Created
November 2, 2022 14:28
-
-
Save FahadBSyed/09aa78d1eac6b4ede5b7edcab460017d to your computer and use it in GitHub Desktop.
Scratch Docker Container with Fuse
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM alpine:3.10 AS pachyderm_build | |
| RUN mkdir -p /tmp/to-copy/tmp && chmod -R 777 /tmp/to-copy | |
| RUN apk add -U ca-certificates | |
| RUN apk add fuse | |
| # Required to fix binary compatibility issues | |
| RUN apk add libc6-compat | |
| # Required to setup users needed for go-fuse library | |
| RUN addgroup 1000 | |
| RUN adduser --disabled-password --gecos '' 1000 -u 1000 -G 1000 -h / | |
| ## Getting the application to run in a scratch image is proving to be difficult. | |
| # https://www.mgasch.com/2017/11/scratch/ | |
| FROM scratch | |
| # Must be built with CGO_ENABLED otherwise, we need to include the musl-x86_64 libraries below. | |
| COPY hello-fuse /hello-fuse | |
| # These are just for debugging the PoC | |
| COPY --from=pachyderm_build usr/bin/whoami usr/bin/whoami | |
| COPY --from=pachyderm_build bin/cat bin/cat | |
| COPY --from=pachyderm_build bin/sh bin/sh | |
| COPY --from=pachyderm_build bin/ls bin/ls | |
| COPY --from=pachyderm_build bin/chmod bin/chmod | |
| COPY --from=pachyderm_build bin/chown bin/chown | |
| COPY --from=pachyderm_build bin/sleep bin/sleep | |
| # I found these in the worker image | |
| COPY --from=pachyderm_build /tmp/to-copy / | |
| COPY --from=pachyderm_build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ | |
| # Required to setup users needed for go-fuse library | |
| COPY --from=pachyderm_build /etc/passwd /etc/passwd | |
| # Fuse dependencies -- includes binaries plus dynamically linked libraries | |
| # Fuse depends on musl and fuse-common | |
| # See: https://jvns.ca/blog/2021/11/17/debugging-a-weird--file-not-found--error/ | |
| # See: https://pkgs.alpinelinux.org/contents?branch=edge&name=fuse&arch=x86&repo=main | |
| COPY --from=pachyderm_build /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1 | |
| COPY --from=pachyderm_build /lib/libc.musl-x86_64.so.1 /lib/libc.musl-x86_64.so.1 | |
| COPY --from=pachyderm_build bin/fusermount bin/fusermount | |
| COPY --from=pachyderm_build bin/ulockmgr_server bin/ulockmgr_server | |
| COPY --from=pachyderm_build lib/udev/rules.d/99-fuse.rules lib/udev/rules.d/99-fuse.rules | |
| COPY --from=pachyderm_build sbin/mount.fuse sbin/mount.fuse | |
| COPY --from=pachyderm_build usr/lib/libfuse.so.2 usr/lib/libfuse.so.2 | |
| COPY --from=pachyderm_build usr/lib/libfuse.so.2.9.8 usr/lib/libfuse.so.2.9.8 | |
| COPY --from=pachyderm_build usr/lib/libulockmgr.so.1 usr/lib/libulockmgr.so.1 | |
| COPY --from=pachyderm_build usr/lib/libulockmgr.so.1.0.1 usr/lib/libulockmgr.so.1.0.1 | |
| # This used to be enabled when testing the actual mounting without exec'ing into the container. | |
| #COPY --chown=1000:1000 mnt /pfs | |
| USER 1000 | |
| # This used to be enabled when testing the actual mounting. | |
| #ENTRYPOINT ["/hello-fuse", "/pfs"] | |
| # Execute docker with: | |
| # See: https://github.com/s3fs-fuse/s3fs-fuse/issues/647#issuecomment-392697838 | |
| # docker run -d --rm --device /dev/fuse --cap-add SYS_ADMIN -it hello-fuse:latest sh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment