Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't include /dev content in your image #171

Closed
cgwalters opened this issue Oct 1, 2024 · 2 comments · Fixed by #173
Closed

Don't include /dev content in your image #171

cgwalters opened this issue Oct 1, 2024 · 2 comments · Fixed by #173
Assignees
Labels

Comments

@cgwalters
Copy link
Contributor

$ skopeo inspect -n --format '{{.Digest}}' docker://docker.io/bitnami/minideb:bookworm
sha256:c0059619fc750c544dc852595c17b844e7d44910e283469b59e235f65f40f98c
$ skopeo copy docker://docker.io/bitnami/minideb@sha256:c0059619fc750c544dc852595c17b844e7d44910e283469b59e235f65f40f98c oci:minideb
$ tar ztvf minideb/blobs/sha256/7c18bb8814bb5e7e17d97a163b2d287caf05bbbd3f583560ebdc230eb808ac62|grep /dev
drwxr-xr-x root/root         0 2024-06-15 07:22 ./dev/
crw-rw-rw- root/root       1,3 2024-06-15 07:22 ./dev/null
crw-rw-rw- root/root       1,7 2024-06-15 07:22 ./dev/full
crw-rw-rw- root/root       5,2 2024-06-15 07:22 ./dev/ptmx
crw-rw-rw- root/root       1,8 2024-06-15 07:22 ./dev/random
crw-rw-rw- root/root       1,5 2024-06-15 07:22 ./dev/zero
lrwxrwxrwx root/root         0 2024-06-15 07:22 ./dev/fd -> /proc/self/fd
drwxr-xr-x root/root         0 2024-06-15 07:22 ./dev/pts/
crw-rw-rw- root/root       1,9 2024-06-15 07:22 ./dev/urandom
lrwxrwxrwx root/root         0 2024-06-15 07:22 ./dev/stderr -> /proc/self/fd/2
lrwxrwxrwx root/root         0 2024-06-15 07:22 ./dev/stdin -> /proc/self/fd/0
lrwxrwxrwx root/root         0 2024-06-15 07:22 ./dev/stdout -> /proc/self/fd/1
drwxr-xr-x root/root         0 2024-06-15 07:22 ./dev/shm/
crw-rw-rw- root/root       5,1 2024-06-15 07:22 ./dev/console
crw-rw-rw- root/root       5,0 2024-06-15 07:22 ./dev/tty
$

There's no reason to include this /dev content in your image - it just gets overmounted by the container runtimes. But the even stronger reason to do this is it's not compatible with ostree, which specifically intentionally doesn't support devices because there's no good reason at all to ship them in images. xref ostreedev/ostree#2568

@github-actions github-actions bot added the triage label Oct 1, 2024
cgwalters added a commit to cgwalters/minideb that referenced this issue Oct 10, 2024
Closes: bitnami#171

Signed-off-by: Colin Walters <[email protected]>
cgwalters added a commit to cgwalters/minideb that referenced this issue Oct 10, 2024
Closes: bitnami#171

Signed-off-by: Colin Walters <[email protected]>
@gongomgra
Copy link
Contributor

Hi @cgwalters,

Thank you for your contribution! Although your change looks fine we would need to investigate it a bit further on our side to ensure it won't break any of our integrations. We will keep you posted.

@gongomgra gongomgra added on-hold and removed triage labels Oct 11, 2024
@gongomgra gongomgra self-assigned this Oct 11, 2024
@cgwalters
Copy link
Contributor Author

Just to highlight more strongly, there's an open PR here #173

gongomgra pushed a commit that referenced this issue Oct 23, 2024
Closes: #171

Signed-off-by: Colin Walters <[email protected]>
@github-actions github-actions bot added solved and removed on-hold labels Oct 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants