2
嘗試使用docker中的bazel和linux測試端口隔離特權容器並且它失敗。端口與docker內部的bazel隔離
我ENV是如下(所有命令從具有特權的容器,開始跑在AWS上運行):
$ uname -a
Linux 167-docker99 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/Linux
[email protected]:~/ws/bazel-port-isolation$ cat /etc/*-release
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"Bazel version
$ bazel version
Build label: 0.5.1
Build target: bazel-out/local-fastbuild/bin/src/main/java/com/google/devtools/build/lib/bazel/BazelServer_deploy.jar
Build time: Tue Jun 6 10:34:11 2017 (1496745251)
Build timestamp: 1496745251
Build timestamp as int: 1496745251
根據this指令 - 確信啓用unprivileged_userns_clone。
$ cat /proc/sys/kernel/unprivileged_userns_clone
1
回購:https://github.com/ittaiz/bazel-port-isolation
運行測試: $巴澤勒測試// ...
...........
____Loading package:
____Loading package: @bazel_tools//tools/cpp
____Loading package: @local_config_xcode//
____Loading package: @local_jdk//
____Loading package: @local_config_cc//
____Loading complete. Analyzing...
____Loading package: tools/defaults
____Loading package: @bazel_tools//tools/test
____Loading package: @junit_junit//jar
____Found 2 test targets...
____Building...
____[0/12] Expanding template SocketIsolationTest
____[9/12] Extracting interface @junit_junit//jar:jar ERROR: /home/builduser/.cache/bazel/_bazel_builduser/a589c0f8758972ab3aadcf172c468873/external/junit_junit/jar/BUILD.bazel:2:1: Extracting interface @junit_junit//jar:jar failed: Process exited with status 1 [sandboxed]. src/main/tools/linux-sandbox-pid1.cc:193: "mount(/tmp, /tmp, NULL, MS_BIND, NULL)": Invalid argument Use
--strategy=JavaIjar=standalone to disable sandboxing for the failing actions.
____Building complete.
____Elapsed time: 5.651s, Critical Path: 1.62s //:SocketIsolation2Test NO STATUS
Executed 0 out of 2 tests: 1 fails to build and 1 was skipped.
另一個重要的投入也許是我沒有管理,使巴澤勒運行測試成功在碼頭主機上。
出了什麼問題?