-
Notifications
You must be signed in to change notification settings - Fork 171
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dangerzone not compatible with colima? #865
Comments
Hi Lasse, thanks for opening this issue. Colima is unfortunately currently not supported and we do not test Dangerzone with it at the moment. We are aware of the licensing problems tied with the use of Docker Desktop tough, and have a specific issue for discussing its replacement #118, and colima is one of the options! That being said, I reproduced locally your error, in order to better understand what is going on. On an Apple silicon M1 machine with the following commands, I reproduced the issue. Let me detail the steps here, because getting the actual error is currently not straightforward. VersionsJust putting here the colima version in case it is not the same. $ colima version
colima version 0.6.9
git commit: c3a31ed05f5fab8b2cdbae835198e8fb1717fd0f
runtime: docker
arch: aarch64
client: v26.1.3
server: v26.1.1 Especially important to check that the architecture is Reproducing the issueHere is how I start colima
Starting Dangerzone /Applications/Dangerzone.app/Contents/MacOS/dangerzone-cli ~/Downloads/picture.jpg , which outputs an /opt/homebrew/bin/docker run --security-opt=no-new-privileges:true --cap-drop all --cap-add SYS_CHROOT --network=none -u dangerzone --rm -i --name dangerzone-doc-to-pixels-NjuD3m dangerzone.rocks/dangerzone /usr/bin/python3 -m dangerzone.conversion.doc_to_pixels Running this manually got me the actual error: Error executing inside namespace: re-executing self: fork/exec /proc/self/exe: operation not permitted The issueThis seems related to the use of gVisor (introduced in the latest release), and the change in seccomp policies that went with it. This has bitten us before in the past, see #846 for a similar case, and the way we detect if we have to specify a seccomp file ourselves is by looking at the Specifying the path to the seccomp policy, like we do for older versions of Docker Desktop, by adding this to the --security-opt seccomp=/Applications/Dangerzone.app//Contents/Resources/share/seccomp.gvisor.json Which unfortunately brings us another error message:
I'm not sure why the gVisor container doesn't run in this setup. |
Adding the Details
The interesting part being at the very end: W0711 12:29:49.310324 28 specutils.go:129] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
I0711 12:29:49.310360 28 chroot.go:91] Setting up sandbox chroot in "/tmp"
W0711 12:29:49.310395 28 util.go:64] FATAL ERROR: error setting up chroot: error converting mounts: permission denied
error setting up chroot: error converting mounts: permission denied |
Dear Almet, Thank you very much for your response! So at least I know, that this is not a "local problem" on my Mac. ;-) I tried to reproduce the steps you mentioned, but it looks different on my machine:
|
When converting any documents with Dangerzone 0.7.0 under Fedora 40, I always get the same error message “Unspecified error”. There is probably no connection, even if the error message is the same, right? |
Hi @sudwhiwdh. Uhm, this is actually not expected, so could you perhaps start a new issue and share some logs there? Unlike Colima, Podman in Fedora 40 is a supported configuration, and I'd like to learn more. |
@LasseKrache can you also run the following command:
(I've added these arguments: |
@apyrgio i'm also interested in a docker desktop alternative so i installed colima, here is what i get on an M2 macbook:
|
The relevant log section is:
This is part of gVisor's setup process. I'm not super familiar with Colima but it looks like it uses a VM much like Docker Desktop does, so this likely stems from a difference in permissions between the VM image that Colima uses vs the one Docker Desktop uses. I don't have an M2 Macbook, but could probably look into reproducing this by running the Colima VM image on a Linux host. |
This seems related to abiosoft/colima#267, which points to the fact that only |
You can try running colima with Also, here is how to change the mounts to make this permanent. Can you give it a try and report if it works on your end? colima stop
limactl edit colima Check the |
Thank you again for your response - really appreciate it! :-)
so I changed it to Beside that, I noticed that limactl cannot find the colima instance:
so I cannot change the mount entries ... I guess, that there is a "bigger" problem ... and that I really need to learn more about all these topics. |
Thanks for the follow-up. This "Dangerzone requires Docker Desktop" error is probably due to the fact we're looking for the wrong binaries (because we detect the OS and use different binaries for the container technology based on the result). Because we want at some point to provide alternatives for docker desktop (see #118), I'll have a look later on to see if I can get it running on a Mac Silicon machine (Unfortunately, I don't have it with me right now). |
gVisor picks its temporary directory using To see if this works, try to edit this section of the code: dangerzone/dangerzone/isolation_provider/container.py Lines 145 to 150 in f739761
Add a line somewhere in there to set the
(Yes, this doesn't really belong in the Using this, can you try setting If it works with |
Hm, there's something I don't follow here. For the first stage of the conversion, we don't want something from the host within the container. As long as gVisor can write to Note though that I do think that the second part of the conversion may fail, due to the |
Setting the docker run --rm -it --security-opt seccomp=unconfined --entrypoint ash dangerzone.rocks/dangerzone:latest
TMPDIR=/tmp/colima RUNSC_DEBUG=1 ./entrypoint.py In these cases, having setting the permissions to That being said, the The complete error message is as follows:
The actual error from gVisor, is triggered by these lines, which is probably where it throws the "permission denied" error we see, when trying to "safe mount" on Note: I've also tried to change the VM type used by colima (from |
Another possibility here might be AppArmor. At least on Docker, I believe the default profile prevents Can you try to add |
Hm, interesting idea. I see that Colima has switched to an Ubuntu VM image on version 0.6.0: https://github.com/abiosoft/colima/blob/main/docs/FAQ.md#version-v060-and-newer. So, it may have AppArmor support. Alexis will be most likely unavailable this week, but hopefully he can give it a look once he's back. |
We were releasing a hotfix release last week, and haven't got the time to have a look at this until now. Looking at the output of
To disable apparmor in the colima VM, here is what I did:
And then, running our entrypoint in debug mode as follows. Unfortunately it still gives me the same output, it seems that fork is not authorized, not sure why: /opt/homebrew/bin/docker run --security-opt seccomp=unconfined --security-opt label=type:container_engine_t --security-opt apparmor=unconfined --network=none -u dangerzone -e RUNSC_DEBUG=1 --rm -i dangerzone.rocks/dangerzone
Running gVisor with command line: /usr/bin/runsc --rootless=true --network=none --root=/home/dangerzone/.containers --debug=true --alsologtostderr=true run --bundle=/home/dangerzone/dangerzone-image dangerzone
I1005 21:45:09.935060 7 main.go:196] **************** gVisor ****************
I1005 21:45:09.935131 7 main.go:197] Version release-20240826.0, go1.22.0 X:nocoverageredesign, arm64, 4 CPUs, linux, PID 7, PPID 1, UID 1000, GID 1000
D1005 21:45:09.935151 7 main.go:198] Page size: 0x1000 (4096 bytes)
I1005 21:45:09.935159 7 main.go:199] Args: [/usr/bin/runsc --rootless=true --network=none --root=/home/dangerzone/.containers --debug=true --alsologtostderr=true run --bundle=/home/dangerzone/dangerzone-image dangerzone]
I1005 21:45:09.935173 7 config.go:413] Platform: systrap
I1005 21:45:09.935229 7 config.go:414] RootDir: /home/dangerzone/.containers
I1005 21:45:09.935235 7 config.go:415] FileAccess: exclusive / Directfs: true / Overlay: root:self
I1005 21:45:09.935247 7 config.go:416] Network: none
I1005 21:45:09.935254 7 config.go:418] Debug: true. Strace: false, max size: 1024, syscalls:
D1005 21:45:09.935261 7 config.go:436] Config.RootDir (--root): /home/dangerzone/.containers
D1005 21:45:09.935269 7 config.go:436] Config.Traceback (--traceback): system
D1005 21:45:09.935275 7 config.go:436] Config.Debug (--debug): true
D1005 21:45:09.935280 7 config.go:436] Config.LogFilename (--log): (empty)
D1005 21:45:09.935285 7 config.go:436] Config.LogFormat (--log-format): text
D1005 21:45:09.935289 7 config.go:436] Config.DebugLog (--debug-log): (empty)
D1005 21:45:09.935292 7 config.go:436] Config.DebugToUserLog (--debug-to-user-log): false
D1005 21:45:09.935296 7 config.go:436] Config.DebugCommand (--debug-command): (empty)
D1005 21:45:09.935300 7 config.go:436] Config.PanicLog (--panic-log): (empty)
D1005 21:45:09.935303 7 config.go:436] Config.CoverageReport (--coverage-report): (empty)
D1005 21:45:09.935317 7 config.go:436] Config.DebugLogFormat (--debug-log-format): text
D1005 21:45:09.935321 7 config.go:436] Config.FileAccess (--file-access): exclusive
D1005 21:45:09.935326 7 config.go:436] Config.FileAccessMounts (--file-access-mounts): shared
D1005 21:45:09.935330 7 config.go:436] Config.Overlay (--overlay): false
D1005 21:45:09.935337 7 config.go:436] Config.Overlay2 (--overlay2): root:self
D1005 21:45:09.935345 7 config.go:436] Config.FSGoferHostUDS (--fsgofer-host-uds): false
D1005 21:45:09.935349 7 config.go:436] Config.HostUDS (--host-uds): none
D1005 21:45:09.935696 7 config.go:436] Config.HostFifo (--host-fifo): none
D1005 21:45:09.935706 7 config.go:436] Config.Network (--network): none
D1005 21:45:09.935711 7 config.go:436] Config.EnableRaw (--net-raw): false
D1005 21:45:09.935715 7 config.go:436] Config.AllowPacketEndpointWrite (--TESTONLY-allow-packet-endpoint-write): false
D1005 21:45:09.935724 7 config.go:436] Config.HostGSO (--gso): true
D1005 21:45:09.935733 7 config.go:436] Config.GVisorGSO (--software-gso): true
D1005 21:45:09.935737 7 config.go:436] Config.GVisorGRO (--gvisor-gro): false
D1005 21:45:09.935741 7 config.go:436] Config.TXChecksumOffload (--tx-checksum-offload): false
D1005 21:45:09.935745 7 config.go:436] Config.RXChecksumOffload (--rx-checksum-offload): true
D1005 21:45:09.935748 7 config.go:436] Config.QDisc (--qdisc): fifo
D1005 21:45:09.935754 7 config.go:436] Config.LogPackets (--log-packets): false
D1005 21:45:09.935771 7 config.go:436] Config.PCAP (--pcap-log): (empty)
D1005 21:45:09.935774 7 config.go:436] Config.Platform (--platform): systrap
D1005 21:45:09.935778 7 config.go:436] Config.PlatformDevicePath (--platform_device_path): (empty)
D1005 21:45:09.935782 7 config.go:436] Config.MetricServer (--metric-server): (empty)
D1005 21:45:09.935785 7 config.go:436] Config.ProfilingMetrics (--profiling-metrics): (empty)
D1005 21:45:09.935789 7 config.go:436] Config.ProfilingMetricsLog (--profiling-metrics-log): (empty)
D1005 21:45:09.935794 7 config.go:436] Config.ProfilingMetricsRate (--profiling-metrics-rate-us): 1000
D1005 21:45:09.935797 7 config.go:436] Config.Strace (--strace): false
D1005 21:45:09.935801 7 config.go:436] Config.StraceSyscalls (--strace-syscalls): (empty)
D1005 21:45:09.935805 7 config.go:436] Config.StraceLogSize (--strace-log-size): 1024
D1005 21:45:09.935808 7 config.go:436] Config.StraceEvent (--strace-event): false
D1005 21:45:09.935812 7 config.go:438] Config.DisableSeccomp: false
D1005 21:45:09.935819 7 config.go:436] Config.EnableCoreTags (--enable-core-tags): false
D1005 21:45:09.935830 7 config.go:436] Config.WatchdogAction (--watchdog-action): logWarning
D1005 21:45:09.935839 7 config.go:436] Config.PanicSignal (--panic-signal): -1
D1005 21:45:09.935843 7 config.go:436] Config.ProfileEnable (--profile): false
D1005 21:45:09.935846 7 config.go:436] Config.ProfileBlock (--profile-block): (empty)
D1005 21:45:09.935850 7 config.go:436] Config.ProfileCPU (--profile-cpu): (empty)
D1005 21:45:09.935864 7 config.go:436] Config.ProfileHeap (--profile-heap): (empty)
D1005 21:45:09.935868 7 config.go:436] Config.ProfileMutex (--profile-mutex): (empty)
D1005 21:45:09.935871 7 config.go:436] Config.TraceFile (--trace): (empty)
D1005 21:45:09.935875 7 config.go:436] Config.NumNetworkChannels (--num-network-channels): 1
D1005 21:45:09.935879 7 config.go:436] Config.NetworkProcessorsPerChannel (--network-processors-per-channel): 0
D1005 21:45:09.935883 7 config.go:436] Config.Rootless (--rootless): true
D1005 21:45:09.935886 7 config.go:436] Config.AlsoLogToStderr (--alsologtostderr): true
D1005 21:45:09.935891 7 config.go:436] Config.ReferenceLeak (--ref-leak-mode): disabled
D1005 21:45:09.935896 7 config.go:436] Config.CPUNumFromQuota (--cpu-num-from-quota): false
D1005 21:45:09.935899 7 config.go:436] Config.AllowFlagOverride (--allow-flag-override): false
D1005 21:45:09.935903 7 config.go:436] Config.OCISeccomp (--oci-seccomp): false
D1005 21:45:09.935907 7 config.go:436] Config.IgnoreCgroups (--ignore-cgroups): false
D1005 21:45:09.935910 7 config.go:436] Config.SystemdCgroup (--systemd-cgroup): false
D1005 21:45:09.935916 7 config.go:436] Config.PodInitConfig (--pod-init-config): (empty)
D1005 21:45:09.935920 7 config.go:436] Config.BufferPooling (--buffer-pooling): true
D1005 21:45:09.935924 7 config.go:436] Config.XDP (--EXPERIMENTAL-xdp): {0 }
D1005 21:45:09.935931 7 config.go:436] Config.AFXDPUseNeedWakeup (--EXPERIMENTAL-xdp-need-wakeup): true
D1005 21:45:09.935935 7 config.go:436] Config.FDLimit (--fdlimit): -1
D1005 21:45:09.935948 7 config.go:436] Config.DCache (--dcache): -1
D1005 21:45:09.935952 7 config.go:436] Config.IOUring (--iouring): false
D1005 21:45:09.935959 7 config.go:436] Config.DirectFS (--directfs): true
D1005 21:45:09.935963 7 config.go:436] Config.AppHugePages (--app-huge-pages): true
D1005 21:45:09.935967 7 config.go:436] Config.NVProxy (--nvproxy): false
D1005 21:45:09.935970 7 config.go:436] Config.NVProxyDocker (--nvproxy-docker): false
D1005 21:45:09.935974 7 config.go:436] Config.NVProxyDriverVersion (--nvproxy-driver-version): (empty)
D1005 21:45:09.935978 7 config.go:436] Config.TPUProxy (--tpuproxy): false
D1005 21:45:09.935981 7 config.go:436] Config.TestOnlyAllowRunAsCurrentUserWithoutChroot (--TESTONLY-unsafe-nonroot): false
D1005 21:45:09.935985 7 config.go:436] Config.TestOnlyTestNameEnv (--TESTONLY-test-name-env): (empty)
D1005 21:45:09.935989 7 config.go:436] Config.TestOnlyAFSSyscallPanic (--TESTONLY-afs-syscall-panic): false
D1005 21:45:09.935993 7 config.go:438] Config.explicitlySet: <map[string]struct {} Value> (unexported)
D1005 21:45:09.935999 7 config.go:436] Config.ReproduceNAT (--reproduce-nat): false
D1005 21:45:09.936005 7 config.go:436] Config.ReproduceNftables (--reproduce-nftables): false
D1005 21:45:09.936009 7 config.go:436] Config.NetDisconnectOk (--net-disconnect-ok): false
D1005 21:45:09.936013 7 config.go:436] Config.TestOnlyAutosaveImagePath (--TESTONLY-autosave-image-path): (empty)
D1005 21:45:09.936017 7 config.go:436] Config.TestOnlyAutosaveResume (--TESTONLY-autosave-resume): false
I1005 21:45:09.936020 7 main.go:201] **************** gVisor ****************
I1005 21:45:09.936145 7 namespace.go:247] *** Re-running as root in new user namespace ***
W1005 21:45:09.936308 7 util.go:64] FATAL ERROR: Error executing inside namespace: re-executing self: fork/exec /proc/self/exe: permission denied
Error executing inside namespace: re-executing self: fork/exec /proc/self/exe: permission denied
W1005 21:45:09.936668 7 main.go:231] Failure to execute command, err: 1
gVisor quit with exit code: 128 |
Thanks for looking. To be clear, I don't think AppArmor needs to be disabled system-wide, just the In your logs it shows that I've installed Colima on my Linux machine and was not able to reproduce this. There are other settings that could make the Can you try to read
|
Thanks @EtiennePerot. Running with the latest container doesn't make a difference (I was using the container we shipped with Here is the result of the command:
Additionally, |
After some more tinkering with @apyrgio, we found that it's possible to make the container work with colima, by doing the following changes:
diff --git a/dangerzone/isolation_provider/container.py b/dangerzone/isolation_provider/container.py
index fe6626c..cbf6c52 100644
--- a/dangerzone/isolation_provider/container.py
+++ b/dangerzone/isolation_provider/container.py
@@ -142,6 +145,7 @@ class Container(IsolationProvider):
security_args += ["--cap-drop", "all"]
security_args += ["--cap-add", "SYS_CHROOT"]
security_args += ["--security-opt", "label=type:container_engine_t"]
+ security_args += ["--security-opt", "apparmor=unconfined"]
security_args += ["--network=none"]
security_args += ["-u", "dangerzone"]
and also colima ssh sudo su
echo "kernel.apparmor_restrict_unprivileged_userns = 0" >/etc/sysctl.d/99-userns.conf
sysctl --system With these two changes, the conversion from pixels to PDF phase will still fail with colima. This means that even when applying these fixes, dangerzone <= 0.7.1 will not be able to convert documents. Fortunately, this situation is fixed by the on-host conversion work (see #625). This is expected to be merged in the following weeks, and be included with the Still, we are not super happy with the idea of adding If you would like this to happen, don't hesitate to experiment around with colima/lima settings, and report your findings here. |
Thanks for debugging this! I'm assuming that the problem was that the VM configuration lima uses for
This restriction against Then, as a longer-term thing, I think it would be feasible to fork Docker's default AppArmor profile, allow |
This got me thinking; we know that Dangerzone works in Ubuntu, and we have also checked that the AppArmor module is loaded and enforced in Ubuntu distros. So, if this was the case, why haven't we encountered a problem yet? Well, turns out that the AppArmor profile for Podman allows everything:
It also shows up as
Note Enforcing the unrestrictive Podman profile with
I think you're right Etienne. We have demonstrated that setting AppArmor to
I think we can move forward with your plan. |
I haven't found any changes on the lima repository making changes on these kernel settings, unfortunately. The closest I had was lima-vm/lima#1911 but it was included in colima switched from an Alpine-based image to a Ubuntu-based one in their latest versions. Could it be related to this maybe? 🤔
There is definitely something going on: I would also expect that enforcing a pass-trough profile to not change anything in the end. There is something we don't understand about App Armor and how it affects the containers.
It seem to be a good idea on the long run! If that's okay for you, I would prefer holding that off a little, until we have a better understanding of the interconnections between App Armor and container security. After all and as you mentioned, none of our supported platforms are currently affected right now. I'm always a bit reluctant to disable security features, especially if there is something I miss 🫣🙃. |
Hello,
As I am not allowed to use docker desktop on my MacBook (I would need a license), I normally use colima (https://github.com/abiosoft/colima), but dangerzone doesn't work with it. After "convert to safe document" I only get the message "unspecified error". Thought that version 0.7 maybe change this, but I get the same error.
Any suggestions (beside installing docker desktop)?
Thank you very much,
Lasse
The text was updated successfully, but these errors were encountered: