Using Docker in a Snap

Fri Jul 17 13:21:31 UTC 2015

On 07/16/2015 11:52 PM, Dustin Kirkland wrote:
> On Thu, Jul 16, 2015 at 11:38 PM, Dustin Kirkland
> <kirkland at canonical.com> wrote:
>> Okay, so there was a whitespace problem in my package.yaml.  Needed to
>> indent caps under services.
>>
>> Now I'm past the "Operation not permitted" problem.  But I'm getting a
>> "Bad system call" error now:
>>
>> Jul 17 04:34:16 localhost kernel: [ 8477.690420] audit: type=1400
>> audit(1437107656.948:21): apparmor="STATUS" operation="profile_load"
>> profile="unconfined" name="mprime.sideload_mprime_28.5-7" pid=3116
>> comm="apparmor_parser"
>> Jul 17 04:34:17 localhost systemd[1]: Reloading.
>> Jul 17 04:34:17 localhost systemd[1]: Started Search for Mersenne Prime Numbers.
>> Jul 17 04:34:17 localhost systemd[1]: Starting Search for Mersenne
>> Prime Numbers...
>> Jul 17 04:34:17 localhost ubuntu-core-launcher[3132]: +
>> /apps/docker/current/bin/docker run -d kirkland/mprime
>> Jul 17 04:34:17 localhost ubuntu-core-launcher[3132]: Bad system call
>> Jul 17 04:34:17 localhost kernel: [ 8477.912720] audit: type=1326
>> audit(1437107657.172:22): auid=4294967295 uid=0 gid=0 ses=4294967295
>> pid=3134 comm="docker" exe="/bin/bash" sig=31 arch=c000003e syscall=42
>> compat=0 ip=0x7f67ec32dc40 code=0x0
>> Jul 17 04:34:17 localhost systemd[1]: mprime_mprime_28.5-7.service:
>> main process exited, code=exited, status=159/n/a
>> Jul 17 04:34:17 localhost systemd[1]: Unit
>> mprime_mprime_28.5-7.service entered failed state.
>> Jul 17 04:34:17 localhost systemd[1]: mprime_mprime_28.5-7.service failed.
>> Jul 17 04:34:24 localhost ubuntu-core-launcher[725]:
>> time="2015-07-17T04:34:24Z" level=info msg="GET
>> /v1.18/containers/json"
>> Jul 17 04:34:24 localhost ubuntu-core-launcher[725]:
>> time="2015-07-17T04:34:24Z" level=info msg="+job containers()"
>> Jul 17 04:34:24 localhost ubuntu-core-launcher[725]:
>> time="2015-07-17T04:34:24Z" level=info msg="-job containers() = OK
>> (0)"
>>
>> Ideas?  Is this a seccomp problem?
> 
> Okay.  Fixed that by adding the network cap.  (Syscall 42 in Linux is connect())
> 
Note that the syscall number is architecture dependent.

> But now, it looks like the /apps/docker/current/bin/docker wrapper
> script is just broken?
> 

Possibly (at least it could perhaps be made easier to use). I noticed that the
owncloud snap has:

DOCKER_PATH="/apps/docker/current/bin/"
PATH=$PATH:$DOCKER_PATH
DOCKER_CMD="docker"

Maybe you need something similar? (you might look at the script for how it sets
and uses other env variables).

> Jul 17 04:49:19 localhost systemd[1]: Reloading.
> Jul 17 04:49:19 localhost systemd[1]: Started Search for Mersenne Prime Numbers.
> Jul 17 04:49:19 localhost systemd[1]: Starting Search for Mersenne
> Prime Numbers...
> Jul 17 04:49:19 localhost ubuntu-core-launcher[3819]: +
> /apps/docker/current/bin/docker run -d kirkland/mprime
> Jul 17 04:49:19 localhost ubuntu-core-launcher[3819]:
> /apps/docker/current/bin/docker: line 4: bin_arch: No such file or
> directory
> Jul 17 04:49:19 localhost ubuntu-core-launcher[3819]:
> /apps/docker/current/bin/docker: line 11: select_bin: command not
> found
> Jul 17 04:49:19 localhost ubuntu-core-launcher[3819]:
> /apps/docker/current/bin/docker: line 11: run: command not found
> Jul 17 04:49:19 localhost systemd[1]: mprime_mprime_28.5-8.service:
> main process exited, code=exited, status=127/n/a
> Jul 17 04:49:19 localhost systemd[1]: Unit
> mprime_mprime_28.5-8.service entered failed state.
> Jul 17 04:49:19 localhost systemd[1]: mprime_mprime_28.5-8.service failed.
> (amd64)ubuntu at localhost:~$ vi /apps/docker/current/bin/docker
> 

-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-app-devel/attachments/20150717/187d9a90/attachment.pgp>