slim icon indicating copy to clipboard operation
slim copied to clipboard
verified publisher icon slimtoolkit

Error oci runtime error: exec: "/opt/dockerslim/bin/sensor": permission denied

Open RANUX opened this issue 9 years ago • 27 comments

Hi! I downloaded latest dist for mac v1.17, cloned samples from docker-slim/docker-slim/tree/master/sample/apps/node and built image from Dockerfile docker build -t my/sample-node-app . When i tried run ./docker-slim build --http-probe my/sample-node-app and got error:

MacBook-Pro:dist_mac alex$ ./docker-slim build --http-probe my/sample-node-app
docker-slim: [build] image=my/sample-node-app http-probe=true remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[]
INFO[0000] docker-slim: inspecting 'fat' image metadata...
INFO[0000] docker-slim: [sha256:4c29409bc9585b228986bf1fa544153254b4e4ad76c36fdd46f2a8557cd8aed8] 'fat' image size => 419509897 (420 MB)

INFO[0000] docker-slim: processing 'fat' image info...
INFO[0000] docker-slim: starting instrumented 'fat' container...
INFO[0000] docker-slim: created container => 0880f964950ba839968bc42940eda55d40070a6719e6b8540b350ae642adf53a
FATA[0000] docker-slim: failure                          error=API error (500): {"message":"oci runtime error: exec: \"/opt/dockerslim/bin/sensor\": permission denied"}
 stack=goroutine 1 [running]:
runtime/debug.Stack(0xa2f57, 0xc4200188a8, 0x0)
	/usr/local/go/src/runtime/debug/stack.go:24 +0x79
github.com/docker-slim/docker-slim/utils.FailOn(0x582f00, 0xc42023ee60)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:11 +0x51
github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc420017c20, 0x7fff5fbff721, 0x12, 0x0, 0x0, 0xc420017b01, 0x5c27d8, ...)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:76 +0x969
main.init.1.func4(0xc42009a8c0, 0x0, 0x0)
	/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713
reflect.Value.call(0x36e4a0, 0x41b388, 0x13, 0x3e96a9, 0x4, 0xc420125920, 0x1, 0x1, 0xaa218, 0x3dd0a0, ...)
	/usr/local/go/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x36e4a0, 0x41b388, 0x13, 0xc420125920, 0x1, 0x1, 0x0, 0xc4200e3910, 0xb3526)
	/usr/local/go/src/reflect/value.go:302 +0xa4
github.com/codegangsta/cli.HandleAction(0x36e4a0, 0x41b388, 0xc42009a8c0, 0x0, 0x0)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0
github.com/codegangsta/cli.Command.Run(0x3e9bc7, 0x5, 0x0, 0x0, 0xc420015ca0, 0x1, 0x1, 0x3fbdb7, 0x3e, 0x0, ...)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b
github.com/codegangsta/cli.(*App).Run(0xc4200f2000, 0xc42000c280, 0x4, 0x4, 0x0, 0x0)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611
main.runCli()
	/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55
main.main()
	/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19

RANUX avatar Dec 16 '16 21:12 RANUX

A don't know how, but after reinstall docker and docker-machine error gone away. But i have new error when build:

MacBook-Pro:dist_mac alex$ ./docker-slim b 02c41a90c4ae
docker-slim: [build] image=02c41a90c4ae http-probe=false remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[]
INFO[0000] docker-slim: inspecting 'fat' image metadata...
INFO[0000] docker-slim: [sha256:02c41a90c4aeaf54d4438bc73b6bd71e2cf2568f13e421f05b2954b5a1918647] 'fat' image size => 584267897 (584 MB)

INFO[0000] docker-slim: processing 'fat' image info...
INFO[0000] docker-slim: starting instrumented 'fat' container...
INFO[0000] docker-slim: created container => 70582fd314ce5d6ab62c58e45460dc7999c7ee6d8e8bbe4270ff2fe3f4da0232
INFO[0000] docker-slim: watching container monitor...
docker-slim: press <enter> when you are done using the container...

INFO[0003] docker-slim: waiting for the container finish its work...
INFO[0005] docker-slim: shutting down 'fat' container...
INFO[0005] docker-slim: processing instrumented 'fat' container info...
INFO[0005] docker-slim: generating AppArmor profile...
INFO[0005] docker-slim: building 'slim' image...
FATA[0005] docker-slim: failure                          error=no permission to read from '/Users/alex/Downloads/dist_mac/.images/02c41a90c4aeaf54d4438bc73b6bd71e2cf2568f13e421f05b2954b5a1918647/artifacts/files/run/crond.reboot' stack=goroutine 1 [running]:
runtime/debug.Stack(0xc420030010, 0x0, 0x0)
	/usr/local/go/src/runtime/debug/stack.go:24 +0x79
github.com/docker-slim/docker-slim/utils.FailOn(0x582d80, 0xc420476080)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:11 +0x51
github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000dc50, 0x7fff5fbff728, 0xc, 0x0, 0x0, 0xc42000dc00, 0x5c27d8, ...)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:135 +0xf2c
main.init.1.func4(0xc42009a8c0, 0x0, 0x0)
	/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713
reflect.Value.call(0x36e4a0, 0x41b388, 0x13, 0x3e96a9, 0x4, 0xc420127920, 0x1, 0x1, 0xaa218, 0x3dd0a0, ...)
	/usr/local/go/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x36e4a0, 0x41b388, 0x13, 0xc420127920, 0x1, 0x1, 0x0, 0xc4200e3910, 0xb3526)
	/usr/local/go/src/reflect/value.go:302 +0xa4
github.com/codegangsta/cli.HandleAction(0x36e4a0, 0x41b388, 0xc42009a8c0, 0x0, 0x0)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0
github.com/codegangsta/cli.Command.Run(0x3e9bc7, 0x5, 0x0, 0x0, 0xc420015ca0, 0x1, 0x1, 0x3fbdb7, 0x3e, 0x0, ...)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b
github.com/codegangsta/cli.(*App).Run(0xc4200f2000, 0xc42000c270, 0x3, 0x3, 0x0, 0x0)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611
main.runCli()
	/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55
main.main()
	/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19

ls -alh showed : ---------- 1 alex staff 0B Dec 19 23:05 crond.reboot

RANUX avatar Dec 19 '16 19:12 RANUX 

docker-slim: [build] image=my-image http-probe=true remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[]
INFO[0000] docker-slim: inspecting 'fat' image metadata...
INFO[0000] docker-slim: [sha256:c66def89ac18c8dc5a39d1f850ba0f77ade75855dd49b46867d372981a4ca882] 'fat' image size => 922202376 (922 MB)

INFO[0000] docker-slim: processing 'fat' image info...
INFO[0000] docker-slim: starting instrumented 'fat' container...
INFO[0000] docker-slim: created container => b5195f408d25dc5f25d115997324166f761f4f23daea473bfd6e78133dc81912
FATA[0000] docker-slim: failure                          error=API error (500): {"message":"oci runtime error: container_linux.go:262: starting container process caused \"exec: \\\"/opt/dockerslim/bin/sensor\\\": permission denied\"\n"}
 stack=goroutine 1 [running]:
runtime/debug.Stack(0xa2f57, 0xc420010808, 0x0)
	/usr/local/go/src/runtime/debug/stack.go:24 +0x79
github.com/docker-slim/docker-slim/utils.FailOn(0x582f00, 0xc4201e5f00)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:11 +0x51
github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc420019bc0, 0x7fff5fbff9c7, 0x28, 0x0, 0x0, 0xc420019b01, 0x5c27d8, ...)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:76 +0x969
main.init.1.func4(0xc4200988c0, 0x0, 0x0)
	/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713
reflect.Value.call(0x36e4a0, 0x41b388, 0x13, 0x3e96a9, 0x4, 0xc420125920, 0x1, 0x1, 0xaa218, 0x3dd0a0, ...)
	/usr/local/go/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x36e4a0, 0x41b388, 0x13, 0xc420125920, 0x1, 0x1, 0x0, 0xc4200e3910, 0xb3526)
	/usr/local/go/src/reflect/value.go:302 +0xa4
github.com/codegangsta/cli.HandleAction(0x36e4a0, 0x41b388, 0xc4200988c0, 0x0, 0x0)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0
github.com/codegangsta/cli.Command.Run(0x3e9bc7, 0x5, 0x0, 0x0, 0xc420013cb0, 0x1, 0x1, 0x3fbdb7, 0x3e, 0x0, ...)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b
github.com/codegangsta/cli.(*App).Run(0xc4200f2000, 0xc42000c340, 0x4, 0x4, 0x0, 0x0)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611
main.runCli()
	/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55
main.main()
	/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19

