Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem with hard way in docker #26

Open
phpia opened this issue Oct 3, 2024 · 13 comments
Open

Problem with hard way in docker #26

phpia opened this issue Oct 3, 2024 · 13 comments

Comments

@phpia
Copy link

phpia commented Oct 3, 2024

Description

Running inside docker this command echo 'print("Hello world!")' | python3 run_code.py

I get echo 'print("Hello world!")' | python3 run_code.py
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking for updates...', 'done': False}}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking for updates...', 'done': False}}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking messages for code blocks...', 'done': False}}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking messages for code blocks...', 'done': False}}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking if environment supports sandboxing...', 'done': False}}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking if environment supports sandboxing...', 'done': False}}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Initializing sandbox configuration...', 'done': False}}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Initializing sandbox configuration...', 'done': False}}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Running Python code in gVisor sandbox...', 'done': False}}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Running Python code in gVisor sandbox...', 'done': False}}
Event: {'type': 'status', 'data': {'status': 'error', 'description': 'Sandbox exception: OSError: OSError in write_uid_map (#1): [Errno 1] Operation not permitted (other attempts: OSError in write_uid_map (#2): [Errno 1] Operation not permitted; OSError in write_uid_map (#3): [Errno 1] Operation not permitted); unshare_user (euid=0 egid=0 pid=166 do_resource_limiting=True initial_cgroup_name=None codeeval_cgroup_name=None controllers=None)', 'done': True}}
{"status": "SANDBOX_ERROR", "output": "Sandbox exception: OSError: OSError in write_uid_map (#1): [Errno 1] Operation not permitted (other attempts: OSError in write_uid_map (#2): [Errno 1] Operation not permitted; OSError in write_uid_map (#3): [Errno 1] Operation not permitted); unshare_user (euid=0 egid=0 pid=166 do_resource_limiting=True initial_cgroup_name=None codeeval_cgroup_name=None controllers=None)"}

General information

  • Open WebUI version: 0.3.3
  • Tool/function version: 0.8.0
  • Open WebUI setup:
    • Kernel information: Linux ip-172-31-2-39 6.8.0-1016-aws use an external library #17-Ubuntu SMP Mon Sep 2 13:48:07 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

    • Runtime: Docker

    • If running in Docker:

      • Docker version: Docker version 24.0.7, build 24.0.7-0ubuntu4
      • docker run command: sudo docker run --security-opt seccomp=/home/ubuntu/seccomp.gvisor.json --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc2,target=/proc2,readonly=false --security-opt apparmor=unconfined --security-opt label=type:container_engine_t -d -p 3000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL="https://XXXXXXX" -e MICROSOFT_REDIRECT_URI="XXXXX" -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webui --restart always ghcr.io/open-webui/open-webui:main
      • Docker container info: [Run docker inspect openwebui_container_name_here to find out]

Debug logs

Additional context

Thanks!

@EtiennePerot
Copy link
Owner

Can you turn on debug mode and provide full logs?

(Also, I see you're using a custom seccomp profile; is it the one from Dangerzone?)

@phpia
Copy link
Author

phpia commented Oct 4, 2024

Hi!, yes seccomp is from Dangerzone
chat-export-1728031201796.json

Thanks!

@EtiennePerot
Copy link
Owner

Thanks. Sadly I didn't really add enough debug information to the function (only the tool) when running in debug mode, whoops.

In 46aa572 I have submitted a patch that adds this debug information. Please re-run it. This just adds debug information so I don't expect it to fix the problem, just to provide more complete logs.

Looking at the Linux documentation for user_namespaces(7), this could be due to the lack of CAP_SETFCAP. So here are some things to try:

  • Try to run cat /proc/self/status inside the Docker container and see what it says. (This will include the capability masks and also some other valuable info)
  • Try to run apt-get update && apt-get install -y libcap2-bin && capsh --print inside the Docker container and see what it says. (This will print the capabilities in human-readable form.)
  • Try to run unshare --map-root-user cat /proc/self/status inside the Docker container and see what it says. (This will try to do roughly what this part of the code in write_uid_map does.)
  • Can you add --cap-add=SETFCAP to the docker run command-line and then run the above three commands (cat /proc/self/status and apt-get update && apt-get install -y libcap2-bin && capsh --print and unshare --map-root-user cat /proc/self/status) inside that container?
  • If that works, can you run python3 run_code.py --self_test inside the container that has --cap-add=SETFCAP?
  • If that works, then I think we figured it out. Otherwise please post the debug logs again (you can also get these by running python3 run_code.py --use_sample_code --debug)

@phpia
Copy link
Author

phpia commented Oct 7, 2024

Hi @EtiennePerot , first thanks for you time.
Running command inside the docker containet I get the next error:
root@e5fdfecb16f9:/app# unshare --map-root-user cat /proc/self/status
unshare: write failed /proc/self/uid_map: Operation not permitted

chat-export-1728313256649.json

@EtiennePerot
Copy link
Owner

Thanks, this at least isolates the issue. Can you run the other commands in the docker container, without unshare --map-root-user?

  • cat /proc/self/status
  • apt-get update && apt-get install -y libcap2-bin && capsh --print

@phpia
Copy link
Author

phpia commented Oct 9, 2024

Hi, I was running docker without this command :)

@a-rbts
Copy link

a-rbts commented Oct 9, 2024

Hello, I am encountering a similar error message when hitting the button to run code after having set up the function, I suspect this is how OP started to look at the issue too.

Sandbox exception: OSError: write_uid_map (#1): [Errno 1] Operation not permitted (other attempts: write_uid_map (#2): [Errno 1] Operation not permitted; write_uid_map (#3): [Errno 1] Operation not permitted); unshare_user (euid=0 egid=0 pid=293 do_resource_limiting=True initial_cgroup_name=None codeeval_cgroup_name=None controllers=None) Name=python Umask=0022 State=R (running) Uid=65534 65534 65534 65534 Gid=65534 65534 65534 65534 Groups=65534 NStgid=293 NSpid=293 NSpgid=1 CapInh=0000000000000000 CapPrm=000001ffffffffff CapEff=000001ffffffffff CapBnd=000001ffffffffff CapAmb=0000000000000000 NoNewPrivs=0 Seccomp=0 Seccomp_filters=0

Based on the previous conversations I have tried the same steps, and ended up with the same issues as OP.

Getting to the last step, I have added the option --cap-add=SETFCAP to docker run and tried the different calls. Here are the results in order:

root@3918feaaeffd:/app/backend# python3 run_code.py --use_sample_code --debug
Emitting status event: {'status': 'in_progress', 'description': 'Checking for updates...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking for updates...', 'done': False}}
Emitting status event: {'status': 'in_progress', 'description': 'Checking for updates...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking for updates...', 'done': False}}
Emitting status event: {'status': 'in_progress', 'description': 'Checking messages for code blocks...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking messages for code blocks...', 'done': False}}
Emitting status event: {'status': 'in_progress', 'description': 'Checking messages for code blocks...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking messages for code blocks...', 'done': False}}
Emitting status event: {'status': 'in_progress', 'description': 'Checking if environment supports sandboxing...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking if environment supports sandboxing...', 'done': False}}
Emitting status event: {'status': 'in_progress', 'description': 'Checking if environment supports sandboxing...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking if environment supports sandboxing...', 'done': False}}
Emitting status event: {'status': 'in_progress', 'description': 'Initializing sandbox configuration...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Initializing sandbox configuration...', 'done': False}}
Emitting status event: {'status': 'in_progress', 'description': 'Initializing sandbox configuration...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Initializing sandbox configuration...', 'done': False}}
Emitting status event: {'status': 'in_progress', 'description': 'Running Python code in gVisor sandbox...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Running Python code in gVisor sandbox...', 'done': False}}
Emitting status event: {'status': 'in_progress', 'description': 'Running Python code in gVisor sandbox...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Running Python code in gVisor sandbox...', 'done': False}}
Emitting status event: {'status': 'error', 'description': '[DEBUG MODE] Sandbox exception: OSError: write_uid_map (#1): [Errno 1] Operation not permitted (other attempts: write_uid_map (#2): [Errno 1] Operation not permitted; write_uid_map (#3): [Errno 1] Operation not permitted); unshare_user (euid=0 egid=0 pid=513 do_resource_limiting=True initial_cgroup_name=None codeeval_cgroup_name=None controllers=None) Name=python3 Umask=0022 State=R (running) Uid=65534\t65534\t65534\t65534 Gid=65534\t65534\t65534\t65534 Groups=65534 NStgid=513 NSpid=513 NSpgid=511 CapInh=0000000000000000 CapPrm=000001ffffffffff CapEff=000001ffffffffff CapBnd=000001ffffffffff CapAmb=0000000000000000 NoNewPrivs=0 Seccomp=0 Seccomp_filters=0; body={'messages': [{'role': 'assistant', 'content': "python\\nprint(\'Hello from the sandbox!\')\\nimport datetime, sys\\nprint(\'Current date and time:\', datetime.datetime.now())\\nsys.stdout.flush()\\nimport shutil, subprocess\\nsubprocess.run([shutil.which(\'dmesg\')], check=True)\\nprint(\'Bye from the sandbox!\')\\n\\n\n"}]}; valves=[NETWORKING_ALLOWED=True MAX_RUNTIME_SECONDS=30 MAX_RAM_MEGABYTES=128 AUTO_INSTALL=True CHECK_FOR_UPDATES=True DEBUG=True MAX_FILES_PER_EXECUTION=32 MAX_FILES_PER_USER=4096 MAX_MEGABYTES_PER_USER=256 REQUIRE_RESOURCE_LIMITING=True WEB_ACCESSIBLE_DIRECTORY_PATH='$DATA_DIR/cache/functions/run_code' WEB_ACCESSIBLE_DIRECTORY_URL='/cache/functions/run_code']', 'done': True}
Event: {'type': 'status', 'data': {'status': 'error', 'description': '[DEBUG MODE] Sandbox exception: OSError: write_uid_map (#1): [Errno 1] Operation not permitted (other attempts: write_uid_map (#2): [Errno 1] Operation not permitted; write_uid_map (#3): [Errno 1] Operation not permitted); unshare_user (euid=0 egid=0 pid=513 do_resource_limiting=True initial_cgroup_name=None codeeval_cgroup_name=None controllers=None) Name=python3 Umask=0022 State=R (running) Uid=65534\t65534\t65534\t65534 Gid=65534\t65534\t65534\t65534 Groups=65534 NStgid=513 NSpid=513 NSpgid=511 CapInh=0000000000000000 CapPrm=000001ffffffffff CapEff=000001ffffffffff CapBnd=000001ffffffffff CapAmb=0000000000000000 NoNewPrivs=0 Seccomp=0 Seccomp_filters=0; body={'messages': [{'role': 'assistant', 'content': "python\\nprint(\'Hello from the sandbox!\')\\nimport datetime, sys\\nprint(\'Current date and time:\', datetime.datetime.now())\\nsys.stdout.flush()\\nimport shutil, subprocess\\nsubprocess.run([shutil.which(\'dmesg\')], check=True)\\nprint(\'Bye from the sandbox!\')\\n\\n\n"}]}; valves=[NETWORKING_ALLOWED=True MAX_RUNTIME_SECONDS=30 MAX_RAM_MEGABYTES=128 AUTO_INSTALL=True CHECK_FOR_UPDATES=True DEBUG=True MAX_FILES_PER_EXECUTION=32 MAX_FILES_PER_USER=4096 MAX_MEGABYTES_PER_USER=256 REQUIRE_RESOURCE_LIMITING=True WEB_ACCESSIBLE_DIRECTORY_PATH='$DATA_DIR/cache/functions/run_code' WEB_ACCESSIBLE_DIRECTORY_URL='/cache/functions/run_code']', 'done': True}}
{"status": "SANDBOX_ERROR", "output": "Sandbox exception: OSError: write_uid_map (#1): [Errno 1] Operation not permitted (other attempts: write_uid_map (#2): [Errno 1] Operation not permitted; write_uid_map (#3): [Errno 1] Operation not permitted); unshare_user (euid=0 egid=0 pid=513 do_resource_limiting=True initial_cgroup_name=None codeeval_cgroup_name=None controllers=None) Name=python3 Umask=0022 State=R (running) Uid=65534\t65534\t65534\t65534 Gid=65534\t65534\t65534\t65534 Groups=65534 NStgid=513 NSpid=513 NSpgid=511 CapInh=0000000000000000 CapPrm=000001ffffffffff CapEff=000001ffffffffff CapBnd=000001ffffffffff CapAmb=0000000000000000 NoNewPrivs=0 Seccomp=0 Seccomp_filters=0"}

root@3918feaaeffd:/app/backend# cat /proc/self/status
Name: cat
Umask: 0022
State: R (running)
Tgid: 52
Ngid: 0
Pid: 52
PPid: 18
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 256
Groups: 0
NStgid: 52
NSpid: 52
NSpgid: 52
NSsid: 18
Kthread: 0
VmPeak: 2792 kB
VmSize: 2792 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM: 1408 kB
VmRSS: 1408 kB
RssAnon: 0 kB
RssFile: 1408 kB
RssShmem: 0 kB
VmData: 356 kB
VmStk: 132 kB
VmExe: 36 kB
VmLib: 1728 kB
VmPTE: 40 kB
VmSwap: 0 kB
HugetlbPages: 0 kB
CoreDumping: 0
THP_enabled: 1
untag_mask: 0xffffffffffffff
Threads: 1
SigQ: 1/7662
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000000000
SigCgt: 0000000000000000
CapInh: 0000000000000000
CapPrm: 00000000a80425fb
CapEff: 00000000a80425fb
CapBnd: 00000000a80425fb
CapAmb: 0000000000000000
NoNewPrivs: 0
Seccomp: 0
Seccomp_filters: 0
Speculation_Store_Bypass: vulnerable
SpeculationIndirectBranch: unknown
Cpus_allowed: 3
Cpus_allowed_list: 0-1
Mems_allowed: 00000000,00000001
Mems_allowed_list: 0
voluntary_ctxt_switches: 0
nonvoluntary_ctxt_switches: 2

root@3918feaaeffd:/app/backend# apt-get update && apt-get install -y libcap2-bin && capsh --print
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian bookworm/main arm64 Packages [8689 kB]
Get:5 http://deb.debian.org/debian bookworm-updates/main arm64 Packages [2468 B]
Get:6 http://deb.debian.org/debian-security bookworm-security/main arm64 Packages [185 kB]
Fetched 9131 kB in 3s (3626 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
libpam-cap
The following NEW packages will be installed:
libcap2-bin libpam-cap
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 48.4 kB of archives.
After this operation, 417 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main arm64 libcap2-bin arm64 1:2.66-4 [33.9 kB]
Get:2 http://deb.debian.org/debian bookworm/main arm64 libpam-cap arm64 1:2.66-4 [14.5 kB]
Fetched 48.4 kB in 0s (202 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package libcap2-bin.
(Reading database ... 17989 files and directories currently installed.)
Preparing to unpack .../libcap2-bin_1%3a2.66-4_arm64.deb ...
Unpacking libcap2-bin (1:2.66-4) ...
Selecting previously unselected package libpam-cap:arm64.
Preparing to unpack .../libpam-cap_1%3a2.66-4_arm64.deb ...
Unpacking libpam-cap:arm64 (1:2.66-4) ...
Setting up libcap2-bin (1:2.66-4) ...
Setting up libpam-cap:arm64 (1:2.66-4) ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.)
debconf: falling back to frontend: Readline
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
Ambient set =
Current IAB: !cap_dac_read_search,!cap_linux_immutable,!cap_net_broadcast,!cap_net_admin,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_lease,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: HYBRID (4)

root@3918feaaeffd:/app/backend# unshare --map-root-user cat /proc/self/status
unshare: write failed /proc/self/uid_map: Operation not permitted

So adding --cap-add=SETFCAP doesn't seem to make any difference.

@EtiennePerot
Copy link
Owner

EtiennePerot commented Nov 3, 2024

Thanks all. Still unclear as to what could be causing this, but one possible avenue is that the container may not be running as UID 0. I see Uid=65534 65534 65534 65534 in the logs from both @phpia and @a-rbts. On my machine, this isn't what I get:

$ docker run --rm -it ubuntu cat /proc/self/status | grep Uid
Uid:    0       0       0       0

However if I set a specific user, the output is more similar:

$ docker run --rm -it --user=nobody ubuntu cat /proc/self/status | grep Uid
Uid:    65534   65534   65534   65534

Do you perhaps have a USER line in the Dockerfile you use for Open WebUI, or are executing the Open WebUI server with sudo -u some_other_user? (If you have a custom Dockerfile, can you include it?)

I wrote the following script to print a whole lot of debug info that may be relevant. It is meant to run outside of a container, on the machine that is running the Docker daemon. Save it as a shell script (make sure to check the docker_run line that may need to be modified), then chmod 755 it, run it, and provide the output:

#!/bin/bash

set -x

# Edit this to match how you run Open WebUI, but:
#   - Remove the `--restart always` option
#   - Remove the `-d` (or `--detach`) option
#   - Remove the `--name` option
#   - Add `--rm -i`
#   - If you have /home/ubuntu/seccomp.gvisor.json present, then replace `--security-opt=seccomp=unconfined` with `--security-opt=seccomp=/home/ubuntu/seccomp.gvisor.json`
docker_run=(
  sudo
  docker run
    --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false
    --security-opt=seccomp=unconfined
    --security-opt=apparmor=unconfined
    --security-opt=label=type:container_engine_t
    -p 3000:8080
    -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL="https://xxxxxxx/" -e MICROSOFT_REDIRECT_URI="XXXXX" -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX
    -v open-webui:/app/backend/data
    --rm -i
    ghcr.io/open-webui/open-webui:main
)

header() {
  set +x
  echo '' >&2
  echo "========" "$@" "========" >&2
  set -x
}

header 'uname:'
uname -a
header 'Environment (user):'
env
header 'Environment (sudo):'
sudo env
header 'Docker command (user):'
which docker
if file "$(which docker)" | grep -i ascii; then
  cat "$(which docker)"
fi
docker info
header 'Docker command (sudo):'
sudo which docker
if sudo file "$(sudo which docker)" | grep -i ascii; then
  sudo cat "$(sudo which docker)"
fi
sudo docker info
header "Docker daemon processes:"
ps aux | grep dockerd
header "Docker daemon process status:"
for p in $(pidof dockerd); do
    sudo cat "/proc/$p/status"
done
useful_configs=(
  /etc/docker/daemon.json
  /etc/subuid
  /etc/subgid
  /etc/lsb-release
  /etc/os-release
  "$HOME/.config/docker/daemon.json"
)
for f in "${useful_configs[@]}"; do
  header "$f outside container:"
  sudo cat "$f"
done
header 'Namespaces outside container:'
ls -l /proc/self/ns
header 'Namespaces outside container (sudo):'
sudo ls -l /proc/self/ns
header 'Namespaces inside container:'
"${docker_run[@]}" ls -l /proc/self/ns
useful_files=(
  /proc/self/status
  /proc/self/mountinfo
  /proc/self/uid_map
  /proc/sys/kernel/unprivileged_userns_clone
  /proc/sys/kernel/unprivileged_userns_apparmor_policy
  /proc/sys/user/max_user_namespaces
)
for f in "${useful_files[@]}"; do
  header "$f outside container:"
  cat "$f"
  header "$f outside container with sudo:"
  sudo cat "$f"
  header "$f inside container:"
  "${docker_run[@]}" cat "$f"
done
header 'Hello world in container with strace:'
strace -ff "${docker_run[@]}" echo 'hello world'
header 'In-container process as observed from outside:'
"${docker_run[@]}" bash -c 'sleep 14; echo asdfasdf' &
docker_pid="$!"
sleep 6
contained_psaux="$(sudo ps aux | grep -P 'sleep 14; echo asdfasdf' | grep -v grep)"
echo "$contained_psaux"
for p in $(echo "$contained_psaux" | awk '{print $2}'); do
  sudo cat "/proc/$p/status"
  sudo cat "/proc/$p/uid_map"
  sudo cat "/proc/$p/gid_map"
  sudo ls -l "/proc/$p/ns"
done
wait "$docker_pid"
header 'capsh outside container:'
capsh --print
header 'capsh outside container with sudo:'
sudo capsh --print
header 'capsh inside container:'
"${docker_run[@]}" bash -c 'apt-get update && apt-get install -y libcap2-bin && capsh --print'
header 'Downloading gVisor:'
wget -q "https://storage.googleapis.com/gvisor/releases/release/latest/$(uname -m)/runsc" -O "$HOME/runsc"
chmod 555 "$HOME/runsc"
header 'gVisor in rootless mode outside container:'
"$HOME/runsc" --rootless --network=none --ignore-cgroups=true --debug-log=/dev/stderr --host-settings=check do echo hi
header 'gVisor in rootful mode outside container:'
sudo "$HOME/runsc" --network=none --ignore-cgroups=true --debug-log=/dev/stderr --host-settings=check do echo hi
rm -f "$HOME/runsc"
header 'gVisor in rootless mode in container:'
"${docker_run[@]}" bash -c 'apt-get update && apt-get install -y wget && wget -q "https://storage.googleapis.com/gvisor/releases/release/latest/$(uname -m)/runsc" -O "$HOME/runsc" && chmod 555 "$HOME/runsc" && "$HOME/runsc" --rootless --network=none --ignore-cgroups=true --debug-log=/dev/stderr --host-settings=check do echo hi'
header 'gVisor in rootful mode in container:'
"${docker_run[@]}" bash -c 'apt-get update && apt-get install -y wget && wget -q "https://storage.googleapis.com/gvisor/releases/release/latest/$(uname -m)/runsc" -O "$HOME/runsc" && chmod 555 "$HOME/runsc" && "$HOME/runsc" --network=none --ignore-cgroups=true --debug-log=/dev/stderr --host-settings=check do echo hi'
header 'unshare with strace inside container:'
"${docker_run[@]}" bash -c 'apt-get update && apt-get install -y strace && strace -ff unshare --map-root-user cat /proc/self/status'
header 'Code execution outside container:'
wget -q 'https://raw.githubusercontent.com/EtiennePerot/safe-code-execution/refs/heads/master/open-webui/tools/run_code.py' -O /tmp/run_code.py
CODE_EVAL_VALVE_OVERRIDE_REQUIRE_RESOURCE_LIMITING=false python3 /tmp/run_code.py --use_sample_code --debug
header 'Code execution outside container with sudo:'
CODE_EVAL_VALVE_OVERRIDE_REQUIRE_RESOURCE_LIMITING=false sudo python3 /tmp/run_code.py --use_sample_code --debug
rm -f /tmp/run_code.py
header 'Code execution inside container:'
"${docker_run[@]}" bash -c 'apt-get update && apt-get install -y wget && wget -q "https://raw.githubusercontent.com/EtiennePerot/safe-code-execution/refs/heads/master/open-webui/tools/run_code.py" -O /tmp/run_code.py && CODE_EVAL_VALVE_OVERRIDE_REQUIRE_RESOURCE_LIMITING=false python3 /tmp/run_code.py --use_sample_code --debug'

@benhaotang
Copy link

benhaotang commented Nov 6, 2024

this is my running result on ubuntu 24.04.1

(EDIT by @EtiennePerot: Removed old script output; see comment below for updated output)

I already followed the document of docker to setup rootless mode to bypass the new ubuntu kernel limitations, but it seems that /proc is still not properly mounted.

@EtiennePerot
Copy link
Owner

Thanks. I updated the script above with more files and after adding the --ignore-cgroups=true flag to gVisor to skip over the cgroups error (which isn't relevant to this issue). If you can run it again and update the comment above, that'd be helpful. I suspect the issue is specific to the fact that you are running Docker in rootless mode, but I need to set that up before I can confirm this.

@benhaotang
Copy link

Please have a look. But one thing to point out, before I set up rootless mode, I already experienced the exact same problem described by the other two users previously, so I look up online and someone point out a certain webpage saying that ubuntu 24.04 has increased the limit on docker and kernel itself, and someone on stack exchange suggested setting up rootless mode, so I followed the docker documentation to setup rootless mode.
Based on my testing using the hard way instruction, in default mode, the hard way at least can start openwebui properly, just unable to run any code in gVisor, in rootless mode, it will complain unable to bind /proc and docker process will stop immediately. so actually I am always running in default mode with the easy way now because my server is in a private network, I don't know if setting up rootless mode will affact default mode as well, but I can confirm that this problem comes before I setting up rootless mode.

Here is the output

+ docker_run=(sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL="https://xxxxxxx/" -e MICROSOFT_REDIRECT_URI="XXXXX" -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main)
+ echo uname:
uname:
+ uname -a
Linux USERNAME-homelab 6.8.0-48-generic #48-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 27 14:04:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
+ echo 'Docker daemon config:'
Docker daemon config:
+ sudo cat /etc/docker/daemon.json
[sudo] password for USERNAME:
{
    "features": {
        "buildkit": true
    },
    "data-root": "/mnt/largefs/docker"
}
+ echo 'Docker daemon process:'
Docker daemon process:
+ ps aux
+ grep dockerd
USERNAME+    1264  0.0  0.0 1752704 5120 ?        Ssl  Nov08   0:00 rootlesskit --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
USERNAME+    1288  0.0  0.0 1752448 4736 ?        Sl   Nov08   0:00 /proc/self/exe --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
USERNAME+    1332  0.0  0.0 2357320 26924 ?       Sl   Nov08   0:16 dockerd
root        1783  0.0  0.1 5024380 61360 ?       Ssl  Nov08   1:46 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
USERNAME+ 1005218  0.0  0.0   9144  2304 pts/0    S+   11:25   0:00 grep dockerd
+ echo 'Docker daemon process status:'
Docker daemon process status:
++ pidof dockerd
+ sudo cat '/proc/1783 1332/status'
cat: '/proc/1783 1332/status': No such file or directory
+ useful_files=(/proc/self/status /proc/self/mountinfo /proc/self/uid_map /proc/sys/kernel/unprivileged_userns_clone /proc/sys/kernel/unprivileged_userns_apparmor_policy /proc/sys/user/max_user_namespaces /etc/subuid /etc/subgid "$HOME/.config/docker/daemon.json")
+ for f in "${useful_files[@]}"
+ echo '/proc/self/status outside container:'
/proc/self/status outside container:
+ cat /proc/self/status
Name:   cat
Umask:  0002
State:  R (running)
Tgid:   1005223
Ngid:   0
Pid:    1005223
PPid:   1005195
TracerPid:      0
Uid:    1000    1000    1000    1000
Gid:    1000    1000    1000    1000
FDSize: 256
Groups: 4 24 27 30 44 46 100 114 987 988 992 1000
NStgid: 1005223
NSpid:  1005223
NSpgid: 1005195
NSsid:  1004781
Kthread:        0
VmPeak:     8428 kB
VmSize:     8428 kB
VmLck:         0 kB
VmPin:         0 kB
VmHWM:      1792 kB
VmRSS:      1792 kB
RssAnon:               0 kB
RssFile:            1792 kB
RssShmem:              0 kB
VmData:      360 kB
VmStk:       132 kB
VmExe:        20 kB
VmLib:      1748 kB
VmPTE:        56 kB
VmSwap:        0 kB
HugetlbPages:          0 kB
CoreDumping:    0
THP_enabled:    1
untag_mask:     0xffffffffffffffff
Threads:        1
SigQ:   0/126964
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000000000
SigCgt: 0000000000000000
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000
NoNewPrivs:     0
Seccomp:        0
Seccomp_filters:        0
Speculation_Store_Bypass:       thread vulnerable
SpeculationIndirectBranch:      conditional enabled
Cpus_allowed:   ff
Cpus_allowed_list:      0-7
Mems_allowed:   00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
Mems_allowed_list:      0
voluntary_ctxt_switches:        0
nonvoluntary_ctxt_switches:     0
x86_Thread_features:
x86_Thread_features_locked:
+ echo '/proc/self/status outside container with sudo:'
/proc/self/status outside container with sudo:
+ sudo cat /proc/self/status
Name:   cat
Umask:  0022
State:  R (running)
Tgid:   1005226
Ngid:   0
Pid:    1005226
PPid:   1005225
TracerPid:      0
Uid:    0       0       0       0
Gid:    0       0       0       0
FDSize: 64
Groups: 0
NStgid: 1005226
NSpid:  1005226
NSpgid: 1005226
NSsid:  1005225
Kthread:        0
VmPeak:     8428 kB
VmSize:     8428 kB
VmLck:         0 kB
VmPin:         0 kB
VmHWM:      1792 kB
VmRSS:      1792 kB
RssAnon:               0 kB
RssFile:            1792 kB
RssShmem:              0 kB
VmData:      360 kB
VmStk:       132 kB
VmExe:        20 kB
VmLib:      1748 kB
VmPTE:        56 kB
VmSwap:        0 kB
HugetlbPages:          0 kB
CoreDumping:    0
THP_enabled:    1
untag_mask:     0xffffffffffffffff
Threads:        1
SigQ:   1/126964
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000000000
SigCgt: 0000000000000000
CapInh: 0000000000000000
CapPrm: 000001ffffffffff
CapEff: 000001ffffffffff
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000
NoNewPrivs:     0
Seccomp:        0
Seccomp_filters:        0
Speculation_Store_Bypass:       thread vulnerable
SpeculationIndirectBranch:      conditional enabled
Cpus_allowed:   ff
Cpus_allowed_list:      0-7
Mems_allowed:   00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
Mems_allowed_list:      0
voluntary_ctxt_switches:        0
nonvoluntary_ctxt_switches:     1
x86_Thread_features:
x86_Thread_features_locked:
+ echo '/proc/self/status inside container:'
/proc/self/status inside container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main cat /proc/self/status
Name:   cat
Umask:  0022
State:  R (running)
Tgid:   1
Ngid:   0
Pid:    1
PPid:   0
TracerPid:      0
Uid:    0       0       0       0
Gid:    0       0       0       0
FDSize: 64
Groups: 0
NStgid: 1
NSpid:  1
NSpgid: 1
NSsid:  1
Kthread:        0
VmPeak:     3044 kB
VmSize:     3044 kB
VmLck:         0 kB
VmPin:         0 kB
VmHWM:      1408 kB
VmRSS:      1408 kB
RssAnon:               0 kB
RssFile:            1408 kB
RssShmem:              0 kB
VmData:      360 kB
VmStk:       132 kB
VmExe:        20 kB
VmLib:      1520 kB
VmPTE:        44 kB
VmSwap:        0 kB
HugetlbPages:          0 kB
CoreDumping:    0
THP_enabled:    1
untag_mask:     0xffffffffffffffff
Threads:        1
SigQ:   3/126964
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000000000
SigCgt: 0000000000000000
CapInh: 0000000000000000
CapPrm: 00000000a80425fb
CapEff: 00000000a80425fb
CapBnd: 00000000a80425fb
CapAmb: 0000000000000000
NoNewPrivs:     0
Seccomp:        0
Seccomp_filters:        0
Speculation_Store_Bypass:       thread vulnerable
SpeculationIndirectBranch:      conditional enabled
Cpus_allowed:   ff
Cpus_allowed_list:      0-7
Mems_allowed:   00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
Mems_allowed_list:      0
voluntary_ctxt_switches:        14
nonvoluntary_ctxt_switches:     4
x86_Thread_features:
x86_Thread_features_locked:
+ for f in "${useful_files[@]}"
+ echo '/proc/self/mountinfo outside container:'
/proc/self/mountinfo outside container:
+ cat /proc/self/mountinfo
25 30 0:23 / /sys rw,nosuid,nodev,noexec,relatime shared:7 - sysfs sysfs rw
26 30 0:24 / /proc rw,nosuid,nodev,noexec,relatime shared:13 - proc proc rw
27 30 0:5 / /dev rw,nosuid,relatime shared:2 - devtmpfs udev rw,size=16251480k,nr_inodes=4062870,mode=755,inode64
28 27 0:25 / /dev/pts rw,nosuid,noexec,relatime shared:3 - devpts devpts rw,gid=5,mode=620,ptmxmode=000
29 30 0:26 / /run rw,nosuid,nodev,noexec,relatime shared:5 - tmpfs tmpfs rw,size=3263108k,mode=755,inode64
30 1 259:2 / / rw,relatime shared:1 - ext4 /dev/nvme0n1p2 rw
31 25 0:6 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:8 - securityfs securityfs rw
32 27 0:27 / /dev/shm rw,nosuid,nodev shared:4 - tmpfs tmpfs rw,inode64
33 29 0:28 / /run/lock rw,nosuid,nodev,noexec,relatime shared:6 - tmpfs tmpfs rw,size=5120k,inode64
34 25 0:29 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:9 - cgroup2 cgroup2 rw,nsdelegate,memory_recursiveprot
35 25 0:30 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:10 - pstore pstore rw
36 25 0:31 / /sys/firmware/efi/efivars rw,nosuid,nodev,noexec,relatime shared:11 - efivarfs efivarfs rw
37 25 0:32 / /sys/fs/bpf rw,nosuid,nodev,noexec,relatime shared:12 - bpf bpf rw,mode=700
38 26 0:33 / /proc/sys/fs/binfmt_misc rw,relatime shared:14 - autofs systemd-1 rw,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=10485
39 27 0:20 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:15 - mqueue mqueue rw
40 27 0:34 / /dev/hugepages rw,nosuid,nodev,relatime shared:16 - hugetlbfs hugetlbfs rw,pagesize=2M
41 25 0:7 / /sys/kernel/debug rw,nosuid,nodev,noexec,relatime shared:17 - debugfs debugfs rw
42 25 0:12 / /sys/kernel/tracing rw,nosuid,nodev,noexec,relatime shared:18 - tracefs tracefs rw
43 25 0:21 / /sys/kernel/config rw,nosuid,nodev,noexec,relatime shared:19 - configfs configfs rw
44 25 0:35 / /sys/fs/fuse/connections rw,nosuid,nodev,noexec,relatime shared:20 - fusectl fusectl rw
46 30 7:0 / /snap/bare/5 ro,nodev,relatime shared:30 - squashfs /dev/loop0 ro,errors=continue,threads=single
48 30 7:1 / /snap/core22/1621 ro,nodev,relatime shared:46 - squashfs /dev/loop1 ro,errors=continue,threads=single
50 30 7:3 / /snap/firefox/5134 ro,nodev,relatime shared:48 - squashfs /dev/loop3 ro,errors=continue,threads=single
52 30 7:2 / /snap/core22/1663 ro,nodev,relatime shared:50 - squashfs /dev/loop2 ro,errors=continue,threads=single
54 30 7:4 / /snap/firefox/5187 ro,nodev,relatime shared:52 - squashfs /dev/loop4 ro,errors=continue,threads=single
56 30 7:5 / /snap/gtk-common-themes/1535 ro,nodev,relatime shared:54 - squashfs /dev/loop5 ro,errors=continue,threads=single
58 30 7:6 / /snap/gnome-42-2204/176 ro,nodev,relatime shared:56 - squashfs /dev/loop6 ro,errors=continue,threads=single
60 30 7:7 / /snap/snapd/21759 ro,nodev,relatime shared:58 - squashfs /dev/loop7 ro,errors=continue,threads=single
63 30 259:1 / /boot/efi rw,relatime shared:60 - vfat /dev/nvme0n1p1 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro
65 30 8:1 / /mnt/largefs rw,relatime shared:62 - ext4 /dev/sda1 rw
91 38 0:37 / /proc/sys/fs/binfmt_misc rw,nosuid,nodev,noexec,relatime shared:64 - binfmt_misc binfmt_misc rw
122 29 0:47 / /run/user/1000 rw,nosuid,nodev,relatime shared:377 - tmpfs tmpfs rw,size=3263104k,nr_inodes=815776,mode=700,uid=1000,gid=1000,inode64
787 65 0:62 / /mnt/largefs/docker/overlay2/7a0fb2bb6ac067208ba9950e0cf85c8b74e34eff5f90e8dc7d3495e0e6b20e35/merged rw,relatime shared:678 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/HAN4PMC66TOMPG5AI5Z3775Q65:/mnt/largefs/docker/overlay2/l/EUAGFRVLRVDIPUNBVBN53PNXA2:/mnt/largefs/docker/overlay2/l/6WVVH2IQKADQADRZMUUWYXTEGY:/mnt/largefs/docker/overlay2/l/PSW4JWDDEYNGD2JZOMXIU7WJLA,upperdir=/mnt/largefs/docker/overlay2/7a0fb2bb6ac067208ba9950e0cf85c8b74e34eff5f90e8dc7d3495e0e6b20e35/diff,workdir=/mnt/largefs/docker/overlay2/7a0fb2bb6ac067208ba9950e0cf85c8b74e34eff5f90e8dc7d3495e0e6b20e35/work,nouserxattr
813 65 0:65 / /mnt/largefs/docker/overlay2/550f7630c46eef01ca2da04c5cce5c4a7e0be72d6a17471b5545803e579e5bbe/merged rw,relatime shared:692 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/RLUA7ROAUIDVLQ7WSSZGBJVWTM:/mnt/largefs/docker/overlay2/l/WOIZNEH4OU4VKC5CDQQHCKZFBI:/mnt/largefs/docker/overlay2/l/KMAOWGP5RWFBNOS226XUSWD53O:/mnt/largefs/docker/overlay2/l/5DCY5SXTGHSYDFHUXIO2JWNDWS:/mnt/largefs/docker/overlay2/l/JTLJVLAN4NZBMLBF2H3EW6QWJW:/mnt/largefs/docker/overlay2/l/2NF2RBQEFTICEX4GBQBZWDIIDC:/mnt/largefs/docker/overlay2/l/CLKOQWXVFK2QN7242KZB2GP5VC:/mnt/largefs/docker/overlay2/l/EXYXT4I6T2JWXA2LTBMP3ZMXDY:/mnt/largefs/docker/overlay2/l/PS62EQBLQ2S4STLWCJFNXLW67M,upperdir=/mnt/largefs/docker/overlay2/550f7630c46eef01ca2da04c5cce5c4a7e0be72d6a17471b5545803e579e5bbe/diff,workdir=/mnt/largefs/docker/overlay2/550f7630c46eef01ca2da04c5cce5c4a7e0be72d6a17471b5545803e579e5bbe/work,nouserxattr
837 65 0:64 / /mnt/largefs/docker/overlay2/545c5bd67f731d83986130edef51c1dc8722684872286da0cfbf96fb30663605/merged rw,relatime shared:706 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/U3ZG6EINET3JKQ2QI72HY3E3XJ:/mnt/largefs/docker/overlay2/l/J5PHBAUHDUIEOSJTA4COHYBBVR:/mnt/largefs/docker/overlay2/l/HK2BAK4CLNINVXDZC7G7BR5KE6:/mnt/largefs/docker/overlay2/l/HCFSVAUNGZ5KBTTWYK4GBKX477:/mnt/largefs/docker/overlay2/l/NQ4YVKUKDGKZILDGVKO6DXDTF2:/mnt/largefs/docker/overlay2/l/PVERNA56XDLSZISN4YWB2XIMV7:/mnt/largefs/docker/overlay2/l/72SW3OOGMCLN7LZ3SZ3SUZ4NYQ:/mnt/largefs/docker/overlay2/l/FJB6ILGZ5ZFYMMZQBMON5KQ7ET:/mnt/largefs/docker/overlay2/l/PS62EQBLQ2S4STLWCJFNXLW67M,upperdir=/mnt/largefs/docker/overlay2/545c5bd67f731d83986130edef51c1dc8722684872286da0cfbf96fb30663605/diff,workdir=/mnt/largefs/docker/overlay2/545c5bd67f731d83986130edef51c1dc8722684872286da0cfbf96fb30663605/work,nouserxattr
869 65 0:68 / /mnt/largefs/docker/overlay2/a82f81338c53948ca759dc569145e3682e01226d7a26d90d02584405e128259c/merged rw,relatime shared:720 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/SGFH4J5HTAXDNBVWDIUQ3YIHLT:/mnt/largefs/docker/overlay2/l/XBNDSV3ITYRXIYNWHXCEND6UDG:/mnt/largefs/docker/overlay2/l/2JJMSWKNKCADMFPDDI4S6ZB3SA:/mnt/largefs/docker/overlay2/l/YHVJLBPZ7C47TEWOY26MX4MUD7:/mnt/largefs/docker/overlay2/l/DYNRLWOKHZDNVUT54PWIEFCZSS:/mnt/largefs/docker/overlay2/l/O26JXS6273QEGL2442ZQPFJIQ6:/mnt/largefs/docker/overlay2/l/NICUJRT6BY56JRZI3UNOOM7NTQ:/mnt/largefs/docker/overlay2/l/KEKJCRBCLNBRQHLQPOXP7CZQUT:/mnt/largefs/docker/overlay2/l/YWJVRIAVA5RKGVKBEQFEGPF3MP:/mnt/largefs/docker/overlay2/l/U5DB5WTEDXXAUVWC4RV53SJ73B:/mnt/largefs/docker/overlay2/l/72OBH3B3JVXQJUX2AIYGOU4R4P:/mnt/largefs/docker/overlay2/l/XREDGZ4SZV4UZLK6WJAYFTY24W:/mnt/largefs/docker/overlay2/l/3HABMPR3SPYOVDO3FH4IND73VO:/mnt/largefs/docker/overlay2/l/Z4VIVZDCPWCYFQZRKDNSLBGAW4:/mnt/largefs/docker/overlay2/l/E76FTEFD2E5NH6P66IKHAS2PHL,upperdir=/mnt/largefs/docker/overlay2/a82f81338c53948ca759dc569145e3682e01226d7a26d90d02584405e128259c/diff,workdir=/mnt/largefs/docker/overlay2/a82f81338c53948ca759dc569145e3682e01226d7a26d90d02584405e128259c/work,nouserxattr
901 65 0:69 / /mnt/largefs/docker/overlay2/95ada13ac6eb880242e0ac092efedeb30c82c6440903c20b9f87db1a3e6a1457/merged rw,relatime shared:734 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/GKEUWVVF2QZ7T7CHZQBSJGTSF3:/mnt/largefs/docker/overlay2/l/VQHR6QDAERQO6LI777H2LM35TV:/mnt/largefs/docker/overlay2/l/4XNLBALQUNNCA4ABNK3M426MKB:/mnt/largefs/docker/overlay2/l/KZO5UY3MZRPLFXWVMXPF7KT52X:/mnt/largefs/docker/overlay2/l/M4JR7O4VXKUNXA7Y4567O2TPP7:/mnt/largefs/docker/overlay2/l/LI5F5RB4QFZZK7DGQB7SIENELQ:/mnt/largefs/docker/overlay2/l/RKJ2FW4GMDMHFHKFT6YPR64LCY:/mnt/largefs/docker/overlay2/l/5QGWVSIKOP4SL724RHJQR2LFDB:/mnt/largefs/docker/overlay2/l/QCR242UJ4DGGCGXIVNA6AHNHZU:/mnt/largefs/docker/overlay2/l/EZT43KGOKTCK4KJDKB77WEB6UB:/mnt/largefs/docker/overlay2/l/TABB4BFIRFILGQBURAMWMZSQZO:/mnt/largefs/docker/overlay2/l/OL7C6KIXOUC4UUWE4YR6JTOTH4:/mnt/largefs/docker/overlay2/l/3SAB6JX7Q2WSYA5QKCOCHH7JNJ:/mnt/largefs/docker/overlay2/l/ZVGO3BXF3BHQ6O7IVEAT6MNSYB:/mnt/largefs/docker/overlay2/l/OQ2VBDJN4AFP7LHVRHUJEEOZ2R:/mnt/largefs/docker/overlay2/l/4BHFXPRMX3PYAHP6VCYBLMMGDG:/mnt/largefs/docker/overlay2/l/E76FTEFD2E5NH6P66IKHAS2PHL,upperdir=/mnt/largefs/docker/overlay2/95ada13ac6eb880242e0ac092efedeb30c82c6440903c20b9f87db1a3e6a1457/diff,workdir=/mnt/largefs/docker/overlay2/95ada13ac6eb880242e0ac092efedeb30c82c6440903c20b9f87db1a3e6a1457/work,nouserxattr
931 65 0:72 / /mnt/largefs/docker/overlay2/2d53dbf751343051dcdfa64fffe69a8bb3cefe261ef0127ab727fcd88802a3f8/merged rw,relatime shared:748 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/R3B32BGH5UU5VSCYJ5APIELHEH:/mnt/largefs/docker/overlay2/l/PYOQ7EUGAVY2ZNIQKXR4EKQQNG:/mnt/largefs/docker/overlay2/l/KF3XYCYXN2MMEB36DFLTV4HZ4A:/mnt/largefs/docker/overlay2/l/6YYTBUIIKLHRO7QTVZWCS77EQ6:/mnt/largefs/docker/overlay2/l/LF43GK7IZ6FTXPHXTIXAXVFK3E:/mnt/largefs/docker/overlay2/l/RXEDFBFYMX6FFXYZ7DB5ZOE4HQ:/mnt/largefs/docker/overlay2/l/YFF6NOOB2APVTCSUB7QWZYTWSS:/mnt/largefs/docker/overlay2/l/ME37GY632JPGDWKHGEEQ2NUAMH:/mnt/largefs/docker/overlay2/l/LZDRY3QZ4KSQTF4YPRVC6ZPDAK:/mnt/largefs/docker/overlay2/l/O4OTF3PCAAVJKQM4E5VASFXCIP:/mnt/largefs/docker/overlay2/l/J6WRHIIDAPSW4ZRHAZR4WV6SPF:/mnt/largefs/docker/overlay2/l/I3TXF6IH7R754ZZWWUXFUPAL7R:/mnt/largefs/docker/overlay2/l/CPLKKPAPPWEQG6W4XWKULFLUKH:/mnt/largefs/docker/overlay2/l/EQQW5TJOIZCPLHSCI3NGCNBZYY,upperdir=/mnt/largefs/docker/overlay2/2d53dbf751343051dcdfa64fffe69a8bb3cefe261ef0127ab727fcd88802a3f8/diff,workdir=/mnt/largefs/docker/overlay2/2d53dbf751343051dcdfa64fffe69a8bb3cefe261ef0127ab727fcd88802a3f8/work,nouserxattr
967 65 0:74 / /mnt/largefs/docker/overlay2/c340c8330a94352d59acbbf4d67fc5bdca013a1f42840098f4823f37c94861a4/merged rw,relatime shared:762 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/M2K6WEDLKWC3OHMNCFCBQAQHUS:/mnt/largefs/docker/overlay2/l/ZJWA753MLXPASZNWX2YI3ZBAGX:/mnt/largefs/docker/overlay2/l/DXIHBBXE7RLVCKOPIKPWEZHNZR:/mnt/largefs/docker/overlay2/l/MVABBLRXCDOGRSTOW5YKSULAW5:/mnt/largefs/docker/overlay2/l/TZ2QSINEZXDJWXCXJATGCX7XPR:/mnt/largefs/docker/overlay2/l/2TVB6R4KGIDHEZVNGTRDYBS5F5:/mnt/largefs/docker/overlay2/l/X2WNCDOMCK6WICGP7RESG47SJI:/mnt/largefs/docker/overlay2/l/35KPXWCOHPJTJUA6WUE2O5YAP6:/mnt/largefs/docker/overlay2/l/UFSACN4ETQYRAAJTRVWGEF7KDL:/mnt/largefs/docker/overlay2/l/J4NPSDPTKIJSLZ2ZQ7VGIWWS7N:/mnt/largefs/docker/overlay2/l/MAM4PUEAPPKJ2H63TQQ72XY4SQ:/mnt/largefs/docker/overlay2/l/AXTZSS7UWKSTAVT77GOAPMWMN3:/mnt/largefs/docker/overlay2/l/OYDWPAA22ICH6OCJPO7OPKBRLN:/mnt/largefs/docker/overlay2/l/3DX3SBEDHUTMWKZ6JWZ4LBGTQV:/mnt/largefs/docker/overlay2/l/A4EE5IVWQWJO4DXCSK3GJ27WOE:/mnt/largefs/docker/overlay2/l/4EDFBMGNJPIRU6RQSV2TAAOWCB:/mnt/largefs/docker/overlay2/l/67IPUAKHO4TXTV2LOKKICNCAPV:/mnt/largefs/docker/overlay2/l/LTUE7YEV7AWNRNFVIP3HTBARKT:/mnt/largefs/docker/overlay2/l/BBTW4ZVMTALGWKUAOWHYZZQU5Q:/mnt/largefs/docker/overlay2/l/E76FTEFD2E5NH6P66IKHAS2PHL,upperdir=/mnt/largefs/docker/overlay2/c340c8330a94352d59acbbf4d67fc5bdca013a1f42840098f4823f37c94861a4/diff,workdir=/mnt/largefs/docker/overlay2/c340c8330a94352d59acbbf4d67fc5bdca013a1f42840098f4823f37c94861a4/work,nouserxattr
1366 29 0:4 net:[4026533158] /run/docker/netns/e644aee9e8e6 rw shared:776 - nsfs nsfs rw
1390 29 0:4 net:[4026532979] /run/docker/netns/0894686c189b rw shared:790 - nsfs nsfs rw
1414 29 0:4 net:[4026533098] /run/docker/netns/3b2e7eabfbc6 rw shared:804 - nsfs nsfs rw
1438 29 0:4 net:[4026533218] /run/docker/netns/c9ae117f51cf rw shared:818 - nsfs nsfs rw
1462 29 0:4 net:[4026533039] /run/docker/netns/037aa006b167 rw shared:832 - nsfs nsfs rw
1486 29 0:4 net:[4026533278] /run/docker/netns/2fbc45cb580e rw shared:846 - nsfs nsfs rw
1510 29 0:4 net:[4026533338] /run/docker/netns/b3de940bfd62 rw shared:860 - nsfs nsfs rw
1129 29 0:4 net:[4026531840] /run/docker/netns/default rw shared:677 - nsfs nsfs rw
+ echo '/proc/self/mountinfo outside container with sudo:'
/proc/self/mountinfo outside container with sudo:
+ sudo cat /proc/self/mountinfo
25 30 0:23 / /sys rw,nosuid,nodev,noexec,relatime shared:7 - sysfs sysfs rw
26 30 0:24 / /proc rw,nosuid,nodev,noexec,relatime shared:13 - proc proc rw
27 30 0:5 / /dev rw,nosuid,relatime shared:2 - devtmpfs udev rw,size=16251480k,nr_inodes=4062870,mode=755,inode64
28 27 0:25 / /dev/pts rw,nosuid,noexec,relatime shared:3 - devpts devpts rw,gid=5,mode=620,ptmxmode=000
29 30 0:26 / /run rw,nosuid,nodev,noexec,relatime shared:5 - tmpfs tmpfs rw,size=3263108k,mode=755,inode64
30 1 259:2 / / rw,relatime shared:1 - ext4 /dev/nvme0n1p2 rw
31 25 0:6 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:8 - securityfs securityfs rw
32 27 0:27 / /dev/shm rw,nosuid,nodev shared:4 - tmpfs tmpfs rw,inode64
33 29 0:28 / /run/lock rw,nosuid,nodev,noexec,relatime shared:6 - tmpfs tmpfs rw,size=5120k,inode64
34 25 0:29 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:9 - cgroup2 cgroup2 rw,nsdelegate,memory_recursiveprot
35 25 0:30 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:10 - pstore pstore rw
36 25 0:31 / /sys/firmware/efi/efivars rw,nosuid,nodev,noexec,relatime shared:11 - efivarfs efivarfs rw
37 25 0:32 / /sys/fs/bpf rw,nosuid,nodev,noexec,relatime shared:12 - bpf bpf rw,mode=700
38 26 0:33 / /proc/sys/fs/binfmt_misc rw,relatime shared:14 - autofs systemd-1 rw,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=10485
39 27 0:20 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:15 - mqueue mqueue rw
40 27 0:34 / /dev/hugepages rw,nosuid,nodev,relatime shared:16 - hugetlbfs hugetlbfs rw,pagesize=2M
41 25 0:7 / /sys/kernel/debug rw,nosuid,nodev,noexec,relatime shared:17 - debugfs debugfs rw
42 25 0:12 / /sys/kernel/tracing rw,nosuid,nodev,noexec,relatime shared:18 - tracefs tracefs rw
43 25 0:21 / /sys/kernel/config rw,nosuid,nodev,noexec,relatime shared:19 - configfs configfs rw
44 25 0:35 / /sys/fs/fuse/connections rw,nosuid,nodev,noexec,relatime shared:20 - fusectl fusectl rw
46 30 7:0 / /snap/bare/5 ro,nodev,relatime shared:30 - squashfs /dev/loop0 ro,errors=continue,threads=single
48 30 7:1 / /snap/core22/1621 ro,nodev,relatime shared:46 - squashfs /dev/loop1 ro,errors=continue,threads=single
50 30 7:3 / /snap/firefox/5134 ro,nodev,relatime shared:48 - squashfs /dev/loop3 ro,errors=continue,threads=single
52 30 7:2 / /snap/core22/1663 ro,nodev,relatime shared:50 - squashfs /dev/loop2 ro,errors=continue,threads=single
54 30 7:4 / /snap/firefox/5187 ro,nodev,relatime shared:52 - squashfs /dev/loop4 ro,errors=continue,threads=single
56 30 7:5 / /snap/gtk-common-themes/1535 ro,nodev,relatime shared:54 - squashfs /dev/loop5 ro,errors=continue,threads=single
58 30 7:6 / /snap/gnome-42-2204/176 ro,nodev,relatime shared:56 - squashfs /dev/loop6 ro,errors=continue,threads=single
60 30 7:7 / /snap/snapd/21759 ro,nodev,relatime shared:58 - squashfs /dev/loop7 ro,errors=continue,threads=single
