-
-
Notifications
You must be signed in to change notification settings - Fork 687
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect generated seccomp profile for ASP.NET Core app #182
Comments
@mthalman I'll try to repro the condition. Had a few challeges with the dotnet samples... I might need your help if you don't mind :) What's your preferred way to communicate? |
Twitter? @matt_tman |
@kcq I am having the same issue. Version output:
In my case, |
Steps to reproduce:
Note: |
I can reproduce this as well (different image, though)! Adding |
@InnovativeInventor do you have a repro you can share? are you using the |
Unfortunately, I can't share the image I reproduced this bug on. However, I was using the |
Hi, Following up on this discussion, I am having the same issue on several images (I am using SUSE linux but can't share images either). Expected BehaviorContainer is able to start using the auto-generated seccomp profile. Actual BehaviorContainer does not start throwing following error:
SolutionSolved by adding Specifications
RequestGiven that this problem is common to several users, can this manual addition ( |
@DavideRutigliano confirming where the call is coming from to find the right place for it. Either way, will add it. Will update soon. |
Expected Behavior
Running
docker-slim build
on an ASP.NET Core application should produce a seccomp profile that can be successfully used when running the container.Actual Behavior
Attempting to use the generated seccomp profile results in a failure to start the container. This is because the syscalls contained in the seccomp profile is missing
fstatfs
.Steps to Reproduce the Problem
git clone https://github.com/dotnet/dotnet-docker.git
cd dotnet-docker/samples/aspnetapp
docker-slim build --dockerfile Dockerfile.debian-x64-slim --expose 80 --copy-meta-artifacts artifacts --tag-fat app --tag app.min .
docker run --rm -it -p 8000:80 --security-opt seccomp=artifacts/app-seccomp.json app.min
Failure Result:
Open the
artifacts/app-seccomp.json
file in a text editor.Add
fstatfs
to the list of syscall names and save the file.docker run --rm -it -p 8000:80 --security-opt seccomp=artifacts/app-seccomp.json app.min
Successful Result:
Specifications
docker-slim version linux|Transformer|1.34.0|a5cb54043b3ab3cf747165aad745f19db680434e|2021-01-29_10:00:49PM
The text was updated successfully, but these errors were encountered: