slimtoolkit / slim Goto Github PK

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

License: Apache License 2.0

Shell 0.90% Go 98.74% Makefile 0.33% Dockerfile 0.03%

docker containers security seccomp apparmor minify-images golang go seccomp-profile hacktoberfest

slim's People

Contributors

Stargazers

Watchers

Forkers

ordinerf benhall geekthattweaks vivekjuneja mba811 kameshsampath farukc agileinsider hayd iferrarims wrwrwr silviupanaite yairark takecy curseoff mic92 cskiraly ivanknmk vintage-chou uruscg-llc arvinhub chenjun3092 gschwindkv allenfang cmattoon k3ck3c v-koshevoy yoer77 lanxenet guan2017 aaronkingdom baseboxorg cgvarela hombre9 slpcat lxjcxj squawell ngocngv birowo aelmadho richvred kackaz dockerce solyuan thatsk zgfh edoakes 3x-m4ch1na infrastrukt denisse-dev powerticmkt deepakksahu xyhp915 jsalaman pjebs cuphan software-engineer-mj rbouikila macduff23 zyecho hantmac dubek ro9ueadmin ivan046 werehuang ik-vms-dockers jishminor stanxii noplanman isgasho hmilkovi ld-tech vodaka kissingwolf libaowei withnic joe2hpimn liuhongyu847433389 alyragab tomviner morganwang010 lotapp haijunjiang 20170415 strong-roots-capital kz33 hien bopo xinfeingxia85 detailyang yubobo zhanji aswome-projects-for-learning bobbybabes kareem-elsayed phoenixwu0229 meizhuhanxiang caarloshenrique zhangzhaolei samhays

slim's Issues

build docker-slim failed on aarch64 machine

go version

go version go1.6.2 linux/arm64

# go env

GOARCH="arm64"
GOBIN=""
GOEXE=""
GOHOSTARCH="arm64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH=""
GORACE=""
GOROOT="/usr/lib/golang"
GOTOOLDIR="/usr/lib/golang/pkg/tool/linux_arm64"
GO15VENDOREXPERIMENT="1"
CC="gcc"
GOGCCFLAGS="-fPIC -pthread -fmessage-length=0"
CXX="g++"
CGO_ENABLED="1"

Build docker-slim aarch64 machine reports such an error:

github.com/cloudimmunity/docker-slim/sensor/monitors/ptrace

../../vendor/src/github.com/cloudimmunity/docker-slim/sensor/monitors/ptrace/monitor.go:91: regs.Orig_rax undefined (type syscall.PtraceRegs has no field or method Orig_rax)
../../vendor/src/github.com/cloudimmunity/docker-slim/sensor/monitors/ptrace/monitor.go:99: regs.Rax undefined (type syscall.PtraceRegs has no field or method Rax)

CC #6, meet such an error.

Replace Nanomsg/mongos with Libchan

Nanomsg is "officially" dead. Need to replace it. Either way, processing requests sequentially (imposed by mongos) feels a bit awkward in Go.

Connection timeout in docker slim while reducing docker image size

I tired to reduce my docker image size using docker slim but facing connection time out issue
i have used this command: ./docker-slim build --http-probe

but got the below error

INFO[0008] docker-slim: http probe - GET http://127.0.0.1:32792/ error: Get http://127.0.0.1:32792/: dial tcp 127.0.0.1:32792: getsockopt: connection refused

INFO[0008] docker-slim: HTTP probe done.

INFO[0270] sendCmd(): receive timeout...

Can anyone help on this ??

Minified Rails/Unicorn startup failure

config.ru:1:in <main>': cannot load such file -- rack/builder (LoadError) from /usr/local/bundle/gems/unicorn-4.9.0/lib/unicorn.rb:48:ineval'
from /usr/local/bundle/gems/unicorn-4.9.0/lib/unicorn.rb:48:in block in builder' from /usr/local/bundle/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:768:incall'
from /usr/local/bundle/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:768:in build_app!' from /usr/local/bundle/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:137:instart'
from /usr/local/bundle/gems/unicorn-4.9.0/bin/unicorn:126:in <top (required)>' from /usr/local/bundle/bin/unicorn:16:inload'
from /usr/local/bundle/bin/unicorn:16:in `

Reported in this blog post:
http://chrisstump.online/2016/02/23/docker-image-reduction-techniques-and-tools/

Similar Rails app:
https://github.com/cstump/docker_example

docker-slim version shows some notification while checking version

root@node: ~/docker# docker-slim --version
2018/04/25 06:37:06 Couldn't set key CPE_NAME, no corresponding struct field found
2018/04/25 06:37:06 Couldn't set key , no corresponding struct field found
2018/04/25 06:37:06 Couldn't set key CENTOS_MANTISBT_PROJECT, no corresponding struct field found
2018/04/25 06:37:06 Couldn't set key CENTOS_MANTISBT_PROJECT_VERSION, no corresponding struct field found
2018/04/25 06:37:06 Couldn't set key REDHAT_SUPPORT_PRODUCT, no corresponding struct field found
2018/04/25 06:37:06 Couldn't set key REDHAT_SUPPORT_PRODUCT_VERSION, no corresponding struct field found
2018/04/25 06:37:06 Couldn't set key , no corresponding struct field found
docker-slim version linux|Tetra|1.20|f79fefbb88486f9431fdae5c6f65155fb7b3d39b|2018-03-05_05:20:22AM (go1.10)

Add a license

Can a common license be added to this project?

executable file not found in slimmed image

Hello

I use docker-slim on a Node image based on alpine, build from

talentsconnect/awayboard#11

$ ./docker-slim --debug build --http-probe --include-path /etc/passwd alpine_awayboard
docker-slim: [build] image=alpine_awayboard http-probe=true remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[]
DEBU[0000] docker-slim: new Docker client (default) [6]
DEBU[0000] docker-slim: configured DOCKER_HOST env var
INFO[0000] docker-slim: inspecting 'fat' image metadata...
INFO[0000] docker-slim: [sha256:dc54f756109d2cde72e9a5f06c7644bdf4819a8d6dc125a9ace830f5d49afc39] 'fat' image size => 77209472 (77 MB)

INFO[0000] docker-slim: processing 'fat' image info...
DEBU[0000]

IMAGE HISTORY =>
[]docker.ImageHistory{docker.ImageHistory{ID:"sha256:dc54f756109d2cde72e9a5f06c7644bdf4819a8d6dc125a9ace830f5d49afc39", Tags:[]string{"alpine_awayboard:latest"}, Created:1521293682, CreatedBy:"/bin/sh -c #(nop) CMD ["npm" "start"]", Size:0, Comment:""}, docker.ImageHistory{ID:"sha256:914b47dcf32bfe65ccfd73486eb3e018b8dba983f6a1fa73891ee31ab716816b", Tags:[]string(nil), Created:1521293681, CreatedBy:"/bin/sh -c #(nop) EXPOSE 5711/tcp", Size:0, Comment:""}, docker.ImageHistory{ID:"sha256:62946f355bc54b2c0a40977284b45fdaaadc61b7e66cb0ceae8f9d8997a53899", Tags:[]string(nil), Created:1521293681, CreatedBy:"/bin/sh -c #(nop) ENV PORT=5711", Size:0, Comment:""}, docker.ImageHistory{ID:"sha256:092c2143af5138f03d32e30d6fdb6d924c75ccf8f34b876f677cf0083c3081a3", Tags:[]string(nil), Created:1521293681, CreatedBy:"/bin/sh -c npm install", Size:4863524, Comment:""}, docker.ImageHistory{ID:"sha256:69e20c5795d1d3ef4a4c3be2ed03943077b936235f505c7c46c98cde296943f1", Tags:[]string(nil), Created:1521293677, CreatedBy:"/bin/sh -c #(nop) COPY dir:cc37415dfb5d97db912bdb243ce3fe38853911b29d914ae212f974fe99b73448 in . ", Size:3847186, Comment:""}, docker.ImageHistory{ID:"sha256:f911e3390b39ea663623d0da6c0d1496f6532e885bd5cfa1dce0a5adf92b7533", Tags:[]string(nil), Created:1521293676, CreatedBy:"/bin/sh -c #(nop) WORKDIR /awayboard", Size:0, Comment:""}, docker.ImageHistory{ID:"sha256:ccbbe3a1d67c99c5660434defd266c684b9e6c13dcea3b9f37db68c3ecaa212f", Tags:[]string(nil), Created:1521293676, CreatedBy:"/bin/sh -c mkdir -p /awayboard/.data", Size:0, Comment:""}, docker.ImageHistory{ID:"sha256:ead7bbe50354410d04907ad1a7eccd0fdd7e7cf2d2316ddd7d610cf62565f798", Tags:[]string(nil), Created:1521293675, CreatedBy:"/bin/sh -c mkdir -p /awayboard", Size:0, Comment:""}, docker.ImageHistory{ID:"sha256:28aab417fa7f0f292d2d10da1b1ac3fe8570260476439507b2edd9df5515122e", Tags:[]string{"mhart/alpine-node:latest"}, Created:1520522569, CreatedBy:"/bin/sh -c apk add --no-cache curl make gcc g++ python linux-headers binutils-gold gnupg libstdc++ && for server in pgp.mit.edu keyserver.pgp.com ha.pool.sks-keyservers.net; do gpg --keyserver $server --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 FD3A5288F042B6850C66B31F09FE44734EB7990E 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 DD8F2338BAE7501E3DD5AC78C273792F7D83545D C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 B9AE9905FFD7803F25714661B63B535A4C206CA9 56730D5401028683275BD23C23EFEFE93C4CFFFE 77984A986EBC2AA786BC0F66B01FBB92821C587A && break; done && curl -sfSLO https://nodejs.org/dist/${VERSION}/node-${VERSION}.tar.xz && curl -sfSL https://nodejs.org/dist/${VERSION}/SHASUMS256.txt.asc | gpg --batch --decrypt | grep " node-${VERSION}.tar.xz\$" | sha256sum -c | grep ': OK$' && tar -xf node-${VERSION}.tar.xz && cd node-${VERSION} && ./configure --prefix=/usr ${CONFIG_FLAGS} && make -j$(getconf _NPROCESSORS_ONLN) && make install && cd / && if [ -z "$CONFIG_FLAGS" ]; then if [ -n "$NPM_VERSION" ]; then npm install -g npm@${NPM_VERSION}; fi; find /usr/lib/node_modules/npm -name test -o -name .bin -type d | xargs rm -rf; if [ -n "$YARN_VERSION" ]; then for server in pgp.mit.edu keyserver.pgp.com ha.pool.sks-keyservers.net; do gpg --keyserver $server --recv-keys 6A010C5166006599AA17F08146C2130DFD2497F5 && break; done && curl -sfSL -O https://yarnpkg.com/${YARN_VERSION}.tar.gz -O https://yarnpkg.com/${YARN_VERSION}.tar.gz.asc && gpg --batch --verify ${YARN_VERSION}.tar.gz.asc ${YARN_VERSION}.tar.gz && mkdir /usr/local/share/yarn && tar -xf ${YARN_VERSION}.tar.gz -C /usr/local/share/yarn --strip 1 && ln -s /usr/local/share/yarn/bin/yarn /usr/local/bin/ && ln -s /usr/local/share/yarn/bin/yarnpkg /usr/local/bin/ && rm ${YARN_VERSION}.tar.gz*; fi; fi && apk del curl make gcc g++ python linux-headers binutils-gold gnupg ${DEL_PKGS} && rm -rf ${RM_DIRS} /node-${VERSION}* /usr/share/man /tmp/* /var/cache/apk/* /root/.npm /root/.node-gyp /root/.gnupg /usr/lib/node_modules/npm/man /usr/lib/node_modules/npm/doc /usr/lib/node_modules/npm/html /usr/lib/node_modules/npm/scripts", Size:64350981, Comment:""}, docker.ImageHistory{ID:"", Tags:[]string(nil), Created:1520521209, CreatedBy:"/bin/sh -c #(nop) ENV VERSION=v9.8.0 NPM_VERSION=5 YARN_VERSION=latest", Size:0, Comment:""}, docker.ImageHistory{ID:"", Tags:[]string(nil), Created:1515532258, CreatedBy:"/bin/sh -c #(nop) CMD ["/bin/sh"]", Size:0, Comment:""}, docker.ImageHistory{ID:"", Tags:[]string(nil), Created:1515532258, CreatedBy:"/bin/sh -c #(nop) ADD file:093f0723fa46f6cdbd6f7bd146448bb70ecce54254c35701feeceb956414622f in / ", Size:4147781, Comment:""}}

DEBU[0000] IMAGE INSTRUCTIONS:
DEBU[0000] # new image
DEBU[0000] ADD file:093f0723fa46f6cdbd6f7bd146448bb70ecce54254c35701feeceb956414622f in /
DEBU[0000] CMD ["/bin/sh"]
DEBU[0000] ENV VERSION=v9.8.0 NPM_VERSION=5 YARN_VERSION=latest
DEBU[0000] RUN apk add --no-cache curl make gcc g++ python linux-headers binutils-gold gnupg libstdc++ &&
for server in pgp.mit.edu keyserver.pgp.com ha.pool.sks-keyservers.net; do gpg --keyserver $server --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 FD3A5288F042B6850C66B31F09FE44734EB7990E 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 DD8F2338BAE7501E3DD5AC78C273792F7D83545D C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 B9AE9905FFD7803F25714661B63B535A4C206CA9 56730D5401028683275BD23C23EFEFE93C4CFFFE 77984A986EBC2AA786BC0F66B01FBB92821C587A &&
break; done &&
curl -sfSLO https://nodejs.org/dist/${VERSION}/node-${VERSION}.tar.xz &&
curl -sfSL https://nodejs.org/dist/${VERSION}/SHASUMS256.txt.asc | gpg --batch --decrypt | grep " node-${VERSION}.tar.xz$" | sha256sum -c | grep ': OK$' &&
tar -xf node-${VERSION}.tar.xz &&
cd node-${VERSION} &&
./configure --prefix=/usr ${CONFIG_FLAGS} &&
make -j$(getconf _NPROCESSORS_ONLN) &&
make install &&
cd / &&
if [ -z "$CONFIG_FLAGS" ]; then if [ -n "$NPM_VERSION" ]; then npm install -g npm@${NPM_VERSION}; fi; find /usr/lib/node_modules/npm -name test -o -name .bin -type d | xargs rm -rf; if [ -n "$YARN_VERSION" ]; then for server in pgp.mit.edu keyserver.pgp.com ha.pool.sks-keyservers.net; do gpg --keyserver $server --recv-keys 6A010C5166006599AA17F08146C2130DFD2497F5 &&
break; done &&
curl -sfSL -O https://yarnpkg.com/${YARN_VERSION}.tar.gz -O https://yarnpkg.com/${YARN_VERSION}.tar.gz.asc &&
gpg --batch --verify ${YARN_VERSION}.tar.gz.asc ${YARN_VERSION}.tar.gz &&
mkdir /usr/local/share/yarn &&
tar -xf ${YARN_VERSION}.tar.gz -C /usr/local/share/yarn --strip 1 &&
ln -s /usr/local/share/yarn/bin/yarn /usr/local/bin/ &&
ln -s /usr/local/share/yarn/bin/yarnpkg /usr/local/bin/ &&
rm ${YARN_VERSION}.tar.gz*; fi; fi &&
apk del curl make gcc g++ python linux-headers binutils-gold gnupg ${DEL_PKGS} &&
rm -rf ${RM_DIRS} /node-${VERSION}* /usr/share/man /tmp/* /var/cache/apk/* /root/.npm /root/.node-gyp /root/.gnupg /usr/lib/node_modules/npm/man /usr/lib/node_modules/npm/doc /usr/lib/node_modules/npm/html /usr/lib/node_modules/npm/scripts
DEBU[0000] # end of image: mhart/alpine-node (id: sha256:28aab417fa7f0f292d2d10da1b1ac3fe8570260476439507b2edd9df5515122e tags: latest)
DEBU[0000]
DEBU[0000] # new image
DEBU[0000] RUN mkdir -p /awayboard
DEBU[0000] RUN mkdir -p /awayboard/.data
DEBU[0000] WORKDIR /awayboard
DEBU[0000] COPY dir:cc37415dfb5d97db912bdb243ce3fe38853911b29d914ae212f974fe99b73448 in .
DEBU[0000] RUN npm install
DEBU[0000] ENV PORT=5711
DEBU[0000] EXPOSE 5711/tcp
DEBU[0000] CMD ["npm" "start"]
DEBU[0000] # end of image: alpine_awayboard (id: sha256:dc54f756109d2cde72e9a5f06c7644bdf4819a8d6dc125a9ace830f5d49afc39 tags: latest)
DEBU[0000]
INFO[0000] docker-slim: starting instrumented 'fat' container...
INFO[0000] docker-slim: created container => 13223978ee386a71f6cb0eb79e460da14efb6e43ba5c5b852ad064efdf1d240c
DEBU[0000] container NetworkSettings.Ports => map[docker.Port][]docker.PortBinding{"5711/tcp":[]docker.PortBinding{docker.PortBinding{HostIP:"0.0.0.0", HostPort:"32775"}}, "65501/tcp":[]docker.PortBinding{docker.PortBinding{HostIP:"0.0.0.0", HostPort:"32774"}}, "65502/tcp":[]docker.PortBinding{docker.PortBinding{HostIP:"0.0.0.0", HostPort:"32773"}}}

DEBU[0000] cmdChannelAddr=tcp://127.0.0.1:32774 evtChannelAddr=tcp://127.0.0.1:32773

DEBU[0000] sendCmd(&{npm [start] [] [/etc/passwd]})

INFO[0000] docker-slim: watching container monitor...
docker-slim: press when you are done using the container...
INFO[0004] docker-slim: HTTP probe started...
INFO[0004] docker-slim: http probe - GET http://127.0.0.1:32775/ => 200

INFO[0004] docker-slim: HTTP probe done.

DEBU[0004] sendCmd(&{})

DEBU[0004] 'stop' response => 'ok'

INFO[0004] docker-slim: waiting for the container finish its work...
DEBU[0004] getEvt()
DEBU[0004] docker-slim: sensor event => 'monitor.finish.completed'

INFO[0004] docker-slim: shutting down 'fat' container...
INFO[0005] docker-slim: processing instrumented 'fat' container info...
INFO[0005] docker-slim: generating AppArmor profile...
DEBU[0005] docker-slim: saving seccomp profile to /home/gg/bbc/strip-docker-image/docker_slim/dist_linux/.images/dc54f756109d2cde72e9a5f06c7644bdf4819a8d6dc125a9ace830f5d49afc39/artifacts/alpine_awayboard-seccomp.json
INFO[0005] docker-slim: building 'slim' image...
Step 1/10 : FROM scratch
--->
Step 2/10 : COPY files /
---> 1b523135fc89
Removing intermediate container e565a5796d98
Step 3/10 : WORKDIR /awayboard
---> c4ce16be1017
Removing intermediate container 827c08660d3a
Step 4/10 : ENV PATH "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
---> Running in 16e98efd22a1
---> 113e3c8c3357
Removing intermediate container 16e98efd22a1
Step 5/10 : ENV VERSION "v9.8.0"
---> Running in fa9b4e922cfe
---> 8ebafa6e8570
Removing intermediate container fa9b4e922cfe
Step 6/10 : ENV NPM_VERSION "5"
---> Running in 7cf1f4bc2c7b
---> 721ee7d60b02
Removing intermediate container 7cf1f4bc2c7b
Step 7/10 : ENV YARN_VERSION "latest"
---> Running in dd7ac2b173aa
---> a87362d825c5
Removing intermediate container dd7ac2b173aa
Step 8/10 : ENV PORT "5711"
---> Running in f2181484482b
---> a15cb9c7236c
Removing intermediate container f2181484482b
Step 9/10 : EXPOSE 5711/tcp
---> Running in c4928ea5c11e
---> b9edbe08550e
Removing intermediate container c4928ea5c11e
Step 10/10 : CMD npm start
---> Running in d749177f90c9
---> b6d53ab1375c
Removing intermediate container d749177f90c9
Successfully built b6d53ab1375c
Successfully tagged alpine_awayboard.slim:latest
INFO[0007] docker-slim: created new image: alpine_awayboard.slim

The size of the slimmed image is too small

$ docker images | grep awayboard
alpine_awayboard.slim latest b6d53ab1375c 34 seconds ago 1.22kB
alpine_awayboard latest dc54f756109d 7 days ago 77.2MB
awayboard latest 2119b7990eac 7 days ago 682MB

A
docker run
fails

$ docker run -p 5711:5711 alpine_awayboard.slim
container_linux.go:262: starting container process caused "exec: "npm": executable file not found in $PATH"
docker: Error response from daemon: oci runtime error: container_linux.go:262: starting container process caused "exec: "npm": executable file not found in $PATH".
$

Usage?

Maybe I'm confused on how this works but I'm trying to run this on an alpine image with a simple command 'echo "hello world"'. Should this work and make this smaller or is there more required to use your tool?

Simple image from a Dockerfile
`FROM alpine

ENTRYPOINT ["echo","hello world"]`

docker build -t mine .

./docker-slim build mine

Docker-Slim with c++ (Webtoolkit / WT / Witty C++) application (using boost too)?

Should it be or better is it possible to use Docker-Slim with a c++ executable binary application?

FATA[0000] docker-slim: failure

What am I to do with this? profile result is the same as build or info result.

$ docker -v
Docker version 1.11.1, build 5604cbe
$ docker-slim -v
docker-slim version Tetra|1.14-5-gd4ced16|d4ced16610f713644f996a8eb8a61d7cf4b1c4e7|2016-03-14_01:16:22AM

Sample 1:

$ docker-slim profile kklepper/yaws:ubuntu
docker-slim: [profile] image=kklepper/yaws:ubuntu
INFO[0000] docker-slim: inspecting 'fat' image metadata...
FATA[0000] docker-slim: failure                          error=stat /usr/local/bin/.images/41f230937cf1da22a7b7bda7e1c06ae4841e39ee0c261cd0a8f228524b53a1b9/artifacts: no such file or directory stack=/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/utils/errors.go:11 (0x558ad6)
/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/utils/dirs.go:368 (0x558837)
/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/master/commands/profile.go:43 (0x4b0191)
/docker-slim/apps/docker-slim/cli.go:395 (0x40c05d)
/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:174 (0x4bfb47)
/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:187 (0x4bc0b5)
/docker-slim/apps/docker-slim/cli.go:507 (0x405f6b)
/docker-slim/apps/docker-slim/main.go:5 (0x406059)
/usr/local/go/src/runtime/proc.go:111 (0x4389c0)
        main:
/usr/local/go/src/runtime/asm_amd64.s:1721 (0x468981)
        goexit: JB loop5to7

Sample 2:

$ docker-slim profile kklepper/maxscale-1.4.3:centos
docker-slim: [profile] image=kklepper/maxscale-1.4.3:centos
INFO[0000] docker-slim: inspecting 'fat' image metadata...
FATA[0000] docker-slim: failure                          error=stat /usr/local/bin/.images/dcca93f57ff1d50051ed2f1170c5f03ab6abf838e477a7b4c28693cffdcc4426/artifacts: no such file or directory stack=/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/utils/errors.go:11 (0x558ad6)
/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/utils/dirs.go:368 (0x558837)
/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/master/commands/profile.go:43 (0x4b0191)
/docker-slim/apps/docker-slim/cli.go:395 (0x40c05d)
/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:174 (0x4bfb47)
/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:187 (0x4bc0b5)
/docker-slim/apps/docker-slim/cli.go:507 (0x405f6b)
/docker-slim/apps/docker-slim/main.go:5 (0x406059)
/usr/local/go/src/runtime/proc.go:111 (0x4389c0)
        main:
/usr/local/go/src/runtime/asm_amd64.s:1721 (0x468981)
        goexit: JB loop5to7

docker-slim should honor directory symbolic links if necessary

Otherwise, it will break a lot of slimmed container image running, such as: "exec: "/bin/sh": stat /bin/sh: no such file or directory" issues, Apache httpd missed "/etc/httpd/modules", etc.

I have already verified below ugly fix:

--- a/internal/app/sensor/data_porcessor.go
+++ b/internal/app/sensor/data_porcessor.go
@@ -94,13 +94,36 @@ func findSymlinks(files []string, mp string) map[string]*report.ArtifactProps {

        if _, ok := devices[uint64(sysStatInfo.Dev)]; !ok {
            if fileInfo.Mode().IsDir() {
+               log.Debugf("findSymlinks - skip this device directory (%s)",fullName)
                return filepath.SkipDir
            } else {
+               log.Debugf("findSymlinks - skip this device file (%s)",fullName)
                return nil
            }
        }

        if fileInfo.Mode()&os.ModeSymlink != 0 {
+           //judge whether or not target link in the process file list
+           linkRef, err := os.Readlink(fullName)
+           if err != nil {
+               log.Warnf("findSymlinks - error getting reference for symlink: %s", fullName)
+           }
+           absPath, err := filepath.Abs(linkRef)
+           if err != nil {
+               log.Warnf("findSymlinks - error getting absolute path for symlink: %s", fullName)
+           } else {
+               fileHit := false
+               for _, f := range files {
+                   if strings.HasPrefix(f, absPath + "/") {
+                       fileHit = true
+                       break
+                   }
+               }
+               if fileHit && strings.HasPrefix(fullName, "/usr/lib/debug") == false {
+                   result[fullName] = nil
+               }
+           }
+
            if info, err := getFileSysStats(fullName); err == nil {

                if _, ok := inodes[info.Ino]; ok {

docker-slim can not generate slim container

'''Dockerfile:-
FROM centos
LABEL maintainer="thatsk"
RUN yum install epel-release wget tar unzip ruby ruby-devel gcc make sudo -y
RUN echo 'puppet ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
RUN gem install r10k fpm
RUN groupadd -g 52 puppet && useradd -ms /bin/bash -u 52 -g 52 puppet && mkdir -p /home/puppet/.ssh
ADD puppetssh/ /home/puppet/.ssh
ADD r10k.yaml /etc/puppetlabs/r10k/
RUN mkdir -p /var/lib/r10k/cache /etc/puppetlabs/code /etc/puppetlabs/r10k /etc/puppetlabs/code/reference & chown -R puppet:puppet /home/puppet/.ssh && chown -R puppet:puppet /etc/puppetlabs/r10k && chown -R puppet:puppet /var/lib/r10k && chown -R puppet:puppet /etc/puppetlabs/code
#Optimizing Docker Size image
RUN rm -rf
/usr/share/man/*
/usr/include/*
/usr/share/doc/*
/usr/share/emacs/*
/usr/share/xemacs/*
/usr/share/vim/*
/usr/share/gettext/*
/usr/share/gettext-0.19.8/*
/usr/share/zoneinfo/*
/usr/share/zsh/*
#setting up user password
RUN echo "root:e0rtv12" | chpasswd
RUN echo "puppet:puppet" | chpasswd
#ADDING pulp extension
RUN yum install rpm-build java-1.8.0-openjdk-devel -y && mkdir /home/puppet/.pulp && wget -O /etc/yum.repos.d/rhel-pulp.repo https://repos.fedorapeople.org/repos/pulp/pulp/rhel-pulp.repo && yum groupinstall Development tools -y && yum install pulp-docker-admin-extensions pulp-python-admin-extensions pulp-admin-client pulp-rpm-admin-extensions pulp-puppet-admin-extensions -y
#Adding pulp server information
ADD pulp/admin.conf /home/puppet/.pulp/admin.conf
RUN mkdir -p /isilon/devops/puppetlabs && chown -R puppet:puppet /etc/puppetlabs/
USER puppet
RUN sudo ln -s /etc/puppetlabs/code /isilon/devops/puppetlabs/code
RUN sudo chown -R puppet:puppet /home/puppet/.pulp & sudo chmod -R 0700 /home/puppet/.pulp
ENV HOME /home/puppet
WORKDIR $HOME

Go Version:-
go version go1.10.1 linux/amd64
Centos:-
CentOS Linux release 7.4.1708 (Core)
Docker Slim version:-
docker-slim --version
2018/04/25 13:24:14 Couldn't set key CPE_NAME, no corresponding struct field found
2018/04/25 13:24:14 Couldn't set key , no corresponding struct field found
2018/04/25 13:24:14 Couldn't set key CENTOS_MANTISBT_PROJECT, no corresponding struct field found
2018/04/25 13:24:14 Couldn't set key CENTOS_MANTISBT_PROJECT_VERSION, no corresponding struct field found
2018/04/25 13:24:14 Couldn't set key REDHAT_SUPPORT_PRODUCT, no corresponding struct field found
2018/04/25 13:24:14 Couldn't set key REDHAT_SUPPORT_PRODUCT_VERSION, no corresponding struct field found
2018/04/25 13:24:14 Couldn't set key , no corresponding struct field found
docker-slim version linux|Tetra|1.20|f79fefbb88486f9431fdae5c6f65155fb7b3d39b|2018-03-05_05:20:22AM (go1.10)

Container:-
r10k latest 5daf0cc38ce5 14 minutes ago 949MB

Full Docker-slim logs:-
docker-slim build --http-probe --show-clogs r10k
2018/04/25 13:37:25 Couldn't set key CPE_NAME, no corresponding struct field found
2018/04/25 13:37:25 Couldn't set key , no corresponding struct field found
2018/04/25 13:37:25 Couldn't set key CENTOS_MANTISBT_PROJECT, no corresponding struct field found
2018/04/25 13:37:25 Couldn't set key CENTOS_MANTISBT_PROJECT_VERSION, no corresponding struct field found
2018/04/25 13:37:25 Couldn't set key REDHAT_SUPPORT_PRODUCT, no corresponding struct field found
2018/04/25 13:37:25 Couldn't set key REDHAT_SUPPORT_PRODUCT_VERSION, no corresponding struct field found
2018/04/25 13:37:25 Couldn't set key , no corresponding struct field found
docker-slim[build]: state=started
docker-slim[build]: info=params target=r10k continue.mode=enter
docker-slim[build]: state=inspecting.image
docker-slim[build]: info=image id=sha256:5daf0cc38ce5f26fe56ed41ac4e13d45a49f9f20a7b5552cf5ee5a6d375df9b4 size.bytes=949049028 size.human=949 MB
docker-slim[build]: state=inspecting.container
docker-slim[build]: info=prompt message='press when you are done using the container'

docker-slim[build]: state=http.probe.starting
docker-slim[build]: state=http.probe.done
docker-slim: container stdout:
docker-slim: container stderr:
2018/04/25 13:37:26 Couldn't set key CPE_NAME, no corresponding struct field found
2018/04/25 13:37:26 Couldn't set key , no corresponding struct field found
2018/04/25 13:37:26 Couldn't set key CENTOS_MANTISBT_PROJECT, no corresponding struct field found
2018/04/25 13:37:26 Couldn't set key CENTOS_MANTISBT_PROJECT_VERSION, no corresponding struct field found
2018/04/25 13:37:26 Couldn't set key REDHAT_SUPPORT_PRODUCT, no corresponding struct field found
2018/04/25 13:37:26 Couldn't set key REDHAT_SUPPORT_PRODUCT_VERSION, no corresponding struct field found
2018/04/25 13:37:26 Couldn't set key , no corresponding struct field found
time="2018-04-25T13:37:26Z" level=info msg="sensor: args => []string{"/opt/dockerslim/bin/sensor"}"
time="2018-04-25T13:37:26Z" level=info msg="sensor: creating event publisher..."
time="2018-04-25T13:37:26Z" level=info msg="sensor: creating cmd server..."
time="2018-04-25T13:37:26Z" level=info msg="sensor: waiting for commands..."
time="2018-04-25T13:37:26Z" level=info msg="sensor: monitor starting..."
time="2018-04-25T13:37:26Z" level=info msg="fanmon: Run"
time="2018-04-25T13:37:26Z" level=fatal msg="docker-slim: failure" error="operation not permitted" stack="goroutine 1 [running]:
runtime/debug.Stack(0xffffffffffffffff, 0x1, 0x5d7320)
/usr/local/go/src/runtime/debug/stack.go:24 +0xa7
github.com/docker-slim/docker-slim/pkg/utils/errutils.FailOn(0x5d7320, 0xc420024120)
/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/pkg/utils/errutils/errutils.go:14 +0x51
github.com/docker-slim/docker-slim/internal/app/sensor/monitors/fanotify.Run(0x5b61fa, 0x1, 0xc4200f4060, 0x12)
/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/internal/app/sensor/monitors/fanotify/monitor.go:38 +0x8f
github.com/docker-slim/docker-slim/internal/app/sensor.monitor(0xc42005a070, 0xc420062660, 0xc420060360, 0xc42005a0e0, 0xc4200e8420, 0xc42006e7b0, 0xc)
/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/internal/app/sensor/app.go:47 +0x122
github.com/docker-slim/docker-slim/internal/app/sensor.Run()
/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/internal/app/sensor/app.go:130 +0x4ec
main.main()
/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/cmd/docker-slim-sensor/main.go:8 +0x20
" version="linux|Tetra|latest|latest|latest (go1.10)"
docker-slim: end of container logs =============
docker-slim[build]: state=processing
docker-slim: Fat image - Dockerfile instructures: start ====
new image
ADD file:f755805244a649eccae3a3e63be291048deeb23e1c5a500d2f92b4eedc452322 in /
LABEL org.label-schema.schema-version== 1.0 org.label-schema.name=CentOS Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.label-schema.build-date=20180402
CMD ["/bin/bash"]
end of image: centos (id: sha256:e934aafc22064b7322c0250f1e32e5ce93b2d19b356f4537f5864bd102e8531f tags: latest)

new image
LABEL maintainer=thatsk
RUN yum install epel-release wget tar unzip ruby ruby-devel gcc make sudo -y
RUN echo 'puppet ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
RUN gem install r10k fpm
RUN groupadd -g 52 puppet &&
useradd -ms /bin/bash -u 52 -g 52 puppet &&
mkdir -p /home/puppet/.ssh
ADD dir:1576b0b81797e6ee72d158d2fa1a6bcec8e10bc723312afb9c5acd7eb4c4acc5 in /home/puppet/.ssh
ADD file:9176ccd326f4776d9972d4033da634a200a5559785308a443b3fce8e81be6af0 in /etc/puppetlabs/r10k/
RUN mkdir -p /var/lib/r10k/cache /etc/puppetlabs/code /etc/puppetlabs/r10k /etc/puppetlabs/code/reference & chown -R puppet:puppet /home/puppet/.ssh &&
chown -R puppet:puppet /etc/puppetlabs/r10k &&
chown -R puppet:puppet /var/lib/r10k &&
chown -R puppet:puppet /etc/puppetlabs/code
RUN rm -rf /usr/share/man/* /usr/include/* /usr/share/doc/* /usr/share/emacs/* /usr/share/xemacs/* /usr/share/vim/* /usr/share/gettext/* /usr/share/gettext-0.19.8/* /usr/share/zoneinfo/* /usr/share/zsh/*
RUN echo "root:e0rtv12" | chpasswd
RUN echo "puppet:puppet" | chpasswd
RUN yum install rpm-build java-1.8.0-openjdk-devel -y &&
mkdir /home/puppet/.pulp &&
wget -O /etc/yum.repos.d/rhel-pulp.repo https://repos.fedorapeople.org/repos/pulp/pulp/rhel-pulp.repo &&
yum groupinstall Development tools -y &&
yum install pulp-docker-admin-extensions pulp-python-admin-extensions pulp-admin-client pulp-rpm-admin-extensions pulp-puppet-admin-extensions -y
ADD file:0c170c80ffcc43e2be6f62a8722194c38d8574922f88eb12c33deee37eb538e3 in /home/puppet/.pulp/admin.conf
RUN mkdir -p /isilon/devops/puppetlabs &&
chown -R puppet:puppet /etc/puppetlabs/
USER puppet
RUN sudo ln -s /etc/puppetlabs/code /isilon/devops/puppetlabs/code
RUN sudo chown -R puppet:puppet /home/puppet/.pulp & sudo chmod -R 0700 /home/puppet/.pulp
ENV HOME=/home/puppet
WORKDIR /home/puppet
end of image: r10k (id: sha256:5daf0cc38ce5f26fe56ed41ac4e13d45a49f9f20a7b5552cf5ee5a6d375df9b4 tags: latest)

docker-slim: Fat image - Dockerfile instructures: end ======
docker-slim[build]: info=results status='no data collected (no minified image generated). (version: linux|Tetra|1.20|f79fefbb88486f9431fdae5c6f65155fb7b3d39b|2018-03-05_05:20:22AM (go1.10))'
docker-slim[build]: state=exited