63 30 259:1 / /boot/efi rw,relatime shared:60 - vfat /dev/nvme0n1p1 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro
65 30 8:1 / /mnt/largefs rw,relatime shared:62 - ext4 /dev/sda1 rw
91 38 0:37 / /proc/sys/fs/binfmt_misc rw,nosuid,nodev,noexec,relatime shared:64 - binfmt_misc binfmt_misc rw
122 29 0:47 / /run/user/1000 rw,nosuid,nodev,relatime shared:377 - tmpfs tmpfs rw,size=3263104k,nr_inodes=815776,mode=700,uid=1000,gid=1000,inode64
787 65 0:62 / /mnt/largefs/docker/overlay2/7a0fb2bb6ac067208ba9950e0cf85c8b74e34eff5f90e8dc7d3495e0e6b20e35/merged rw,relatime shared:678 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/HAN4PMC66TOMPG5AI5Z3775Q65:/mnt/largefs/docker/overlay2/l/EUAGFRVLRVDIPUNBVBN53PNXA2:/mnt/largefs/docker/overlay2/l/6WVVH2IQKADQADRZMUUWYXTEGY:/mnt/largefs/docker/overlay2/l/PSW4JWDDEYNGD2JZOMXIU7WJLA,upperdir=/mnt/largefs/docker/overlay2/7a0fb2bb6ac067208ba9950e0cf85c8b74e34eff5f90e8dc7d3495e0e6b20e35/diff,workdir=/mnt/largefs/docker/overlay2/7a0fb2bb6ac067208ba9950e0cf85c8b74e34eff5f90e8dc7d3495e0e6b20e35/work,nouserxattr
813 65 0:65 / /mnt/largefs/docker/overlay2/550f7630c46eef01ca2da04c5cce5c4a7e0be72d6a17471b5545803e579e5bbe/merged rw,relatime shared:692 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/RLUA7ROAUIDVLQ7WSSZGBJVWTM:/mnt/largefs/docker/overlay2/l/WOIZNEH4OU4VKC5CDQQHCKZFBI:/mnt/largefs/docker/overlay2/l/KMAOWGP5RWFBNOS226XUSWD53O:/mnt/largefs/docker/overlay2/l/5DCY5SXTGHSYDFHUXIO2JWNDWS:/mnt/largefs/docker/overlay2/l/JTLJVLAN4NZBMLBF2H3EW6QWJW:/mnt/largefs/docker/overlay2/l/2NF2RBQEFTICEX4GBQBZWDIIDC:/mnt/largefs/docker/overlay2/l/CLKOQWXVFK2QN7242KZB2GP5VC:/mnt/largefs/docker/overlay2/l/EXYXT4I6T2JWXA2LTBMP3ZMXDY:/mnt/largefs/docker/overlay2/l/PS62EQBLQ2S4STLWCJFNXLW67M,upperdir=/mnt/largefs/docker/overlay2/550f7630c46eef01ca2da04c5cce5c4a7e0be72d6a17471b5545803e579e5bbe/diff,workdir=/mnt/largefs/docker/overlay2/550f7630c46eef01ca2da04c5cce5c4a7e0be72d6a17471b5545803e579e5bbe/work,nouserxattr
837 65 0:64 / /mnt/largefs/docker/overlay2/545c5bd67f731d83986130edef51c1dc8722684872286da0cfbf96fb30663605/merged rw,relatime shared:706 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/U3ZG6EINET3JKQ2QI72HY3E3XJ:/mnt/largefs/docker/overlay2/l/J5PHBAUHDUIEOSJTA4COHYBBVR:/mnt/largefs/docker/overlay2/l/HK2BAK4CLNINVXDZC7G7BR5KE6:/mnt/largefs/docker/overlay2/l/HCFSVAUNGZ5KBTTWYK4GBKX477:/mnt/largefs/docker/overlay2/l/NQ4YVKUKDGKZILDGVKO6DXDTF2:/mnt/largefs/docker/overlay2/l/PVERNA56XDLSZISN4YWB2XIMV7:/mnt/largefs/docker/overlay2/l/72SW3OOGMCLN7LZ3SZ3SUZ4NYQ:/mnt/largefs/docker/overlay2/l/FJB6ILGZ5ZFYMMZQBMON5KQ7ET:/mnt/largefs/docker/overlay2/l/PS62EQBLQ2S4STLWCJFNXLW67M,upperdir=/mnt/largefs/docker/overlay2/545c5bd67f731d83986130edef51c1dc8722684872286da0cfbf96fb30663605/diff,workdir=/mnt/largefs/docker/overlay2/545c5bd67f731d83986130edef51c1dc8722684872286da0cfbf96fb30663605/work,nouserxattr
869 65 0:68 / /mnt/largefs/docker/overlay2/a82f81338c53948ca759dc569145e3682e01226d7a26d90d02584405e128259c/merged rw,relatime shared:720 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/SGFH4J5HTAXDNBVWDIUQ3YIHLT:/mnt/largefs/docker/overlay2/l/XBNDSV3ITYRXIYNWHXCEND6UDG:/mnt/largefs/docker/overlay2/l/2JJMSWKNKCADMFPDDI4S6ZB3SA:/mnt/largefs/docker/overlay2/l/YHVJLBPZ7C47TEWOY26MX4MUD7:/mnt/largefs/docker/overlay2/l/DYNRLWOKHZDNVUT54PWIEFCZSS:/mnt/largefs/docker/overlay2/l/O26JXS6273QEGL2442ZQPFJIQ6:/mnt/largefs/docker/overlay2/l/NICUJRT6BY56JRZI3UNOOM7NTQ:/mnt/largefs/docker/overlay2/l/KEKJCRBCLNBRQHLQPOXP7CZQUT:/mnt/largefs/docker/overlay2/l/YWJVRIAVA5RKGVKBEQFEGPF3MP:/mnt/largefs/docker/overlay2/l/U5DB5WTEDXXAUVWC4RV53SJ73B:/mnt/largefs/docker/overlay2/l/72OBH3B3JVXQJUX2AIYGOU4R4P:/mnt/largefs/docker/overlay2/l/XREDGZ4SZV4UZLK6WJAYFTY24W:/mnt/largefs/docker/overlay2/l/3HABMPR3SPYOVDO3FH4IND73VO:/mnt/largefs/docker/overlay2/l/Z4VIVZDCPWCYFQZRKDNSLBGAW4:/mnt/largefs/docker/overlay2/l/E76FTEFD2E5NH6P66IKHAS2PHL,upperdir=/mnt/largefs/docker/overlay2/a82f81338c53948ca759dc569145e3682e01226d7a26d90d02584405e128259c/diff,workdir=/mnt/largefs/docker/overlay2/a82f81338c53948ca759dc569145e3682e01226d7a26d90d02584405e128259c/work,nouserxattr
901 65 0:69 / /mnt/largefs/docker/overlay2/95ada13ac6eb880242e0ac092efedeb30c82c6440903c20b9f87db1a3e6a1457/merged rw,relatime shared:734 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/GKEUWVVF2QZ7T7CHZQBSJGTSF3:/mnt/largefs/docker/overlay2/l/VQHR6QDAERQO6LI777H2LM35TV:/mnt/largefs/docker/overlay2/l/4XNLBALQUNNCA4ABNK3M426MKB:/mnt/largefs/docker/overlay2/l/KZO5UY3MZRPLFXWVMXPF7KT52X:/mnt/largefs/docker/overlay2/l/M4JR7O4VXKUNXA7Y4567O2TPP7:/mnt/largefs/docker/overlay2/l/LI5F5RB4QFZZK7DGQB7SIENELQ:/mnt/largefs/docker/overlay2/l/RKJ2FW4GMDMHFHKFT6YPR64LCY:/mnt/largefs/docker/overlay2/l/5QGWVSIKOP4SL724RHJQR2LFDB:/mnt/largefs/docker/overlay2/l/QCR242UJ4DGGCGXIVNA6AHNHZU:/mnt/largefs/docker/overlay2/l/EZT43KGOKTCK4KJDKB77WEB6UB:/mnt/largefs/docker/overlay2/l/TABB4BFIRFILGQBURAMWMZSQZO:/mnt/largefs/docker/overlay2/l/OL7C6KIXOUC4UUWE4YR6JTOTH4:/mnt/largefs/docker/overlay2/l/3SAB6JX7Q2WSYA5QKCOCHH7JNJ:/mnt/largefs/docker/overlay2/l/ZVGO3BXF3BHQ6O7IVEAT6MNSYB:/mnt/largefs/docker/overlay2/l/OQ2VBDJN4AFP7LHVRHUJEEOZ2R:/mnt/largefs/docker/overlay2/l/4BHFXPRMX3PYAHP6VCYBLMMGDG:/mnt/largefs/docker/overlay2/l/E76FTEFD2E5NH6P66IKHAS2PHL,upperdir=/mnt/largefs/docker/overlay2/95ada13ac6eb880242e0ac092efedeb30c82c6440903c20b9f87db1a3e6a1457/diff,workdir=/mnt/largefs/docker/overlay2/95ada13ac6eb880242e0ac092efedeb30c82c6440903c20b9f87db1a3e6a1457/work,nouserxattr
931 65 0:72 / /mnt/largefs/docker/overlay2/2d53dbf751343051dcdfa64fffe69a8bb3cefe261ef0127ab727fcd88802a3f8/merged rw,relatime shared:748 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/R3B32BGH5UU5VSCYJ5APIELHEH:/mnt/largefs/docker/overlay2/l/PYOQ7EUGAVY2ZNIQKXR4EKQQNG:/mnt/largefs/docker/overlay2/l/KF3XYCYXN2MMEB36DFLTV4HZ4A:/mnt/largefs/docker/overlay2/l/6YYTBUIIKLHRO7QTVZWCS77EQ6:/mnt/largefs/docker/overlay2/l/LF43GK7IZ6FTXPHXTIXAXVFK3E:/mnt/largefs/docker/overlay2/l/RXEDFBFYMX6FFXYZ7DB5ZOE4HQ:/mnt/largefs/docker/overlay2/l/YFF6NOOB2APVTCSUB7QWZYTWSS:/mnt/largefs/docker/overlay2/l/ME37GY632JPGDWKHGEEQ2NUAMH:/mnt/largefs/docker/overlay2/l/LZDRY3QZ4KSQTF4YPRVC6ZPDAK:/mnt/largefs/docker/overlay2/l/O4OTF3PCAAVJKQM4E5VASFXCIP:/mnt/largefs/docker/overlay2/l/J6WRHIIDAPSW4ZRHAZR4WV6SPF:/mnt/largefs/docker/overlay2/l/I3TXF6IH7R754ZZWWUXFUPAL7R:/mnt/largefs/docker/overlay2/l/CPLKKPAPPWEQG6W4XWKULFLUKH:/mnt/largefs/docker/overlay2/l/EQQW5TJOIZCPLHSCI3NGCNBZYY,upperdir=/mnt/largefs/docker/overlay2/2d53dbf751343051dcdfa64fffe69a8bb3cefe261ef0127ab727fcd88802a3f8/diff,workdir=/mnt/largefs/docker/overlay2/2d53dbf751343051dcdfa64fffe69a8bb3cefe261ef0127ab727fcd88802a3f8/work,nouserxattr
967 65 0:74 / /mnt/largefs/docker/overlay2/c340c8330a94352d59acbbf4d67fc5bdca013a1f42840098f4823f37c94861a4/merged rw,relatime shared:762 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/M2K6WEDLKWC3OHMNCFCBQAQHUS:/mnt/largefs/docker/overlay2/l/ZJWA753MLXPASZNWX2YI3ZBAGX:/mnt/largefs/docker/overlay2/l/DXIHBBXE7RLVCKOPIKPWEZHNZR:/mnt/largefs/docker/overlay2/l/MVABBLRXCDOGRSTOW5YKSULAW5:/mnt/largefs/docker/overlay2/l/TZ2QSINEZXDJWXCXJATGCX7XPR:/mnt/largefs/docker/overlay2/l/2TVB6R4KGIDHEZVNGTRDYBS5F5:/mnt/largefs/docker/overlay2/l/X2WNCDOMCK6WICGP7RESG47SJI:/mnt/largefs/docker/overlay2/l/35KPXWCOHPJTJUA6WUE2O5YAP6:/mnt/largefs/docker/overlay2/l/UFSACN4ETQYRAAJTRVWGEF7KDL:/mnt/largefs/docker/overlay2/l/J4NPSDPTKIJSLZ2ZQ7VGIWWS7N:/mnt/largefs/docker/overlay2/l/MAM4PUEAPPKJ2H63TQQ72XY4SQ:/mnt/largefs/docker/overlay2/l/AXTZSS7UWKSTAVT77GOAPMWMN3:/mnt/largefs/docker/overlay2/l/OYDWPAA22ICH6OCJPO7OPKBRLN:/mnt/largefs/docker/overlay2/l/3DX3SBEDHUTMWKZ6JWZ4LBGTQV:/mnt/largefs/docker/overlay2/l/A4EE5IVWQWJO4DXCSK3GJ27WOE:/mnt/largefs/docker/overlay2/l/4EDFBMGNJPIRU6RQSV2TAAOWCB:/mnt/largefs/docker/overlay2/l/67IPUAKHO4TXTV2LOKKICNCAPV:/mnt/largefs/docker/overlay2/l/LTUE7YEV7AWNRNFVIP3HTBARKT:/mnt/largefs/docker/overlay2/l/BBTW4ZVMTALGWKUAOWHYZZQU5Q:/mnt/largefs/docker/overlay2/l/E76FTEFD2E5NH6P66IKHAS2PHL,upperdir=/mnt/largefs/docker/overlay2/c340c8330a94352d59acbbf4d67fc5bdca013a1f42840098f4823f37c94861a4/diff,workdir=/mnt/largefs/docker/overlay2/c340c8330a94352d59acbbf4d67fc5bdca013a1f42840098f4823f37c94861a4/work,nouserxattr
1366 29 0:4 net:[4026533158] /run/docker/netns/e644aee9e8e6 rw shared:776 - nsfs nsfs rw
1390 29 0:4 net:[4026532979] /run/docker/netns/0894686c189b rw shared:790 - nsfs nsfs rw
1414 29 0:4 net:[4026533098] /run/docker/netns/3b2e7eabfbc6 rw shared:804 - nsfs nsfs rw
1438 29 0:4 net:[4026533218] /run/docker/netns/c9ae117f51cf rw shared:818 - nsfs nsfs rw
1462 29 0:4 net:[4026533039] /run/docker/netns/037aa006b167 rw shared:832 - nsfs nsfs rw
1486 29 0:4 net:[4026533278] /run/docker/netns/2fbc45cb580e rw shared:846 - nsfs nsfs rw
1510 29 0:4 net:[4026533338] /run/docker/netns/b3de940bfd62 rw shared:860 - nsfs nsfs rw
1129 29 0:4 net:[4026531840] /run/docker/netns/default rw shared:677 - nsfs nsfs rw
+ echo '/proc/self/mountinfo inside container:'
/proc/self/mountinfo inside container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main cat /proc/self/mountinfo
1270 635 0:54 / / rw,relatime master:592 - overlay overlay rw,lowerdir=/mnt/largefs/docker/overlay2/l/M5335RBPT4ELJEAYUAAJC3FMMV:/mnt/largefs/docker/overlay2/l/VQHR6QDAERQO6LI777H2LM35TV:/mnt/largefs/docker/overlay2/l/4XNLBALQUNNCA4ABNK3M426MKB:/mnt/largefs/docker/overlay2/l/KZO5UY3MZRPLFXWVMXPF7KT52X:/mnt/largefs/docker/overlay2/l/M4JR7O4VXKUNXA7Y4567O2TPP7:/mnt/largefs/docker/overlay2/l/LI5F5RB4QFZZK7DGQB7SIENELQ:/mnt/largefs/docker/overlay2/l/RKJ2FW4GMDMHFHKFT6YPR64LCY:/mnt/largefs/docker/overlay2/l/5QGWVSIKOP4SL724RHJQR2LFDB:/mnt/largefs/docker/overlay2/l/QCR242UJ4DGGCGXIVNA6AHNHZU:/mnt/largefs/docker/overlay2/l/EZT43KGOKTCK4KJDKB77WEB6UB:/mnt/largefs/docker/overlay2/l/TABB4BFIRFILGQBURAMWMZSQZO:/mnt/largefs/docker/overlay2/l/OL7C6KIXOUC4UUWE4YR6JTOTH4:/mnt/largefs/docker/overlay2/l/3SAB6JX7Q2WSYA5QKCOCHH7JNJ:/mnt/largefs/docker/overlay2/l/ZVGO3BXF3BHQ6O7IVEAT6MNSYB:/mnt/largefs/docker/overlay2/l/OQ2VBDJN4AFP7LHVRHUJEEOZ2R:/mnt/largefs/docker/overlay2/l/4BHFXPRMX3PYAHP6VCYBLMMGDG:/mnt/largefs/docker/overlay2/l/E76FTEFD2E5NH6P66IKHAS2PHL,upperdir=/mnt/largefs/docker/overlay2/2345f0d2b9d9aafc8e63715baff9e4c98cd69a4774c991a864d2b683bb6eac14/diff,workdir=/mnt/largefs/docker/overlay2/2345f0d2b9d9aafc8e63715baff9e4c98cd69a4774c991a864d2b683bb6eac14/work,nouserxattr
1271 1270 0:147 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
1272 1270 0:148 / /dev rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,inode64
