Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Latest gVisor release breaks Dangerzone #928

Open
apyrgio opened this issue Sep 23, 2024 · 1 comment
Open

Latest gVisor release breaks Dangerzone #928

apyrgio opened this issue Sep 23, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@apyrgio
Copy link
Contributor

apyrgio commented Sep 23, 2024

It seems that the latest gVisor release (release-20240916.0) is breaking the development branch of Dangezone. I believe this is the case due to the following:

  1. Our tests have been failing since 5 days ago, when the newest binaries for gVisor were released.
  2. I have rebuilt the v0.7.0 image for Dangerzone, which should run properly on all of our supported platforms, and I get an error as well.

The gVisor error we're seeing when running the container by hand is this:

I0923 13:05:11.356492       1 main.go:201] **************** gVisor ****************
W0923 13:05:11.358402       1 boot.go:266] Not setting product_name: open /sys/devices/virtual/dmi/id/product_name: no such file or directory
I0923 13:05:11.358522       1 boot.go:279] Setting host-shmem-huge: "never"
W0923 13:05:11.359241       1 specutils.go:129] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
I0923 13:05:11.359297       1 chroot.go:92] Setting up sandbox chroot in "/tmp"
W0923 13:05:11.359386       1 chroot.go:109] Failed to copy /etc/localtime: open /etc/localtime: no such file or directory. UTC timezone will be used.
I0923 13:05:11.359425       1 chroot.go:37] Mounting "proc" at "/tmp/proc"
W0923 13:05:11.359477       1 util.go:64] FATAL ERROR: error setting up chroot: error mounting proc in chroot: error mounting "proc" at "/tmp/proc": mount("proc", "/tmp/proc", 15) failed: operation not permitted
error setting up chroot: error mounting proc in chroot: error mounting "proc" at "/tmp/proc": mount("proc", "/tmp/proc", 15) failed: operation not permitted
D0923 13:05:11.360661      12 sandbox.go:1330] Destroying sandbox "dangerzone"

You can find the full error report here: gvisor.log. I'll give it a check with the previous gVisor release as well.
@apyrgio
Copy link
Contributor Author

apyrgio commented Sep 23, 2024
edited
Loading

Yeap, building Dangerzone with the 2024-08-26 gVisor release works. The change I made was:

diff --git a/Dockerfile b/Dockerfile
index 9988660..872e634 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -88,7 +88,7 @@ FROM alpine:latest
 RUN apk --no-cache -U upgrade && \
     apk --no-cache add python3
 
-RUN GVISOR_URL="https://storage.googleapis.com/gvisor/releases/release/latest/$(uname -m)"; \
+RUN GVISOR_URL="https://storage.googleapis.com/gvisor/releases/release/20240826/$(uname -m)"; \
     wget "${GVISOR_URL}/runsc" "${GVISOR_URL}/runsc.sha512" && \
     sha512sum -c runsc.sha512 && \
     rm -f runsc.sha512 && \

I'll open an issue in the gVisor tracker, in case someone has encountered something similar.

Edit: opened google/gvisor#10944.

@apyrgio apyrgio added the bug Something isn't working label Sep 23, 2024
@apyrgio apyrgio mentioned this issue Sep 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@apyrgio