I seem to have gotten this same or same kind of error. Running on macOS 10.12.5 and Docker 17.06.0-ce-mac19 (18663)

Tried to run this as sudo, too, which gave a different error.

Uninen avatar Jul 24 '17 03:07 Uninen

Do you still have the same problem with the latest version of Docker for Mac?

kcq avatar Sep 01 '17 01:09 kcq

And can you also check the file permissions on the 'docker-slim-sensor' binary (ls -lh)?

kcq avatar Sep 01 '17 01:09 kcq

I have a different error now:

docker-slim build --http-probe ed060af17b55
docker-slim: [build] image=ed060af17b55 http-probe=true remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[]
INFO[0000] docker-slim: inspecting 'fat' image metadata...
INFO[0000] docker-slim: [sha256:ed060af17b559ce4d28416a9378889b9dcdc432ec2e70a104044216f481b2271] 'fat' image size => 932183856 (932 MB)
INFO[0000] docker-slim: processing 'fat' image info...
INFO[0000] docker-slim: starting instrumented 'fat' container...
INFO[0000] docker-slim: created container => 5a2c9b746e7faa16739ae78441ca3d958720c2b69c18590953dc2238c4b73ff6
FATA[0000] docker-slim: failure                          error="API error (500): {"message":"oci runtime error: container_linux.go:262: starting container process caused \"process_linux.go:339: container init caused \\\"rootfs_linux.go:57: mounting \\\\\\\"/usr/local/bin/docker-slim-sensor\\\\\\\" to rootfs \\\\\\\"/var/lib/docker/overlay2/a1ae024b792912ba2c6d3a1621434d76f256a02c206ba28412f68e367271ba33/merged\\\\\\\" at \\\\\\\"/opt/dockerslim/bin/sensor\\\\\\\" caused \\\\\\\"stat /usr/local/bin/docker-slim-sensor: input/output error\\\\\\\"\\\"\"\n"}
" stack="goroutine 1 [running]:
runtime/debug.Stack(0x0, 0xc4200ed0b8, 0x12dfe77)
	/usr/local/Cellar/go/1.8.3/libexec/src/runtime/debug/stack.go:24 +0x79
github.com/docker-slim/docker-slim/pkg/utils/errutils.FailOn(0x15f0ea0, 0xc4201f42e0)
	/Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/pkg/utils/errutils/errutils.go:14 +0x51
github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc4200178f0, 0x7fff5fbffad7, 0xc, 0x0, 0x0, 0xc4200c1a01, 0x1640980, ...)
	/Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/master/commands/build.go:85 +0x8eb
main.init.1.func4(0xc4200d0640, 0x0, 0xc4200d0640)
	/Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/cmd/docker-slim/cli.go:321 +0x9a8
github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli.HandleAction(0x13aa200, 0x1447ab0, 0xc4200d0640, 0xc42006c700, 0x0)
	/Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli/app.go:485 +0xd4
github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli.Command.Run(0x1431faa, 0x5, 0x0, 0x0, 0xc420015b00, 0x1, 0x1, 0x1444ed6, 0x3e, 0x0, ...)
	/Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli/command.go:207 +0xb6e
github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli.(*App).Run(0xc4200f4000, 0xc42000e340, 0x4, 0x4, 0x0, 0x0)
	/Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli/app.go:250 +0x7d0
main.runCli()
	/Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/cmd/docker-slim/cli.go:526 +0x55
main.main()
	/Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/cmd/docker-slim/main.go:5 +0x25
" version="darwin|Tetra|latest|latest|latest (go1.8.3)"

the permissions:

ls -lh /usr/local/bin/docker-slim-sensor
-rwxr-xr-x@ 1 uninen  staff   4.0M Aug  9 20:51 /usr/local/bin/docker-slim-sensor

Using Docker for Mac version 17.06.1-ce-mac24 (18950)

Uninen avatar Sep 01 '17 05:09 Uninen

Same error as @Uninen, also the same permissions.

❯ docker -v
Docker version 17.07.0-ce, build 87847530f7
❯ m info
ProductName:	Mac OS X
ProductVersion:	10.13
BuildVersion:	17A360a

hiddeco avatar Sep 12 '17 14:09 hiddeco

go version go version go1.9.1 linux/amd64

docker -v Docker version 1.13.1, build b5e3294/1.13.1

docker-machine version docker-machine version 0.13.0, build 9ba6da9

ls -lh /opt/dockerslim/bin/ total 15M -rwxr-xr-x. 1 vrx_jmartins vrx_jmartins 11M Nov 28 12:27 docker-slim -rwxr-xr-x. 1 vrx_jmartins vrx_jmartins 4.2M Nov 28 12:27 docker-slim-sensor

/opt/dockerslim/bin/docker-slim build --http-probe my/sample-node-app2017/11/28 13:05:14 Couldn't set key CPE_NAME, no corresponding struct field found 2017/11/28 13:05:14 Couldn't set key REDHAT_BUGZILLA_PRODUCT, no corresponding struct field found 2017/11/28 13:05:14 Couldn't set key REDHAT_BUGZILLA_PRODUCT_VERSION, no corresponding struct field found 2017/11/28 13:05:14 Couldn't set key REDHAT_SUPPORT_PRODUCT, no corresponding struct field found 2017/11/28 13:05:14 Couldn't set key REDHAT_SUPPORT_PRODUCT_VERSION, no corresponding struct field found 2017/11/28 13:05:14 Couldn't set key PRIVACY_POLICY_URL, no corresponding struct field found docker-slim: [build] image=my/sample-node-app http-probe=true remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[] INFO[0000] docker-slim: inspecting 'fat' image metadata... INFO[0000] docker-slim: [sha256:fcd9befbef3023aa5d5fe14feca760515d35874fe3ac8e9c44a178e8117651ad] 'fat' image size => 451618821 (452 MB) INFO[0000] docker-slim: processing 'fat' image info...
INFO[0000] docker-slim: starting instrumented 'fat' container... INFO[0000] docker-slim: created container => 24cb438500abaa022ee4c7623ac5b508a79eb954d2dd3e5fd6446173167ca312 FATA[0000] docker-slim: failure error="API error (400): {"message":"OCI runtime create failed: container_linux.go:295: starting container process caused "exec: \"/opt/dockerslim/bin/sensor\": permission denied": unknown"} " stack="goroutine 1 [running]: runtime/debug.Stack(0x705ad7, 0xc42007c448, 0x0) /usr/local/go/src/runtime/debug/stack.go:24 +0xa7 github.com/docker-slim/docker-slim/pkg/utils/errutils.FailOn(0xa6ef80, 0xc42018f7e0) /go/src/github.com/docker-slim/docker-slim/pkg/utils/errutils/errutils.go:14 +0x51 github.com/docker-slim/docker-slim/internal/app/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc4200797d0, 0x7fff0b2bcfb8, 0x12, 0x0, 0x0, 0x1, 0xacaf48, ...) /go/src/github.com/docker-slim/docker-slim/internal/app/master/commands/build.go:85 +0x7fb github.com/docker-slim/docker-slim/internal/app/master.init.0.func5(0xc4200aea00, 0x0, 0xc4200aea00) /go/src/github.com/docker-slim/docker-slim/internal/app/master/cli.go:322 +0x9f5 github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli.HandleAction(0x7d3d20, 0x87f340, 0xc4200aea00, 0xc42005a500, 0x0) /go/src/github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli/app.go:485 +0xd2 github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli.Command.Run(0x865d6f, 0x5, 0x0, 0x0, 0xc42004f340, 0x1, 0x1, 0x8793b3, 0x3e, 0x0, ...) /go/src/github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli/command.go:207 +0xa95 github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli.(*App).Run(0xc42007ab60, 0xc42000e080, 0x4, 0x4, 0x0, 0x0) /go/src/github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli/app.go:250 +0x758 github.com/docker-slim/docker-slim/internal/app/master.runCli() /go/src/github.com/docker-slim/docker-slim/internal/app/master/cli.go:536 +0x55 github.com/docker-slim/docker-slim/internal/app/master.Run() /go/src/github.com/docker-slim/docker-slim/internal/app/master/app.go:6 +0x25 main.main() /go/src/github.com/docker-slim/docker-slim/cmd/docker-slim/main.go:8 +0x20 " version="linux|Tetra|latest|latest|latest (go1.9.2)"

jcmartins avatar Nov 28 '17 15:11 jcmartins

@Uninen / @hiddeco sorry it took a while to respond with this issue! The permission failure is related to the location where docker-slim is installed and how Docker for Mac works. Docker doesn't mount the /usr directory, so putting anything there or its sub-directories will result in a failure. The latest release ( https://github.com/docker-slim/docker-slim/releases/tag/1.24.2 ) addresses this Docker for Mac limitation.

kcq avatar Mar 26 '19 06:03 kcq

Hello I'm facing this issue with CircleCi also

`docker-slim[build]: state=started

docker-slim[build]: info=params target=geo-ip-api continue.mode=timeout

docker-slim[build]: state=inspecting.image

docker-slim[build]: info=image id=sha256:4ef948de53f0a92d268cfee147272d22b2b9012bb8989a6e833dbe4960dddbfe

size.bytes=798481056 size.human=798 MB

docker-slim[build]: info=image.layers index=0 name='golang' tags='1.11.1'

docker-slim[build]: info=image.layers index=1 name='geo-ip-api' tags='latest'

docker-slim[build]: state=inspecting.container

docker-slim[build]: info=container status=created id=bef71bb2e9526978fc4ce053648a28f1164acd5c6f7a58da87df9f467478494c

time="2019-04-24T08:59:06Z" level=fatal msg="docker-slim: failure" error="API error (400): {"message":"oci runtime error: container_linux.go:265: starting container process caused "exec: \"/opt/dockerslim/bin/sensor\": permission denied"\n"} " stack="goroutine 1 [running]:

runtime/debug.Stack(0x3, 0xc00029e000, 0xc00018b280) /usr/local/Cellar/go/1.11.1/libexec/src/runtime/debug/stack.go:24 +0xa7 github.com/docker-slim/docker-slim/pkg/utils/errutils.FailOn(0x904b40, 0xc00023af20) /Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/pkg/utils/errutils/errutils.go:14 +0x51 github.com/docker-slim/docker-slim/internal/app/master/commands.OnBuild(0x0, 0x0, 0x890800, 0xc0001c4a20, 0x19, 0xc00018e0f0, 0x7ffd16c957a9, 0xa, 0x0, 0x0, ...) /Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/internal/app/master/commands/build.go:149 +0xf48 github.com/docker-slim/docker-slim/internal/app/master.init.0.func5(0xc0001aa140, 0x0, 0xc0001aa140) /Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/internal/app/master/cli.go:543 +0x1045 github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli.HandleAction(0x7f7b80, 0x8a7670, 0xc0001aa140, 0xc000192000, 0x0) /Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli/app.go:485 +0xc8 github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli.Command.Run(0x88b0f8, 0x5, 0x0, 0x0, 0xc00008f470, 0x1, 0x1, 0x8a0a85, 0x3e, 0x0, ...) /Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli/command.go:207 +0x991 github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli.(*App).Run(0xc0000bcb60, 0xc00000e050, 0x5, 0x5, 0x0, 0x0) /Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/vendor/github.com/codegangsta/cli/app.go:250 +0x6ea github.com/docker-slim/docker-slim/internal/app/master.runCli() /Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/internal/app/master/cli.go:826 +0x55 github.com/docker-slim/docker-slim/internal/app/master.Run() /Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/internal/app/master/app.go:6 +0x25 main.main() /Users/q/docker-slim/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/cmd/docker-slim/main.go:8 +0x20 " version="linux|Transformer|1.24.2|08f6b1729b5c6c7bfd78f07ac40dd26a24aed81d|2019-03-23_03:41:54PM (go1.11.1)" Exited with code 1`

kareem-elsayed avatar Apr 24 '19 10:04 kareem-elsayed

@kareem-elsayed is this only with your CircleCi setup? What's the configuration you are using?

kcq avatar Apr 24 '19 14:04 kcq

@kcq yes it's just in CircleCi and here is the part from config

- run:
      name: Build Image
      command: |
        docker build -t geo-ip-api .
        wget https://github.com/docker-slim/docker-slim/releases/download/1.24.2/dist_linux.tar.gz && tar xvf dist_linux.tar.gz  && chmod 755 dist_linux/*
        ./dist_linux/docker-slim build  --continue-after 1 geo-ip-api

kareem-elsayed avatar Apr 24 '19 14:04 kareem-elsayed

That's super helpful! Thank you! I'll try to repro the condition to see how it can be addressed.

kcq avatar Apr 24 '19 14:04 kcq

Thanks @kcq

kareem-elsayed avatar Apr 24 '19 14:04 kareem-elsayed

Trying to repro it with the latest version (1.25.0), but i'm not getting the same behavior with a local Ubuntu setup. Setting up a CircleCi account for a full repro...

kcq avatar Apr 24 '19 15:04 kcq

@kareem-elsayed can you share more info about your CircleCi configuration? What kind of executor are you using? docker or machine?

kcq avatar Apr 25 '19 00:04 kcq

A quick summary of what we have in this issue... We have a couple of problems here.

First, the sensor binary doesn't always get mounted. This happens for a number of reasons depending on the host environment. For example, on Mac OS X it happens (used to happen) when you install docker-slim in a directory that Docker for Mac doesn't share. The latest version of docker-slim addresses this use case and now it mounts the sensor from a location that is shared. With CircleCI there's another reason (still figuring out the exact conditions for it).

Second, the collected files have permissions that prevent the master app from accessing them. There's a separate ticket (#73) to address that. The permissions on crond.reboot look strange though. It appears that nobody has access to the file.

kcq avatar Apr 26 '19 16:04 kcq

Had this problem too running docker-slim in gitlab (maybe similar to CircleCi, travis, ...). Installing and running docker-slim build within the build job in a subdir of the repo worked without problems.

But I have several repo's using docker-slim so I decided to make an own docker-image containing docker-slim. Running this image in gitlab docker-slim build always fails with Error oci runtime error: exec: "/opt/dockerslim/bin/sensor": permission denied. This seems to be a mounting problem. The "solution" is to have the docker-slim files located in the repo-dir (or any sub-dir), which is mounted by default.

khassel avatar May 11 '19 22:05 khassel

@khassel the initial setup worked because Gitlab uses a special /builds directory, which it mounts to all containers, so everything that ends up in it or its subdirectories will be mountable. For your own image with docker-slim you'll need to make sure it's installed to /builds/docker-slim or something like this. This Gitlab ticket is a nice reference about the 'problem': https://gitlab.com/gitlab-org/gitlab-ce/issues/41227

There's a couple of enhancements planned for 1.25.1 where one of them will use a different way to transfer artifacts to and from the target container without using mounted volumes, so it's no longer a problem for these types of environments.

By the way, I recently created a gitter channel ( https://gitter.im/docker-slim/community ), which might be easier to use for more interactive discussions :-) Speaking of the more interactive discussions... would you be open to chatting on Skype, Google Hangout, WhatsApp, Telegram or some other private communication forum? I'd love to get your feedback about the planned CI/CD enhancements and the capabilities you wish were there.

kcq avatar May 12 '19 16:05 kcq

For your own image with docker-slim you'll need to make sure it's installed to /builds/docker-slim or something like this.

no, this didn't work, because the mount overrides the existing /builds dir. But you can copy the files after mounting ...

There's a couple of enhancements planned for 1.25.1 where one of them will use a different way to transfer artifacts to and from the target container without using mounted volumes, so it's no longer a problem for these types of environments.

so I'm waiting for this release ...

By the way, I recently created a gitter channel ( https://gitter.im/docker-slim/community ), which might be easier to use for more interactive discussions :-) Speaking of the more interactive discussions... would you be open to chatting on Skype, Google Hangout, WhatsApp, Telegram or some other private communication forum? I'd love to get your feedback about the planned CI/CD enhancements and the capabilities you wish were there.

Thanks :-) I'm happy so far and I'm not a native english speaker, so it's always a language struggle for me, so chatting would be difficult and time consuming ...

khassel avatar May 16 '19 22:05 khassel

Yes, that's what I meant to say about the /build directory, but I didn't do a good job there :-) You should be able to use the global --state-path flag to point to a /build sub-directory, so docker-slim will copy its sensor there along with using it for the build artifacts when it's minifying the images.

No worries, just wanted to make sure I could answer your question and provide extra background information.

kcq avatar May 17 '19 03:05 kcq

@kcq Hi! I'm still having "permission denied" issues when running docker-slim in gitlab-ci. I joined gitter, maybe we can talk over there so I can give you faster info about the issue? Let me know when you're around. Thanks.

chuleh avatar Aug 06 '19 23:08 chuleh

Do you have more information about your setup?

kcq avatar Aug 07 '19 02:08 kcq

Hey Kyle, I'm having another issue now: we install aws-cli on our base image and then run docker-slim on it. Thing is, when the .slim image comes up, aws cli is gone. For example:

FROM docker:latest

#Install Python
RUN apk add --update python python-dev py-pip curl jq make git && \
    pip install awscli --upgrade \
    && mv $(find / -name aws) /usr/bin

If I go the base image, the aws-cli appears in /usr/bin. After that, when we apply docker-slim to it, apps such as git and aws-cli are gone. They don't show up in any directory. Can you help with this? Thanks.

/edit: Just found about --include-path :P. Should've RTFM.

chuleh avatar Aug 07 '19 20:08 chuleh

@chuleh , yes, there are a number of --include flags you can leverage potentially. --include-path is a generic flag to include a file or a directory (--include-path-file is a more convenient version where you have a bunch of include paths from a file). There are a few other --include flags to make it easier to include apps/binaries. One of the upcoming features will add an include flag for packages (e.g., --include-package, so you'd be able to say --include-package git).

What is the base image function? Is it just a set of tools or is it one main tool with a number of optional tools or is it actually an application container image with a server running in it?

docker-slim can minify container images with cli tools. it's easier when it's a single tool though, so you don't have to use any extra flags. when you minify a cli container image you specify the command line parameters for the tool, so docker-slim knows about the tool and what it needs. one of the future features will allow you to specify multiple commands to run with the container image, so you it'll be possible to have different commands for different tools.

kcq avatar Aug 08 '19 18:08 kcq

@chuleh The new 1.26.0 release has a better containerized environment support... (there's also a docker container distribution for docker-slim (dslim/docker-slim); more info in the repo readme including the Gitlab and CircleCI specific configurations to make it work). Give it a try if you have cycles... Let me know how it goes. Really appreciate your feedback!

kcq avatar Nov 23 '19 16:11 kcq

add --check-version=false and --http-probe=false parameter if run locally can fix this error

toanalien avatar Mar 10 '20 04:03 toanalien

@chuleh curious if you had much luck with your aws cli container image :) one other possible way to make sure everything gets included is to mount a test script that runs a number of important aws cli commands and temporarily setting the cmd (with --cmd) or entrypoint (with --entrypoint) to that script when executing the docker-slim build command.

kcq avatar Mar 11 '20 07:03 kcq