开源软件名称:crashcart
开源软件地址:https://gitee.com/mirrors/crashcart
开源软件介绍:
crashcart - microcontainer debugging tool
What is crashcart ?crashcart is a simple command line utility that lets you sideload an imagewith linux binaries into an existing container.
Building crashcart
Install rust: curl https://sh.rustup.rs -sSf | shrustup toolchain install stable-x86_64-unknown-linux-gnurustup default stable-x86_64-unknown-linux-gnu # for stablerustup target install x86_64-unknown-linux-musl # for stablerustup toolchain install nightly-x86_64-unknown-linux-gnurustup default nightly-x86_64-unknown-linux-gnu # for nightlyrustup target install x86_64-unknown-linux-musl # for nightly Building can be done via build.sh: By default, build.sh builds a dynamic binary using gnu. To build a staticbinary, set TARGET to x86_64-unknown-linux-musl : TARGET=x86_64-unknown-linux-musl ./build.sh Building crashcart.img Image build dependencies: crashcart will load binaries from an image file into a running container. Tobuild the image, you just need docker installed and then you can usebuild_image.sh:
The build image script will build a crashcart_builder image using thedockerfile in the builder directory. It will then run this builder as aprivileged container. It needs to be privileged because the image is created byloopback mounting an ext3 filesystem and copying files in. It may be possibleto do this without root privileges using something like e2tools, but these havenot been packaged for alpine. The crashcart_builder will take a very long time the first time it is run.The relocated binaries are built from source via the nix package manager, andthe toolchain needs to be built from scratch. Later builds should go much morequickly because the nix store is cached in a in the vol directory and bindmounted into the builder. To add to the list of packages in the resulting image, simply add the packagenames to the packages file before building. Packages are installed via thenix-env tool. An up-to-date list of nix packages can be searchedhere. Using crashcart To enter a container and run crashcart 's bash just pass the container id: $ID can be the container id of a docker or rkt container, or the pid of anyprocess running inside a container. To run another command from the crashcart image, pass the full path: sudo ./crashcart $ID /dev/crashcart/bin/tcpdump To use docker-exec instead of entering the namespaces via crashcart 'sinternal namespace handling, use the -e flag (NOTE: that this requires $ID to bea docker container id): Manually Running Binaries from the crashcart ImageTo manually mount the crashcart image into a container, use the -m flag. To manually unmount the crashcart image from a container, use the -u flag. Once you have manually mounted the image, you can use docker exec ornsenter to run things inside the container. crashcart locates its binariesin /dev/crashcart/bin or /dev/crashcart/sbin . To executetcpdump for example, you can use: docker exec -it $CONTAINER_ID /dev/crashcart/bin/tcpdump To run a shell with the all of crashcart 's utilities available in the path, youcan use: docker exec -it $CONTAINER_ID -- \/dev/crashcart/profile/bin/bash --rcfile /dev/crashcart/.crashcartrc -i You can also do an equivalent command using nsenter : sudo nsenter -m -u -i -n -p -t $PID -- \/dev/crashcart/profile/bin/bash --rcfile /dev/crashcart/.crashcartrc -i Note that if you are using user namespaces you might have to specify -U. Youalso can use -S and -G to use a different user or group id in the container. crashcart leaves the image mounted as a loopback device. If there are nocontainers still using the crashcart image, you can remove the device asfollows:
sudo losetup -d `readlink crashcart.img.lnk`; sudo rm crashcart.img.lnk Known Issuescrashcart doesn't work with user namespaces prior to kernel 4.8. In earlierversions of the kernel, when you attempt to mount a device inside a mountnamespace that is a child of a user namespace, the kernel returns EPERM. Thelogic was changed in 4.8 so that it is possible as long as the caller of mountis in the init userns.
TODO- add functionality to run image with crashcart mount using docker run -v
- temporarily remount /dev in the container rw if it is ro
- allow user to set uid and gid in the container
Contributingcrashcart is an open source project. See CONTRIBUTING fordetails.
Oracle gratefully acknowledges the contributions to crashcart that have been madeby the community. Getting in touchThe best way to get in touch is Slack. Click here to join the the Oracle Container Tools workspace. Then join the Crashcart channel. LicenseCopyright (c) 2017, Oracle and/or its affiliates. All rights reserved. crashcart is dual licensed under the Universal Permissive License 1.0 and theApache License 2.0.
See LICENSE for more details. |
请发表评论