1273 1272 0:149 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666
1274 1270 0:150 / /sys ro,nosuid,nodev,noexec,relatime - sysfs sysfs ro
1275 1272 0:146 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw
1276 1272 0:151 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,size=65536k,inode64
1277 1270 0:24 / /proc2 rw,nosuid,nodev,noexec,relatime - proc proc rw
1278 1277 0:33 / /proc2/sys/fs/binfmt_misc rw,relatime - autofs systemd-1 rw,fd=32,pgrp=0,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=10485
1279 1278 0:37 / /proc2/sys/fs/binfmt_misc rw,nosuid,nodev,noexec,relatime - binfmt_misc binfmt_misc rw
1280 1270 8:1 /docker/containers/c64e4d4db84158259379f97bc0d32637ac2218b9b59d13f9247327fbb766d141/resolv.conf /etc/resolv.conf rw,relatime - ext4 /dev/sda1 rw
1281 1270 8:1 /docker/containers/c64e4d4db84158259379f97bc0d32637ac2218b9b59d13f9247327fbb766d141/hostname /etc/hostname rw,relatime - ext4 /dev/sda1 rw
1282 1270 8:1 /docker/containers/c64e4d4db84158259379f97bc0d32637ac2218b9b59d13f9247327fbb766d141/hosts /etc/hosts rw,relatime - ext4 /dev/sda1 rw
1283 1270 8:1 /docker/volumes/open-webui/_data /app/backend/data rw,relatime master:62 - ext4 /dev/sda1 rw
1284 1274 0:29 /../.. /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - cgroup2 cgroup2 rw,nsdelegate,memory_recursiveprot
636 1272 0:149 /0 /dev/console rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666
637 1271 0:147 /bus /proc/bus ro,nosuid,nodev,noexec,relatime - proc proc rw
638 1271 0:147 /fs /proc/fs ro,nosuid,nodev,noexec,relatime - proc proc rw
640 1271 0:147 /irq /proc/irq ro,nosuid,nodev,noexec,relatime - proc proc rw
641 1271 0:147 /sys /proc/sys ro,nosuid,nodev,noexec,relatime - proc proc rw
642 1271 0:147 /sysrq-trigger /proc/sysrq-trigger ro,nosuid,nodev,noexec,relatime - proc proc rw
643 1271 0:152 / /proc/asound ro,relatime - tmpfs tmpfs ro,inode64
644 1271 0:153 / /proc/acpi ro,relatime - tmpfs tmpfs ro,inode64
645 1271 0:148 /null /proc/kcore rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,inode64
700 1271 0:148 /null /proc/keys rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,inode64
724 1271 0:148 /null /proc/latency_stats rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,inode64
725 1271 0:148 /null /proc/timer_list rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,inode64
726 1271 0:154 / /proc/scsi ro,relatime - tmpfs tmpfs ro,inode64
727 1274 0:155 / /sys/firmware ro,relatime - tmpfs tmpfs ro,inode64
728 1274 0:156 / /sys/devices/virtual/powercap ro,relatime - tmpfs tmpfs ro,inode64
+ for f in "${useful_files[@]}"
+ echo '/proc/self/uid_map outside container:'
/proc/self/uid_map outside container:
+ cat /proc/self/uid_map
         0          0 4294967295
+ echo '/proc/self/uid_map outside container with sudo:'
/proc/self/uid_map outside container with sudo:
+ sudo cat /proc/self/uid_map
         0          0 4294967295
+ echo '/proc/self/uid_map inside container:'
/proc/self/uid_map inside container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main cat /proc/self/uid_map
         0          0 4294967295
+ for f in "${useful_files[@]}"
+ echo '/proc/sys/kernel/unprivileged_userns_clone outside container:'
/proc/sys/kernel/unprivileged_userns_clone outside container:
+ cat /proc/sys/kernel/unprivileged_userns_clone
1
+ echo '/proc/sys/kernel/unprivileged_userns_clone outside container with sudo:'
/proc/sys/kernel/unprivileged_userns_clone outside container with sudo:
+ sudo cat /proc/sys/kernel/unprivileged_userns_clone
1
+ echo '/proc/sys/kernel/unprivileged_userns_clone inside container:'
/proc/sys/kernel/unprivileged_userns_clone inside container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main cat /proc/sys/kernel/unprivileged_userns_clone
1
+ for f in "${useful_files[@]}"
+ echo '/proc/sys/kernel/unprivileged_userns_apparmor_policy outside container:'
/proc/sys/kernel/unprivileged_userns_apparmor_policy outside container:
+ cat /proc/sys/kernel/unprivileged_userns_apparmor_policy
cat: /proc/sys/kernel/unprivileged_userns_apparmor_policy: Permission denied
+ echo '/proc/sys/kernel/unprivileged_userns_apparmor_policy outside container with sudo:'
/proc/sys/kernel/unprivileged_userns_apparmor_policy outside container with sudo:
+ sudo cat /proc/sys/kernel/unprivileged_userns_apparmor_policy
1
+ echo '/proc/sys/kernel/unprivileged_userns_apparmor_policy inside container:'
/proc/sys/kernel/unprivileged_userns_apparmor_policy inside container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main cat /proc/sys/kernel/unprivileged_userns_apparmor_policy
cat: /proc/sys/kernel/unprivileged_userns_apparmor_policy: Operation not permitted
+ for f in "${useful_files[@]}"
+ echo '/proc/sys/user/max_user_namespaces outside container:'
/proc/sys/user/max_user_namespaces outside container:
+ cat /proc/sys/user/max_user_namespaces
126964
+ echo '/proc/sys/user/max_user_namespaces outside container with sudo:'
/proc/sys/user/max_user_namespaces outside container with sudo:
+ sudo cat /proc/sys/user/max_user_namespaces
126964
+ echo '/proc/sys/user/max_user_namespaces inside container:'
/proc/sys/user/max_user_namespaces inside container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main cat /proc/sys/user/max_user_namespaces
126964
+ for f in "${useful_files[@]}"
+ echo '/etc/subuid outside container:'
/etc/subuid outside container:
+ cat /etc/subuid
USERNAME:100000:65536
hanqiongjia:165536:65536
+ echo '/etc/subuid outside container with sudo:'
/etc/subuid outside container with sudo:
+ sudo cat /etc/subuid
USERNAME:100000:65536
hanqiongjia:165536:65536
+ echo '/etc/subuid inside container:'
/etc/subuid inside container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main cat /etc/subuid
+ for f in "${useful_files[@]}"
+ echo '/etc/subgid outside container:'
/etc/subgid outside container:
+ cat /etc/subgid
USERNAME:100000:65536
hanqiongjia:165536:65536
+ echo '/etc/subgid outside container with sudo:'
/etc/subgid outside container with sudo:
+ sudo cat /etc/subgid
USERNAME:100000:65536
hanqiongjia:165536:65536
+ echo '/etc/subgid inside container:'
/etc/subgid inside container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main cat /etc/subgid
+ for f in "${useful_files[@]}"
+ echo '/home/USERNAME/.config/docker/daemon.json outside container:'
/home/USERNAME/.config/docker/daemon.json outside container:
+ cat /home/USERNAME/.config/docker/daemon.json
cat: /home/USERNAME/.config/docker/daemon.json: No such file or directory
+ echo '/home/USERNAME/.config/docker/daemon.json outside container with sudo:'
/home/USERNAME/.config/docker/daemon.json outside container with sudo:
+ sudo cat /home/USERNAME/.config/docker/daemon.json
cat: /home/USERNAME/.config/docker/daemon.json: No such file or directory
+ echo '/home/USERNAME/.config/docker/daemon.json inside container:'
/home/USERNAME/.config/docker/daemon.json inside container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main cat /home/USERNAME/.config/docker/daemon.json
cat: /home/USERNAME/.config/docker/daemon.json: No such file or directory
+ echo 'capsh outside container:'
capsh outside container:
+ capsh --print
Current: =
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
Ambient set =
Current IAB:
Securebits: 00/0x0/1'b0 (no-new-privs=0)
 secure-noroot: no (unlocked)
 secure-no-suid-fixup: no (unlocked)
 secure-keep-caps: no (unlocked)
 secure-no-ambient-raise: no (unlocked)
uid=1000(USERNAME) euid=1000(USERNAME)
gid=1000(USERNAME)
groups=4(adm),24(cdrom),27(sudo),30(dip),44(video),46(plugdev),100(users),114(lpadmin),987(docker),988(ollama),992(render),1000(USERNAME)
Guessed mode: HYBRID (4)
+ echo 'capsh outside container with sudo:'
capsh outside container with sudo:
+ sudo capsh --print
Current: =ep
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
Ambient set =
Current IAB:
Securebits: 00/0x0/1'b0 (no-new-privs=0)
 secure-noroot: no (unlocked)
 secure-no-suid-fixup: no (unlocked)
 secure-keep-caps: no (unlocked)
 secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: HYBRID (4)
+ echo 'capsh inside container:'
capsh inside container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main bash -c 'apt-get update && apt-get install -y libcap2-bin && capsh --print'
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 Packages [8789 kB]
Get:5 http://deb.debian.org/debian bookworm-updates/main amd64 Packages [2468 B]
Get:6 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [190 kB]
Fetched 9235 kB in 1s (7191 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  libpam-cap
The following NEW packages will be installed:
  libcap2-bin libpam-cap
0 upgraded, 2 newly installed, 0 to remove and 32 not upgraded.
Need to get 49.2 kB of archives.
After this operation, 188 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 libcap2-bin amd64 1:2.66-4 [34.7 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 libpam-cap amd64 1:2.66-4 [14.5 kB]
Fetched 49.2 kB in 0s (519 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package libcap2-bin.
(Reading database ... 17968 files and directories currently installed.)
Preparing to unpack .../libcap2-bin_1%3a2.66-4_amd64.deb ...
Unpacking libcap2-bin (1:2.66-4) ...
Selecting previously unselected package libpam-cap:amd64.
Preparing to unpack .../libpam-cap_1%3a2.66-4_amd64.deb ...
Unpacking libpam-cap:amd64 (1:2.66-4) ...
Setting up libcap2-bin (1:2.66-4) ...
Setting up libpam-cap:amd64 (1:2.66-4) ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.)
debconf: falling back to frontend: Readline
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
Ambient set =
Current IAB: !cap_dac_read_search,!cap_linux_immutable,!cap_net_broadcast,!cap_net_admin,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_lease,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0 (no-new-privs=0)
 secure-noroot: no (unlocked)
 secure-no-suid-fixup: no (unlocked)
 secure-keep-caps: no (unlocked)
 secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: HYBRID (4)
+ echo 'Downloading gVisor:'
Downloading gVisor:
++ uname -m
+ wget https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc -O /home/USERNAME/runsc
--2024-11-10 11:26:01--  https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc
Resolving storage.googleapis.com (storage.googleapis.com)... 172.217.23.123, 2a00:1450:4001:80e::201b, 2a00:1450:4001:828::201b, ...
Connecting to storage.googleapis.com (storage.googleapis.com)|172.217.23.123|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 65948943 (63M) [application/octet-stream]
Saving to: ‘/home/USERNAME/runsc’

/home/USERNAME/runsc                               100%[===================================================================================================================>]  62.89M  22.7MB/s    in 2.8s

2024-11-10 11:26:05 (22.7 MB/s) - ‘/home/USERNAME/runsc’ saved [65948943/65948943]

+ chmod 555 /home/USERNAME/runsc
+ echo 'gVisor in rootless mode outside container:'
gVisor in rootless mode outside container:
+ /home/USERNAME/runsc --rootless --network=none --ignore-cgroups=true --debug-log=/dev/stderr --host-settings=check do echo hi
I1110 11:26:05.038154  1006637 main.go:195] **************** gVisor ****************
I1110 11:26:05.038179  1006637 main.go:196] Version release-20241104.0, go1.23.2 X:nocoverageredesign, amd64, 8 CPUs, linux, PID 1006637, PPID 1005195, UID 1000, GID 1000
I1110 11:26:05.038185  1006637 main.go:198] Args: [/home/USERNAME/runsc --rootless --network=none --ignore-cgroups=true --debug-log=/dev/stderr --host-settings=check do echo hi]
I1110 11:26:05.038192  1006637 config.go:439] Platform: systrap
I1110 11:26:05.038213  1006637 config.go:440] RootDir: /run/user/1000/runsc
I1110 11:26:05.038217  1006637 config.go:441] FileAccess: exclusive / Directfs: true / Overlay: root:self
I1110 11:26:05.038223  1006637 config.go:442] Network: none
I1110 11:26:05.038227  1006637 main.go:200] **************** gVisor ****************
I1110 11:26:05.038272  1006637 namespace.go:247] *** Re-running as root in new user namespace ***
W1110 11:26:05.038703  1006637 util.go:64] FATAL ERROR: Error executing inside namespace: re-executing self: fork/exec /proc/self/exe: permission denied
Error executing inside namespace: re-executing self: fork/exec /proc/self/exe: permission denied
W1110 11:26:05.038765  1006637 main.go:230] Failure to execute command, err: 1
+ echo 'gVisor in rootful mode outside container:'
gVisor in rootful mode outside container:
+ sudo /home/USERNAME/runsc --network=none --ignore-cgroups=true --debug-log=/dev/stderr --host-settings=check do echo hi
I1110 11:26:05.056971  1006645 main.go:195] **************** gVisor ****************
I1110 11:26:05.056996  1006645 main.go:196] Version release-20241104.0, go1.23.2 X:nocoverageredesign, amd64, 8 CPUs, linux, PID 1006645, PPID 1006644, UID 0, GID 0
I1110 11:26:05.057002  1006645 main.go:198] Args: [/home/USERNAME/runsc --network=none --ignore-cgroups=true --debug-log=/dev/stderr --host-settings=check do echo hi]
I1110 11:26:05.057009  1006645 config.go:439] Platform: systrap
I1110 11:26:05.057029  1006645 config.go:440] RootDir: /var/run/runsc
I1110 11:26:05.057032  1006645 config.go:441] FileAccess: exclusive / Directfs: true / Overlay: root:self
I1110 11:26:05.057038  1006645 config.go:442] Network: none
I1110 11:26:05.057043  1006645 main.go:200] **************** gVisor ****************
I1110 11:26:05.057548  1006645 do.go:441] Changing configuration RootDir to "/tmp/runsc-do1150805609"
I1110 11:26:05.057782  1006645 namespace.go:198] Mapping host uid 0 to container uid 0 (size=4294967295)
I1110 11:26:05.057799  1006645 namespace.go:206] Mapping host gid 0 to container gid 0 (size=4294967295)
I1110 11:26:05.058599  1006645 container.go:1370] Gofer started, PID: 1006650
I1110 11:26:05.058766  1006645 sandbox.go:910] Control socket path: "/tmp/runsc-do1150805609/runsc-runsc-478808.sock"
I1110 11:26:05.058788  1006645 sandbox.go:961] Sandbox will be started in new mount, IPC and UTS namespaces
I1110 11:26:05.058796  1006645 sandbox.go:986] Sandbox will be started in new network namespace
I1110 11:26:05.058810  1006645 sandbox.go:1003] Sandbox will be started in container's user namespace: {Type:user Path:}
I1110 11:26:05.058841  1006645 namespace.go:198] Mapping host uid 0 to container uid 0 (size=4294967295)
I1110 11:26:05.058849  1006645 namespace.go:206] Mapping host gid 0 to container gid 0 (size=4294967295)
I1110 11:26:05.058892  1006645 sandbox.go:1033] Sandbox will be started in minimal chroot
I1110 11:26:05.059611  1006645 sandbox.go:1259] Sandbox started, PID: 1006655
I1110 11:26:05.074169       1 main.go:195] **************** gVisor ****************
I1110 11:26:05.074229       1 main.go:196] Version release-20241104.0, go1.23.2 X:nocoverageredesign, amd64, 8 CPUs, linux, PID 1, PPID 0, UID 0, GID 0
I1110 11:26:05.074245       1 main.go:198] Args: [runsc-gofer --root=/tmp/runsc-do1150805609 --debug-log=/dev/stderr --overlay2=all:memory --host-settings=check --network=none --ignore-cgroups=true --debug-log-fd=3 gofer --bundle /tmp/runsc-do1150805609 --gofer-mount-confs=lisafs:memory --spec-fd=4 --mounts-fd=5 --io-fds=6]
I1110 11:26:05.074266       1 config.go:439] Platform: systrap
I1110 11:26:05.074290       1 config.go:440] RootDir: /tmp/runsc-do1150805609
I1110 11:26:05.074301       1 config.go:441] FileAccess: exclusive / Directfs: true / Overlay: all:memory
I1110 11:26:05.074312       1 config.go:442] Network: none
I1110 11:26:05.074320       1 main.go:200] **************** gVisor ****************
I1110 11:26:05.074853       1 main.go:195] **************** gVisor ****************
I1110 11:26:05.074876       1 main.go:196] Version release-20241104.0, go1.23.2 X:nocoverageredesign, amd64, 8 CPUs, linux, PID 1, PPID 0, UID 0, GID 0
I1110 11:26:05.074885       1 main.go:198] Args: [runsc-sandbox --root=/tmp/runsc-do1150805609 --debug-log=/dev/stderr --overlay2=all:memory --host-settings=check --network=none --ignore-cgroups=true --debug-log-fd=3 boot --bundle=/tmp/runsc-do1150805609 --gofer-mount-confs=lisafs:memory --apply-caps=true --setup-root --total-host-memory 33414205440 --total-memory 33414205440 --attached --io-fds=4 --dev-io-fd=-1 --mounts-fd=5 --start-sync-fd=6 --controller-fd=7 --spec-fd=8 --stdio-fds=9 --stdio-fds=10 --stdio-fds=11 runsc-478808]
W1110 11:26:05.074880       1 specutils.go:127] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
I1110 11:26:05.074902       1 config.go:439] Platform: systrap
I1110 11:26:05.074927       1 config.go:440] RootDir: /tmp/runsc-do1150805609
I1110 11:26:05.074933       1 config.go:441] FileAccess: exclusive / Directfs: true / Overlay: all:memory
I1110 11:26:05.074941       1 config.go:442] Network: none
I1110 11:26:05.074948       1 main.go:200] **************** gVisor ****************
I1110 11:26:05.075100       1 gofer.go:455] Create working directory "/mnt/largefs/Downloads" if needed
I1110 11:26:05.075123       1 gofer.go:469] Remounting root as readonly: "/proc/fs/root"
I1110 11:26:05.075119       1 boot.go:274] Setting product_name: "Default string"
I1110 11:26:05.075169       1 boot.go:284] Setting host-shmem-huge: "never"
I1110 11:26:05.075581       1 capability.go:66] Capabilities applied: { effective="chown, dac_override, dac_read_search, fowner, fsetid, sys_chroot" permitted="chown, dac_override, dac_read_search, fowner, fsetid, sys_chroot" inheritable="empty" bounding="chown, dac_override, dac_read_search, fowner, fsetid, sys_chroot" }
I1110 11:26:05.075608       1 cmd.go:92] Execve "/proc/self/exe" again, bye!
W1110 11:26:05.075608       1 specutils.go:127] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
I1110 11:26:05.075626       1 chroot.go:159] Setting up sandbox chroot in "/tmp"
I1110 11:26:05.075728       1 chroot.go:37] Mounting "proc" at "/tmp/proc/sandbox-proc"
I1110 11:26:05.076228       1 capability.go:66] Capabilities applied: { effective="chown, dac_override, dac_read_search, fowner, fsetid, sys_ptrace" permitted="chown, dac_override, dac_read_search, fowner, fsetid, sys_ptrace" inheritable="empty" bounding="chown, dac_override, dac_read_search, fowner, fsetid, sys_ptrace" }
I1110 11:26:05.076250       1 cmd.go:92] Execve "/proc/self/exe" again, bye!
I1110 11:26:05.089768       1 main.go:195] **************** gVisor ****************
I1110 11:26:05.089813       1 main.go:196] Version release-20241104.0, go1.23.2 X:nocoverageredesign, amd64, 8 CPUs, linux, PID 1, PPID 0, UID 0, GID 0
I1110 11:26:05.089819       1 main.go:198] Args: [runsc-sandbox --root=/tmp/runsc-do1150805609 --debug-log=/dev/stderr --overlay2=all:memory --host-settings=check --network=none --ignore-cgroups=true --debug-log-fd=3 boot --apply-caps=false --attached=true --bundle=/tmp/runsc-do1150805609 --controller-fd=7 --dev-io-fd=-1 --gofer-mount-confs=lisafs:memory --io-fds=4 --mounts-fd=5 --setup-root=false --spec-fd=8 --start-sync-fd=6 --stdio-fds=9,10,11 --total-host-memory=33414205440 --total-memory=33414205440 --product-name=Default string --host-shmem-huge=never --proc-mount-sync-fd=18 runsc-478808]
I1110 11:26:05.089832       1 config.go:439] Platform: systrap
I1110 11:26:05.089851       1 config.go:440] RootDir: /tmp/runsc-do1150805609
I1110 11:26:05.089855       1 config.go:441] FileAccess: exclusive / Directfs: true / Overlay: all:memory
I1110 11:26:05.089861       1 config.go:442] Network: none
I1110 11:26:05.089867       1 main.go:200] **************** gVisor ****************
W1110 11:26:05.089982       1 native_amd64.go:187] Could not open /proc/cpuinfo: open /proc/cpuinfo: no such file or directory
W1110 11:26:05.090501       1 specutils.go:127] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
I1110 11:26:05.091110       1 main.go:195] **************** gVisor ****************
I1110 11:26:05.091136       1 main.go:196] Version release-20241104.0, go1.23.2 X:nocoverageredesign, amd64, 8 CPUs, linux, PID 1, PPID 0, UID 0, GID 0
I1110 11:26:05.091157       1 main.go:198] Args: [runsc-gofer --root=/tmp/runsc-do1150805609 --debug-log=/dev/stderr --overlay2=all:memory --host-settings=check --network=none --ignore-cgroups=true --debug-log-fd=3 gofer --bundle=/tmp/runsc-do1150805609 --gofer-mount-confs=lisafs:memory --io-fds=6 --mounts-fd=5 --spec-fd=4 --sync-nvproxy-fd=-1 --sync-userns-fd=-1 --proc-mount-sync-fd=12 --apply-caps=false --setup-root=false]
I1110 11:26:05.091173       1 config.go:439] Platform: systrap
I1110 11:26:05.091191       1 config.go:440] RootDir: /tmp/runsc-do1150805609
I1110 11:26:05.091196       1 config.go:441] FileAccess: exclusive / Directfs: true / Overlay: all:memory
I1110 11:26:05.091204       1 config.go:442] Network: none
I1110 11:26:05.091210       1 main.go:200] **************** gVisor ****************
W1110 11:26:05.091700       1 specutils.go:127] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
I1110 11:26:05.092196       1 gofer.go:240] Process chroot'd to "/root"
I1110 11:26:05.092211       1 seccomp.go:61] Installing seccomp filters for 48 syscalls (action=kill process)
I1110 11:26:05.094453       1 seccomp.go:89] Seccomp filters installed.
I1110 11:26:05.094479       1 gofer.go:289] Serving "/" mapped to "/root" on FD 6 (ro: true)
I1110 11:26:05.109164       1 loader.go:787] Platform: systrap
I1110 11:26:05.110566       1 loader.go:809] Disabling application huge pages: host shmem_huge is "never"
I1110 11:26:05.110807       1 loader.go:554] CPUs: 8
I1110 11:26:05.110817       1 loader.go:568] Setting total memory to 31.12 GB
I1110 11:26:05.110911       1 loader.go:615] Packet logging disabled
I1110 11:26:05.110923       1 watchdog.go:182] Watchdog waiting 30s for startup
W1110 11:26:05.111471  1006645 hostsettings.go:44] Host setting "/sys/kernel/mm/transparent_hugepage/shmem_enabled" (currently: "always within_size advise [never] deny force") is not optimal (turning on transparent hugepages support in shmem increases memory allocation performance); it is recommended to change it to "advise"
W1110 11:26:05.111488  1006645 hostsettings.go:44] Host setting "/proc/sys/vm/max_map_count" (currently: "1048576") is not optimal (increasing max_map_count decreases the likelihood of host VMA exhaustion); it is recommended to change it to "4194304"
I1110 11:26:05.111513  1006645 network.go:56] Setting up network
I1110 11:26:05.111520  1006645 network.go:60] Network is disabled, create loopback interface only
I1110 11:26:05.111864       1 network.go:300] Enabling loopback interface "lo" with id 1 on addresses [127.0.0.1/8 ::1/128]
I1110 11:26:05.111940       1 network.go:540] Setting routes [127.0.0.0/8 nic 1 ::1/128 nic 1]
W1110 11:26:05.112676       1 filter.go:40] *** SECCOMP WARNING: host filesystem enabled: syscall filters less restrictive!
I1110 11:26:05.112746       1 filter.go:58] No precompiled program found for config options GOARCH="amd64" Platform="systrap" HostNetwork=false HostNetworkRawSockets=false HostFilesystem=true ProfileEnable=false Instrumentation=false NVProxy=false TPUProxy=false CgoEnabled=false PluginNetwork=false, building seccomp program from scratch. This may slow down container startup.
I1110 11:26:05.112783       1 seccomp.go:61] Installing seccomp filters for 85 syscalls (action=kill process)
I1110 11:26:05.119784       1 seccomp.go:89] Seccomp filters installed.
I1110 11:26:05.119930       1 vfs.go:1118] created cgroup mounts for controllers [cpu cpuacct cpuset devices job memory pids]
I1110 11:26:05.119946       1 vfs.go:444] Configuring container's file system
I1110 11:26:05.119958       1 vfs.go:532] Mounting root with 9p, ioFD: 4
I1110 11:26:05.119965       1 vfs.go:535] Adding overlay on top of root
I1110 11:26:05.120196       1 vfs.go:854] Mounted "" to "/sys" type: sysfs, internal-options: ""
I1110 11:26:05.120241       1 vfs.go:854] Mounted "" to "/dev" type: dev, internal-options: ""
I1110 11:26:05.120555       1 vfs.go:854] Mounted "" to "/proc" type: proc, internal-options: ""
I1110 11:26:05.120567       1 vfs.go:854] Mounted "" to "/dev/pts" type: devpts, internal-options: ""
I1110 11:26:05.120895       1 vfs.go:1040] Skipping internal tmpfs mount for "/tmp" because it's not empty
I1110 11:26:05.120953       1 kernel.go:1102] EXEC: [echo hi]
I1110 11:26:05.121383       1 loader.go:972] Process should have started...
I1110 11:26:05.121400       1 watchdog.go:205] Starting watchdog, period: 45s, timeout: 3m0s, action: logWarning
I1110 11:26:05.123621       1 compat.go:120] Unsupported syscall rseq(0x7ef007df8060,0x20,0x0,0x53053053,0x0,0x7ef007e4b440). It is likely that you can safely ignore this message and that this is not the cause of any error. Please, refer to https://gvisor.dev/c/linux/amd64/rseq for more information.
hi
I1110 11:26:05.124462       1 loader.go:1256] Gofer socket disconnected, killing container "runsc-478808"
I1110 11:26:05.124486       1 gofer.go:342] All lisafs servers exited.
I1110 11:26:05.124511       1 main.go:221] Exiting with status: 0
I1110 11:26:05.124562       1 boot.go:570] application exiting with exit status 0
I1110 11:26:05.124586       1 watchdog.go:221] Stopping watchdog
I1110 11:26:05.124592       1 watchdog.go:225] Watchdog stopped
I1110 11:26:05.124660       1 main.go:221] Exiting with status: 0
I1110 11:26:05.125772  1006645 main.go:221] Exiting with status: 0
+ rm -f /home/USERNAME/runsc
+ echo 'gVisor in rootless mode in container:'
gVisor in rootless mode in container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main bash -c 'apt-get update && apt-get install -y wget && wget "https://storage.googleapis.com/gvisor/releases/release/latest/$(uname -m)/runsc" -O "$HOME/runsc" && chmod 555 "$HOME/runsc" && "$HOME/runsc" --rootless --network=none --ignore-cgroups=true --debug-log=/dev/stderr --host-settings=check do echo hi'
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 Packages [8789 kB]
Get:5 http://deb.debian.org/debian bookworm-updates/main amd64 Packages [2468 B]
Get:6 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [190 kB]
Fetched 9235 kB in 1s (7389 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  wget
0 upgraded, 1 newly installed, 0 to remove and 32 not upgraded.
Need to get 984 kB of archives.
After this operation, 3692 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 wget amd64 1.21.3-1+b2 [984 kB]
Fetched 984 kB in 0s (4681 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package wget.
(Reading database ... 17968 files and directories currently installed.)
Preparing to unpack .../wget_1.21.3-1+b2_amd64.deb ...
Unpacking wget (1.21.3-1+b2) ...
Setting up wget (1.21.3-1+b2) ...
--2024-11-10 10:26:07--  https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc
Resolving storage.googleapis.com (storage.googleapis.com)... 172.217.23.123, 2a00:1450:4001:828::201b, 2a00:1450:4001:803::201b, ...
Connecting to storage.googleapis.com (storage.googleapis.com)|172.217.23.123|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 65948943 (63M) [application/octet-stream]
Saving to: ‘/root/runsc’

/root/runsc                                          100%[===================================================================================================================>]  62.89M  22.8MB/s    in 2.8s

2024-11-10 10:26:10 (22.8 MB/s) - ‘/root/runsc’ saved [65948943/65948943]

I1110 10:26:10.915087       1 main.go:195] **************** gVisor ****************
I1110 10:26:10.915118       1 main.go:196] Version release-20241104.0, go1.23.2 X:nocoverageredesign, amd64, 8 CPUs, linux, PID 1, PPID 0, UID 0, GID 0
I1110 10:26:10.915126       1 main.go:198] Args: [/root/runsc --rootless --network=none --ignore-cgroups=true --debug-log=/dev/stderr --host-settings=check do echo hi]
I1110 10:26:10.915136       1 config.go:439] Platform: systrap
I1110 10:26:10.915160       1 config.go:440] RootDir: /var/run/runsc
I1110 10:26:10.915166       1 config.go:441] FileAccess: exclusive / Directfs: true / Overlay: root:self
I1110 10:26:10.915174       1 config.go:442] Network: none
I1110 10:26:10.915179       1 main.go:200] **************** gVisor ****************
I1110 10:26:10.915224       1 namespace.go:247] *** Re-running as root in new user namespace ***
W1110 10:26:10.915661       1 util.go:64] FATAL ERROR: Error executing inside namespace: re-executing self: fork/exec /proc/self/exe: permission denied
Error executing inside namespace: re-executing self: fork/exec /proc/self/exe: permission denied
W1110 10:26:10.915726       1 main.go:230] Failure to execute command, err: 1
+ echo 'gVisor in rootful mode in container:'
gVisor in rootful mode in container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main bash -c 'apt-get update && apt-get install -y wget && wget "https://storage.googleapis.com/gvisor/releases/release/latest/$(uname -m)/runsc" -O "$HOME/runsc" && chmod 555 "$HOME/runsc" && "$HOME/runsc" --network=none --ignore-cgroups=true --debug-log=/dev/stderr --host-settings=check do echo hi'
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 Packages [8789 kB]
Get:5 http://deb.debian.org/debian bookworm-updates/main amd64 Packages [2468 B]
Get:6 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [190 kB]
Fetched 9235 kB in 1s (7340 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  wget
0 upgraded, 1 newly installed, 0 to remove and 32 not upgraded.
Need to get 984 kB of archives.
After this operation, 3692 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 wget amd64 1.21.3-1+b2 [984 kB]
Fetched 984 kB in 0s (6408 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package wget.
(Reading database ... 17968 files and directories currently installed.)
Preparing to unpack .../wget_1.21.3-1+b2_amd64.deb ...
Unpacking wget (1.21.3-1+b2) ...
Setting up wget (1.21.3-1+b2) ...
--2024-11-10 10:26:13--  https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc
Resolving storage.googleapis.com (storage.googleapis.com)... 172.217.23.123, 2a00:1450:4001:80e::201b, 2a00:1450:4001:828::201b, ...
Connecting to storage.googleapis.com (storage.googleapis.com)|172.217.23.123|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 65948943 (63M) [application/octet-stream]
Saving to: ‘/root/runsc’

/root/runsc                                          100%[===================================================================================================================>]  62.89M  22.2MB/s    in 2.8s

2024-11-10 10:26:17 (22.2 MB/s) - ‘/root/runsc’ saved [65948943/65948943]

I1110 10:26:17.029970       1 main.go:195] **************** gVisor ****************
I1110 10:26:17.029996       1 main.go:196] Version release-20241104.0, go1.23.2 X:nocoverageredesign, amd64, 8 CPUs, linux, PID 1, PPID 0, UID 0, GID 0
I1110 10:26:17.030001       1 main.go:198] Args: [/root/runsc --network=none --ignore-cgroups=true --debug-log=/dev/stderr --host-settings=check do echo hi]
I1110 10:26:17.030009       1 config.go:439] Platform: systrap
I1110 10:26:17.030028       1 config.go:440] RootDir: /var/run/runsc
I1110 10:26:17.030032       1 config.go:441] FileAccess: exclusive / Directfs: true / Overlay: root:self
I1110 10:26:17.030038       1 config.go:442] Network: none
I1110 10:26:17.030042       1 main.go:200] **************** gVisor ****************
I1110 10:26:17.030552       1 do.go:441] Changing configuration RootDir to "/tmp/runsc-do1004181520"
I1110 10:26:17.030818       1 namespace.go:198] Mapping host uid 0 to container uid 0 (size=4294967295)
I1110 10:26:17.030836       1 namespace.go:206] Mapping host gid 0 to container gid 0 (size=4294967295)
W1110 10:26:17.031756       1 util.go:64] FATAL ERROR: creating container: cannot create gofer process: gofer: fork/exec /proc/self/exe: permission denied
creating container: cannot create gofer process: gofer: fork/exec /proc/self/exe: permission denied
W1110 10:26:17.031886       1 main.go:230] Failure to execute command, err: 1
+ echo 'unshare with strace inside container:'
unshare with strace inside container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main bash -c 'apt-get update && apt-get install -y strace && strace -ff unshare --map-root-user cat /proc/self/status'
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 Packages [8789 kB]
Get:5 http://deb.debian.org/debian bookworm-updates/main amd64 Packages [2468 B]
Get:6 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [190 kB]
Fetched 9235 kB in 1s (6843 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  libunwind8
The following NEW packages will be installed:
  libunwind8 strace
0 upgraded, 2 newly installed, 0 to remove and 32 not upgraded.
Need to get 1365 kB of archives.
After this operation, 3108 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 libunwind8 amd64 1.6.2-3 [51.2 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 strace amd64 6.1-0.1 [1314 kB]
Fetched 1365 kB in 0s (4492 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package libunwind8:amd64.
(Reading database ... 17968 files and directories currently installed.)
Preparing to unpack .../libunwind8_1.6.2-3_amd64.deb ...
Unpacking libunwind8:amd64 (1.6.2-3) ...
Selecting previously unselected package strace.
Preparing to unpack .../strace_6.1-0.1_amd64.deb ...
Unpacking strace (6.1-0.1) ...
Setting up libunwind8:amd64 (1.6.2-3) ...
Setting up strace (6.1-0.1) ...
Processing triggers for libc-bin (2.36-9+deb12u8) ...
execve("/usr/bin/unshare", ["unshare", "--map-root-user", "cat", "/proc/self/status"], 0x7ffd48b7a150 /* 46 vars */) = 0
brk(NULL)                               = 0x5e059fee2000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7455e9f27000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=22614, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 22614, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7455e9f21000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20t\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1922136, ...}, AT_EMPTY_PATH) = 0
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
mmap(NULL, 1970000, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7455e9d40000
mmap(0x7455e9d66000, 1396736, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26000) = 0x7455e9d66000
mmap(0x7455e9ebb000, 339968, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17b000) = 0x7455e9ebb000
mmap(0x7455e9f0e000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ce000) = 0x7455e9f0e000
mmap(0x7455e9f14000, 53072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7455e9f14000
close(3)                                = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7455e9d3d000
arch_prctl(ARCH_SET_FS, 0x7455e9d3d740) = 0
set_tid_address(0x7455e9d3da10)         = 140
set_robust_list(0x7455e9d3da20, 24)     = 0
rseq(0x7455e9d3e060, 0x20, 0, 0x53053053) = 0
mprotect(0x7455e9f0e000, 16384, PROT_READ) = 0
mprotect(0x5e059e0c8000, 4096, PROT_READ) = 0
mprotect(0x7455e9f59000, 8192, PROT_READ) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7455e9f21000, 22614)           = 0
geteuid()                               = 0
getegid()                               = 0
getrandom("\x0b\x70\x83\x8e\xf0\x94\xae\x2d", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5e059fee2000
brk(0x5e059ff03000)                     = 0x5e059ff03000
openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=258, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 258, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7455e9f26000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", O_RDONLY) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=27028, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 27028, PROT_READ, MAP_SHARED, 3, 0) = 0x7455e9d36000
close(3)                                = 0
futex(0x7455e9f13a4c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=23, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 23, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7455e9f25000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_TELEPHONE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_TELEPHONE", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=47, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 47, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7455e9f24000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_ADDRESS", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_ADDRESS", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=127, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 127, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7455e9f23000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_NAME", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_NAME", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=62, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 62, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7455e9f22000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_PAPER", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_PAPER", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=34, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 34, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7455e9f21000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_MESSAGES", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_MESSAGES", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_EMPTY_PATH) = 0
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=48, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 48, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7455e9d35000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_MONETARY", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_MONETARY", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=270, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 270, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7455e9d34000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_COLLATE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_COLLATE", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1406, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 1406, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7455e9d33000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_TIME", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_TIME", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=3360, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 3360, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7455e9d32000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_NUMERIC", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_NUMERIC", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=50, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 50, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7455e9d31000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_CTYPE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_CTYPE", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=353616, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 353616, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7455e9cda000
close(3)                                = 0
rt_sigaction(SIGCHLD, {sa_handler=SIG_DFL, sa_mask=[CHLD], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7455e9d7c050}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
unshare(CLONE_NEWUSER)                  = 0
openat(AT_FDCWD, "/proc/self/uid_map", O_WRONLY) = 3
write(3, "0 0 1", 5)                    = -1 EPERM (Operation not permitted)
openat(AT_FDCWD, "/usr/share/locale/C.UTF-8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/C.utf8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/C/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "unshare: ", 9unshare: )                = 9
write(2, "write failed /proc/self/uid_map", 31write failed /proc/self/uid_map) = 31
openat(AT_FDCWD, "/usr/share/locale/C.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/C.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/C/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, ": Operation not permitted\n", 26: Operation not permitted
) = 26
dup(1)                                  = 4
close(4)                                = 0
dup(2)                                  = 4
close(4)                                = 0
exit_group(1)                           = ?
+++ exited with 1 +++
+ echo 'Code execution outside container:'
Code execution outside container:
+ wget https://raw.githubusercontent.com/EtiennePerot/safe-code-execution/refs/heads/master/open-webui/tools/run_code.py -O /tmp/run_code.py
--2024-11-10 11:26:20--  https://raw.githubusercontent.com/EtiennePerot/safe-code-execution/refs/heads/master/open-webui/tools/run_code.py
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.110.133, 2606:50c0:8000::154, 2606:50c0:8003::154, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 139211 (136K) [text/plain]
Saving to: ‘/tmp/run_code.py’

/tmp/run_code.py                                     100%[===================================================================================================================>] 135.95K  --.-KB/s    in 0.05s

2024-11-10 11:26:20 (2.78 MB/s) - ‘/tmp/run_code.py’ saved [139211/139211]

+ CODE_EVAL_VALVE_OVERRIDE_REQUIRE_RESOURCE_LIMITING=false
+ python3 /tmp/run_code.py --use_sample_code --debug
Traceback (most recent call last):
  File "/tmp/run_code.py", line 43, in <module>
    import pydantic
ModuleNotFoundError: No module named 'pydantic'
+ echo 'Code execution outside container with sudo:'
Code execution outside container with sudo:
+ CODE_EVAL_VALVE_OVERRIDE_REQUIRE_RESOURCE_LIMITING=false
+ sudo python3 /tmp/run_code.py --use_sample_code --debug
Traceback (most recent call last):
  File "/tmp/run_code.py", line 43, in <module>
    import pydantic
ModuleNotFoundError: No module named 'pydantic'
+ rm -f /tmp/run_code.py
+ echo 'Code execution inside container:'
Code execution inside container:
+ sudo docker run --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly=false --mount type=bind,source=/proc,target=/proc2,readonly=false --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined --security-opt=label=type:container_engine_t -p 9000:8080 -e ENABLE_SIGNUP=false -e ENABLE_ADMIN_CHAT_ACCESS=false -e ENABLE_LOGIN_FORM=true -e DEFAULT_USER_ROLE=user -e OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true -e WEBUI_URL=https://xxxxxxx/ -e MICROSOFT_REDIRECT_URI=XXXXX -e ENABLE_OAUTH_SIGNUP=true -e MICROSOFT_CLIENT_ID=XXXX -e MICROSOFT_CLIENT_SECRET=XXX -e MICROSOFT_CLIENT_TENANT_ID=XXX -e OPENAI_API_KEY=XX -v open-webui:/app/backend/data --name open-webuii-test --rm -it ghcr.io/open-webui/open-webui:main bash -c 'apt-get update && apt-get install -y wget && wget "https://raw.githubusercontent.com/EtiennePerot/safe-code-execution/refs/heads/master/open-webui/tools/run_code.py" -O /tmp/run_code.py && CODE_EVAL_VALVE_OVERRIDE_REQUIRE_RESOURCE_LIMITING=false python3 /tmp/run_code.py --use_sample_code --debug'
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 Packages [8789 kB]
Get:5 http://deb.debian.org/debian bookworm-updates/main amd64 Packages [2468 B]
Get:6 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [190 kB]
Fetched 9235 kB in 1s (8011 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  wget
0 upgraded, 1 newly installed, 0 to remove and 32 not upgraded.
Need to get 984 kB of archives.
After this operation, 3692 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 wget amd64 1.21.3-1+b2 [984 kB]
Fetched 984 kB in 0s (5894 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package wget.
(Reading database ... 17968 files and directories currently installed.)
Preparing to unpack .../wget_1.21.3-1+b2_amd64.deb ...
Unpacking wget (1.21.3-1+b2) ...
Setting up wget (1.21.3-1+b2) ...
--2024-11-10 10:26:23--  https://raw.githubusercontent.com/EtiennePerot/safe-code-execution/refs/heads/master/open-webui/tools/run_code.py
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.110.133, 2606:50c0:8001::154, 2606:50c0:8002::154, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 139211 (136K) [text/plain]
Saving to: ‘/tmp/run_code.py’

/tmp/run_code.py                                     100%[===================================================================================================================>] 135.95K  --.-KB/s    in 0.03s

2024-11-10 10:26:23 (5.18 MB/s) - ‘/tmp/run_code.py’ saved [139211/139211]

Emitting status event: {'status': 'in_progress', 'description': 'Checking for updates...', 'done': False}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking for updates...', 'done': False}}
Event: {'type': 'status', 'data': {'status': 'in_progress', 'description': 'Checking for updates...', 'done': False}}
Emitting status event: {'status': 'error', 'description': "[DEBUG MODE] Environment needs setup work: procfs is obstructed; please mount a new procfs mount somewhere in the container, e.g. /proc2 (`--mount=type=bind,source=/proc,target=/proc2,readonly=false,bind-recursive=disabled`); language=python; code=print('Hello from the sandbox!')\nimport datetime, sys\nprint('Current date and time:', datetime.datetime.now())\nsys.stdout.flush()\nimport shutil, subprocess\nsubprocess.run([shutil.which('dmesg')], check=True)\nprint('Bye from the sandbox!')\n; valves=[NETWORKING_ALLOWED=True MAX_RUNTIME_SECONDS=30 MAX_RAM_MEGABYTES=128 REQUIRE_RESOURCE_LIMITING=False AUTO_INSTALL=True CHECK_FOR_UPDATES=True DEBUG=True]", 'done': True}
Event: {'type': 'status', 'data': {'status': 'error', 'description': "[DEBUG MODE] Environment needs setup work: procfs is obstructed; please mount a new procfs mount somewhere in the container, e.g. /proc2 (`--mount=type=bind,source=/proc,target=/proc2,readonly=false,bind-recursive=disabled`); language=python; code=print('Hello from the sandbox!')\nimport datetime, sys\nprint('Current date and time:', datetime.datetime.now())\nsys.stdout.flush()\nimport shutil, subprocess\nsubprocess.run([shutil.which('dmesg')], check=True)\nprint('Bye from the sandbox!')\n; valves=[NETWORKING_ALLOWED=True MAX_RUNTIME_SECONDS=30 MAX_RAM_MEGABYTES=128 REQUIRE_RESOURCE_LIMITING=False AUTO_INSTALL=True CHECK_FOR_UPDATES=True DEBUG=True]", 'done': True}}
{"python_code": "print('Hello from the sandbox!')\nimport datetime, sys\nprint('Current date and time:', datetime.datetime.now())\nsys.stdout.flush()\nimport shutil, subprocess\nsubprocess.run([shutil.which('dmesg')], check=True)\nprint('Bye from the sandbox!')\n", "status": "SANDBOX_ERROR", "output": "Environment needs setup work: procfs is obstructed; please mount a new procfs mount somewhere in the container, e.g. /proc2 (`--mount=type=bind,source=/proc,target=/proc2,readonly=false,bind-recursive=disabled`)"}

@EtiennePerot
Copy link
Owner

Thanks @benhaotang for re-running the script. I recently updated the code (again) to no longer check for procfs being obstructed, because the latest version of runsc (released last week) no longer requires an unobstructed view of procfs. So this particular problem should be gone next time you run the debug script (which I also updated). Please do and update the output you get.

But other than this procfs issue, I am still confused at why the error writing to uid_map is happening. One thing I still can't tell is whether the docker requests are going to the system-wide dockerd instance or the rootless one running as USERNAME, so I edited the script to be able to determine that too.

before I set up rootless mode, I already experienced the exact same problem described by the other two users previously, so I look up online and someone point out a certain webpage saying that ubuntu 24.04 has increased the limit on docker and kernel itself, and someone on stack exchange suggested setting up rootless mode, so I followed the docker documentation to setup rootless mode

Can you link to the specific page? I'm curious what this limit in the Ubuntu 24.04 kernel is, even if that's not the issue causing this.

Also, if I could reproduce this myself, it might be faster for me to debug. For example, if you are running all of this in a virtual machine, you could take a snapshot of the virtual machine (after removing any sensitive files) and upload it somewhere. Alternatively, I can try setting it up on a fresh Ubuntu install. Are you using Ubuntu 24.04 server, Ubuntu 24.04 desktop, or some Ubuntu 24.04 cloud image? I ask because they come with different default kernel configurations, so this might be relevant when trying to reproduce this issue. I added /etc/os-release to the debug script, so if you re-run the script that would also answer this question.

(If the output is too large, you can attach it as a text file to the GitHub comment.)

@benhaotang
Copy link

benhaotang commented Nov 12, 2024

Hi, I was not able to find the stack exchange webpage I was referring to, (I remember is about mounting /proc on ubuntu 24.04, but searching on google and my browser history turns out nothing:( strange and sorry), but I found out that docker's official website also talks about similar things when setting up rootless mode as of now:
grafik
Source: https://docs.docker.com/engine/security/rootless/
I was installing with the apt method so I should have app armor correctly installed. Don't know if this is related.

Are you using Ubuntu 24.04 server, Ubuntu 24.04 desktop, or some Ubuntu 24.04 cloud image

I am using 24.04 desktop, I use it as my home machine and server, I just got this machine on prime day so it's a pretty fresh and new install of ubuntu so far.

I re-run your script in both default mode and rootless mode, please find the log for both:
running-log-default.txt
running-log-rootless.txt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants