Alternative to Docker that is less restrictive for maintaining package dependencies

I work on robotics on ROS running with Xenial, but this applies to any application running on Ubuntu. With a team of engineers, its rather hard to keep everyone’s test station uniform in package versions. A while back, we had a testbed break completely since a new update/upgrade changed much of a package functionality.

I want to avoid this and have a solution that allows me to duplicate these testbeds with ease.

I realize that Docker is the popular solution for this, but the container solution is a little bit too restrictive for my needs. I don’t mind reinstalling drivers and etc and I’m finding it cumbersome to deal with Docker specific issues in getting my original testbed running(especially as it requires multi-containers).

Is there a solution available that can achieve my needs without going as far as a container like Docker?

The dumb method would just be clone my entire testbed…maybe that’s still the best for me?

#!/bin/bash -i when to use it in a docker file

I need to understand when I need to use the -i .

It’s a convention so the *nix shell knows what kind of interpreter to run.

For example, older flavors of ATT defaulted to sh (the Bourne shell), while older versions of BSD defaulted to csh (the C shell).

Even today (where most systems run bash, the “Bourne Again Shell”), scripts can be in bash, python, perl, ruby, PHP, etc, etc. For example, you might see #!/bin/perl or #!/bin/perl5.

How do I get around error 403 when installing docker CE on Ubuntu 19.04

I am trying to install docker CE on ubuntu 19.04. I am getting an error 403. Reading package lists… Done E: Failed to fetch https://apt.dockerproject.org/repo/dists/ubuntu-disco/InRelease 403 Forbidden [IP: 99.86.52.107 443] E: The repository ‘https://apt.dockerproject.org/repo ubuntu-disco InRelease’ is not signed. N: Updating from such a repository can’t be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.

I am following the documentation at https://docs.docker.com/v17.09/engine/installation/linux/docker-ce/ubuntu/#os-requirements

Anyone any ideas?

Problema con docker en windows

Hola espero y me puedan ayudar.

Estoy iniciando con los contenedores y estoy practicando con un par de aplicaciones.

Estoy usando:
– Spring boot.
– Docker para Windows (Linux Container)

Tengo un aplicación con el siguiente Dockerfile

De la imagen que partimos

FROM frolvlad/alpine-java:jdk8-slim AS builder

Directorio de trabajo

WORKDIR /app

Copiamos el .jar en el directorio de trabajo

COPY target/ciudadano-0.0.1-SNAPSHOT.jar /app

Exponemos el puerto 8080

EXPOSE 8080

Comando que se ejecutará una vez ejecutemos el contendor

CMD [“java”, “-jar”,”ciudadano-0.0.1-SNAPSHOT.jar”]

Creo la imagen en el cdm con el siguiente comando: docker build -t ciudadano_image .

Después creo el contenedor: docker run -d -p 8080:8080 –name ciudadano_container ciudadano_image

y todo correcto hasta aquí. Cuando consulto los contenedores me lanza esto: docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 00a39fa6b02a ciudadano_image “java -jar ciudadano…” 16 minutes ago Up 16 minutes 0.0.0.0:8080->8080/tcp ciudadano_container

Pero al entrar a mi localhost en el puerto: 8080 no puedo acceder.

Cuando consulto los los del contenedor me dice que si se levanto la aplicación: docker logs ciudadano_container Tomcat started on port(s): 8001 (http) with context path ” Started CiudadanoApplication in 12.59 seconds (JVM running for 13.589)

De igual forma entro a este puerto y no lo puedo alcanzar.

Espero y me puedan ayudar.

Saludos.

Allow non-root user to use some Docker commands

I have a user restricted, and the user can only access its own files. It is a non-root user, and so, therefore, cannot use Docker (doing docker run foo => docker: Got permission denied while trying to connect to the Docker daemon socket...).

I want to allow this user to create their own Docker images from only their file space, and only be able to delete/rmi their own images that they have made. Furthermore, they will only be able to run their own images and stop their own image containers.

From the questions I have read, the only way for this to happen is to add a root user to a group the non-root user is in, making a huge vulnerability risk.

Docker won’t get USER variable setted if I use useradd

I have a dockerfile with these commands:

RUN useradd -ms /bin/bash dev USER dev  WORKDIR /home/dev/orwell/gtk/build/desktoplinux  ENTRYPOINT "/bin/bash" 

I need a docker image that has an user, because I have an app that calls https://linux.die.net/man/3/getlogin_r, which requires an user.

However, this system call fails, and I suspect it’s because there’s no $ USER variable setted inside my docker image, even though I created an user.

Where is the problem?

How do I fix “failed to start journal service” on Ubuntu 18 Server running docker containers?

I have an Ubuntu 18 Server. I created a small number of persistent docker containers but ever since I created the docker containers the server has started locking up with the error “failed to start journal service”.

I’m not a Linux expert so I’m not sure where to start in debugging and fixing this.

Rebooting works for a while.

Why is envsubst with a pre-defined set of variables not working in a docker container?

I learned in https://unix.stackexchange.com/questions/294378/replacing-only-specific-variables-with-envsubst how to replace only a set of variables when using envsubst.

I have a file infile with the following content:

VAR1=$  var1 VAR2=$  var2 VAR3=$  var3 

Let’s say I only want to replace $ var1 and $ var2, and leave $ var3 untouched.

I do the following on my machine:

export var1=one export var2=two export var3=three envsubst '$  var1 $  var2' < infile 

This gives:

VAR1=one VAR2=two VAR3=$  var3 

Great, that works!

Next, I want to do the same in a docker container. I extracted my problem to the following:

docker run -e var1=one \            -e var2=two \            -v /home/robin/temp:/robin \            ubuntu:18.04 \            bash -c "apt update && apt install gettext -y && \                     envsubst '$  var1 $  var2' < /robin/infile" 

This however gives:

VAR1=$  var1 VAR2=$  var2 VAR3=$  var3 

So in other words, the replacement did not happen.

Why is that and is there a way to fix it?

Even more strange (to me at least), is that when I omit '$ var1 $ var2', and thus let envsubst replace everything, the replacement just works:

docker run -e var1=one \            -e var2=two \            -v /home/robin/temp:/robin \            ubuntu:18.04 \            bash -c "apt update && apt install gettext -y && \                     envsubst < /robin/infile" 
VAR1=one VAR2=two VAR3= 

unable to update ubuntu Docker container using apt-get update

when I run ubuntu as Docker container and when I run apt-get update command it gives error and fails to update the repos.

Here is what error I’m getting :

root@df167e514b29:/# sudo bash: sudo: command not found root@df167e514b29:/# apt-get update Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
Temporary failure resolving 'archive.ubuntu.com' Err:2 http://security.ubuntu.com/ubuntu bionic-security InRelease
Temporary failure resolving 'security.ubuntu.com' Err:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease Temporary failure resolving 'archive.ubuntu.com' Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease Temporary failure resolving 'archive.ubuntu.com' Reading package lists... Done
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease Temporary failure resolving 'security.ubuntu.com' W: Some index files failed to download. They have been ignored, or old ones used instead. root@df167e514b29:/#

How to configure Burp Suite for traffic to/from Docker container?

as titled really, I’m running https://github.com/OWASP/SecurityShepherd/wiki/Docker-Environment-Setup successfully in a container. However, this is only really useful if you can inspect the traffic.

I have it setup as normal to intercept all traffic, however, seems this doesn’t apply to the container. I tried changing it to all interfaces as well without success.

I’m wishing to use this for some classroom training so perhaps I’m best going with a cloud setup?

Thanks