I need to be able fork a process. As i understand it i need to set the security-opt. I have tried doing this with docker command and it works fine. However when i do this in a docker-compose file it seem to do nothing, maybe I'm not using compose right.
docker run --security-opt=seccomp:unconfined <id> dlv debug --listen=:2345 --headless --log ./cmd/main.go
docker-compose.yml
networks: backend: services: example: build: . security_opt: - seccomp:unconfined networks: - backend ports: - "5002:5002"
Dockerfile
FROM golang:1.8 RUN go get -u github.com/derekparker/delve/cmd/dlv RUN dlv debug --listen=:2345 --headless --log ./cmd/main.go
command
docker-compose -f docker-compose.yml up --build --abort-on-container-exit
2017/09/04 15:58:33 server.go:73: Using API v1 2017/09/04 15:58:33 debugger.go:97: launching process with args: [/go/src/debug] could not launch process: fork/exec /go/src/debug: operation not permitted
Bypassing API firewall : Seccomp Unconfined. Seccomp is a mechanism to restrict the actions available within the container by restricting system calls that a process could make. It can block process from sending system calls to CPU.
Docker compose uses the Dockerfile if you add the build command to your project's docker-compose. yml. Your Docker workflow should be to build a suitable Dockerfile for each image you wish to create, then use compose to assemble the images using the build command.
The compose syntax is correct. But the security_opt will be applied to the new instance of the container and thus is not available at build time like you are trying to do with the Dockerfile RUN
command.
The correct way should be :
Dockerfile:
FROM golang:1.8 RUN go get -u github.com/derekparker/delve/cmd/dlv
docker-compose.yml
networks: backend: services: example: build: . security_opt: - seccomp:unconfined networks: - backend ports: - "5002:5002" entrypoint: ['/usr/local/bin/dlv', '--listen=: 2345', '--headless=true', '--api-version=2', 'exec', 'cmd/main.go']
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With