jbom icon indicating copy to clipboard operation
jbom copied to clipboard

Published 20 hours ago verified publisher icon eclipse

Working with containers

Open lnnwvr opened this issue 3 years ago • 7 comments

I having a karaf running inside a rootless container with my user. How do i get jbom working?

i get:

nable to attach with regular provider: java.lang.IllegalStateException: Error during attachment using: net.bytebuddy.agent.ByteBuddyAgent$AttachmentProvider$Compound@3b938003 at net.bytebuddy.agent.ByteBuddyAgent.install(ByteBuddyAgent.java:639) at net.bytebuddy.agent.ByteBuddyAgent.attach(ByteBuddyAgent.java:299) at com.contrastsecurity.Jbom.attachWithFallback(Jbom.java:443) at com.contrastsecurity.Jbom.attach(Jbom.java:429) at com.contrastsecurity.Jbom.doLocalProcess(Jbom.java:164) at com.contrastsecurity.Jbom.run(Jbom.java:117) at picocli.CommandLine.executeUserObject(CommandLine.java:1939) at picocli.CommandLine.access$1300(CommandLine.java:145) at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358) at picocli.CommandLine$RunLast.handle(CommandLine.java:2352) at picocli.CommandLine$RunLast.handle(CommandLine.java:2314) at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179) at picocli.CommandLine$RunLast.execute(CommandLine.java:2316) at picocli.CommandLine.execute(CommandLine.java:2078) at com.contrastsecurity.Jbom.main(Jbom.java:73) Caused by: java.lang.reflect.InvocationTargetException at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at net.bytebuddy.agent.Attacher.install(Attacher.java:102) at net.bytebuddy.agent.ByteBuddyAgent.install(ByteBuddyAgent.java:634) ... 14 more Caused by: java.io.IOException: Permission denied at java.base/java.io.UnixFileSystem.createFileExclusively(Native Method) at java.base/java.io.File.createNewFile(File.java:1035) at jdk.attach/sun.tools.attach.VirtualMachineImpl.createAttachFile(VirtualMachineImpl.java:298) at jdk.attach/sun.tools.attach.VirtualMachineImpl.<init>(VirtualMachineImpl.java:76) at jdk.attach/sun.tools.attach.AttachProviderImpl.attachVirtualMachine(AttachProviderImpl.java:58) at jdk.attach/com.sun.tools.attach.VirtualMachine.attach(VirtualMachine.java:207) ... 20 more Unable to attach with fallback provider: java.lang.IllegalStateException: No compatible attachment provider is available at net.bytebuddy.agent.ByteBuddyAgent.install(ByteBuddyAgent.java:628) at net.bytebuddy.agent.ByteBuddyAgent.attach(ByteBuddyAgent.java:299) at com.contrastsecurity.Jbom.attachWithFallback(Jbom.java:449) at com.contrastsecurity.Jbom.attach(Jbom.java:429) at com.contrastsecurity.Jbom.doLocalProcess(Jbom.java:164) at com.contrastsecurity.Jbom.run(Jbom.java:117) at picocli.CommandLine.executeUserObject(CommandLine.java:1939) at picocli.CommandLine.access$1300(CommandLine.java:145) at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358) at picocli.CommandLine$RunLast.handle(CommandLine.java:2352) at picocli.CommandLine$RunLast.handle(CommandLine.java:2314) at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179) at picocli.CommandLine$RunLast.execute(CommandLine.java:2316) at picocli.CommandLine.execute(CommandLine.java:2078) at com.contrastsecurity.Jbom.main(Jbom.java:73) 2022-06-14 21:47:26:686 TRACE --- [jbom] Saving SBOM to /home/mleinweber/Downloads/jbom/jbom/jbom-13503.json 2022-06-14 21:47:26:686 TRACE --- [jbom] 2022-06-14 21:47:26:686 TRACE --- [jbom] jbom complete

lnnwvr avatar Jun 14 '22 19:06 lnnwvr

Are you able to provide a sample app/container showing this issue?

JoeBeeton avatar Jun 14 '22 21:06 JoeBeeton

I think this actually worked, but required the fallback attachment mechanism. We have an extra call to printStackTrace() in there that should probably simply be a message saying "Initial attach failed, attempting fallback provider" or something like that. Can you check to see what's in the file listed at the bottom of the stack trace? Let us know if it's your SBOM. If so we'll clean up the output. Thx.

/home/mleinweber/Downloads/jbom/jbom/jbom-13503.json

planetlevel avatar Jun 14 '22 22:06 planetlevel

The file is not created .. you could simply start: podman run datatactics/rahla:latest

get pid and try to jbom it ... I assume that in karaf (osgi env) some security polices are set to block byte buddy?

br

lnnwvr avatar Jun 15 '22 08:06 lnnwvr

When you are running jbom are you using a JRE or a JDK?

JoeBeeContrast avatar Jun 15 '22 12:06 JoeBeeContrast

Open JDK 11 the container was was jdk too

lnnwvr avatar Jun 16 '22 19:06 lnnwvr

Sorry, I was able to generate a sbom for datatactics/rahla:latest . Can you please let me know the exact commands you ran? To generate the errors with the above example.

JoeBeeContrast avatar Jun 17 '22 13:06 JoeBeeContrast

Any updates @lnnwvr ?

planetlevel avatar Apr 07 '23 01:04 planetlevel