselected package nano. (Reading database ... 18133 files and directories currently installed.) Preparing to unpack .../archives/nano_6.1-1_amd64.deb ... Unpacking nano (6.1-1) ... Selecting previously unselected package libunwind8:amd64. Preparing to unpack .../libunwind8_1.3.2-2_amd64.deb ... Unpacking libunwind8:amd64 (1.3.2-2) ... Selecting previously unselected package strace. Preparing to unpack .../strace_5.10-1_amd64.deb ... Unpacking
