slim icon indicating copy to clipboard operation
slim copied to clipboard

Published 20 hours ago verified publisher icon slimtoolkit

Accept a runtime parameter

Open sudosammy opened this issue 4 years ago • 3 comments

DockerSlim doesn't work in the gVisor runtime due to its lack of fanotify(7) support tracked here: https://github.com/google/gvisor/issues/2555 DockerSlim fails in the gVisor runtime with the following error:

docker-slim[build]: info=cmd.startmonitor status=sent
docker-slim[build]: info=event.error status=received data=SensorError{Op:sensor.fanotify.Run/fanapi.Initialize,Kind:call.error,Wrapped:{Type=syscall.Errno,Info=function not implemented,Line:43,File:github.com/docker-slim/docker-slim/internal/app/sensor/monitors/fanotify/monitor.go}}
docker-slim[build]: state=exited version=linux|Transformer|1.31.0|508fee6f9b2aa4c3aa3920189837730c4147214a|2020-08-14_04:55:24AM

Making DockerSlim work without the use of fanotify sounds challenging and very uncool. Another solution would be to pass the --runtime flag to Docker so the user can specify a different runtime such as runc to perform DockerSlim actions.

sudosammy avatar Aug 16 '20 02:08 sudosammy

@sudosammy supporting multiple container runtimes is a good feature to have in general... though we might also need to enhance how the containerized application is monitored (new monitoring engine is coming that won't need fanotify, but it might also have problems with gvisor... for similar reasons... need to investigate)

kcq avatar Aug 16 '20 05:08 kcq

Thanks @kcq, any ETA on the new monitoring engine? I also tried running DockerSlim in a container and specifying its runtime which I thought was going to work: docker run --runtime=runc -it --rm -v /var/run/docker.sock:/var/run/docker.sock dslim/docker-slim build --target my-image

But, same error which is a bit confusing...

docker-slim[build]: info=event.error status=received data=SensorError{Op:sensor.fanotify.Run/fanapi.Initialize,Kind:call.error,Wrapped:{Type=syscall.Errno,Info=function not implemented,Line:43,File:github.com/docker-slim/docker-slim/internal/app/sensor/monitors/fanotify/monitor.go}}
docker-slim[build]: state=exited version=linux|Transformer|1.31.0|508fee6f9b2aa4c3aa3920189837730c4147214a|2020-08-14_06:41:27AM

sudosammy avatar Aug 16 '20 05:08 sudosammy

There's a couple of options... enhancing an existing engine and creating a new monitoring engine. Both are still in their planning phase mostly because of the resource constraints. I'm looking for developers to help me with both options. Any referrals are greatly appreciated :-)

kcq avatar Aug 18 '20 00:08 kcq