focused error:-
time="2018-04-25T13:37:26Z" level=fatal msg="docker-slim: failure" error="operation not permitted" stack="goroutine 1 [running]:
runtime/debug.Stack(0xffffffffffffffff, 0x1, 0x5d7320)
/usr/local/go/src/runtime/debug/stack.go:24 +0xa7
github.com/docker-slim/docker-slim/pkg/utils/errutils.FailOn(0x5d7320, 0xc420024120)
/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/pkg/utils/errutils/errutils.go:14 +0x51
github.com/docker-slim/docker-slim/internal/app/sensor/monitors/fanotify.Run(0x5b61fa, 0x1, 0xc4200f4060, 0x12)
/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/internal/app/sensor/monitors/fanotify/monitor.go:38 +0x8f
github.com/docker-slim/docker-slim/internal/app/sensor.monitor(0xc42005a070, 0xc420062660, 0xc420060360, 0xc42005a0e0, 0xc4200e8420, 0xc42006e7b0, 0xc)
/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/internal/app/sensor/app.go:47 +0x122
github.com/docker-slim/docker-slim/internal/app/sensor.Run()
/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/internal/app/sensor/app.go:130 +0x4ec
main.main()
/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/cmd/docker-slim-sensor/main.go:8 +0x20
" version="linux|Tetra|latest|latest|latest (go1.10)"
docker-slim: end of container logs =============

Linux binaries: workdir requires one argument

Thanks for the updated linux binaries!After running the ./docker-slim build command, the build and profile was process was successful, however when building the slim profile, a docker error occurred stating that WORKDIR requires one argument.
Error output:
INFO[0028] docker-slim: building 'slim' image...
Step 1 : FROM scratch
--->
Step 2 : COPY files /
---> Using cache
---> cbd64cd3ed44
Step 3 : WORKDIR
FATA[0052] docker-slim: failure error=WORKDIR requires exactly one argument

Thanks,
pggsx

panic: runtime error: index out of range [recovered]

I had the image daly/axiom installed

daly/axiom                              latest              ed72bab16cb0        13 months ago       897.3 MB

by docker pull daly/axiom. But I could not run it on Mac because this issue, so I wanted to modify its Seccomp profiles.
And when I ran ./docker-slim build daly/axiom I got the following message:

docker-slim: [build] image=daly/axiom http-probe=false remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[]
INFO[0000] docker-slim: inspecting 'fat' image metadata... 
INFO[0000] docker-slim: [sha256:ed72bab16cb05ec709144040a78a9dedae9a23198f253e912e60c436aa639583] 'fat' image size => 897273078 (897 MB)

INFO[0000] docker-slim: processing 'fat' image info...  
INFO[0000] docker-slim: starting instrumented 'fat' container... 
INFO[0000] docker-slim: created container => 3e50b43c74eed72deff49e28597d1a2648a8d70f55baca40876e889fb0e83869 
panic: runtime error: index out of range [recovered]
    panic: runtime error: index out of range

goroutine 1 [running]:
github.com/codegangsta/cli.HandleAction.func1(0xc8201215d0)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:474 +0x417
github.com/cloudimmunity/docker-slim/master/inspectors/container.(*Inspector).RunContainer(0xc82020a180, 0x0, 0x0)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/master/inspectors/container/container_inspector.go:176 +0x1771
github.com/cloudimmunity/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc82000b8f0, 0x7fff5fbffb0c, 0xa, 0x0, 0x0, 0xc82000b800, 0x737a10, ...)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/master/commands/build.go:75 +0xd48
main.init.1.func4(0xc820088640, 0x0, 0x0)
    /Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/cli.go:321 +0x11d3
reflect.Value.call(0x3a9b00, 0x59e570, 0x13, 0x4cfbf0, 0x4, 0xc820121530, 0x1, 0x1, 0x0, 0x0, ...)
    /usr/local/go/src/reflect/value.go:432 +0x120a
reflect.Value.Call(0x3a9b00, 0x59e570, 0x13, 0xc820121530, 0x1, 0x1, 0x0, 0x0, 0x0)
    /usr/local/go/src/reflect/value.go:300 +0xb1
github.com/codegangsta/cli.HandleAction(0x3a9b00, 0x59e570, 0xc820088640, 0x0, 0x0)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:483 +0x2ee
github.com/codegangsta/cli.Command.Run(0x4d1d50, 0x5, 0x0, 0x0, 0xc820011c30, 0x1, 0x1, 0x56b140, 0x3e, 0x0, ...)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:186 +0x12ff
github.com/codegangsta/cli.(*App).Run(0xc820001680, 0xc82000a2a0, 0x3, 0x3, 0x0, 0x0)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:237 +0xa99
main.runCli()
    /Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/cli.go:526 +0x4b
main.main()
    /Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/main.go:5 +0x19

goroutine 17 [syscall, locked to thread]:
runtime.goexit()
    /usr/local/go/src/runtime/asm_amd64.s:1721 +0x1

goroutine 5 [syscall]:
os/signal.loop()
    /usr/local/go/src/os/signal/signal_unix.go:22 +0x18
created by os/signal.init.1
    /usr/local/go/src/os/signal/signal_unix.go:28 +0x37

goroutine 6 [select, locked to thread]:
runtime.gopark(0x59eba8, 0xc82002c728, 0x4d3ea0, 0x6, 0x3a718, 0x2)
    /usr/local/go/src/runtime/proc.go:185 +0x163
runtime.selectgoImpl(0xc82002c728, 0x0, 0x18)
    /usr/local/go/src/runtime/select.go:392 +0xa64
runtime.selectgo(0xc82002c728)
    /usr/local/go/src/runtime/select.go:212 +0x12
runtime.ensureSigM.func1()
    /usr/local/go/src/runtime/signal1_unix.go:227 +0x323
runtime.goexit()
    /usr/local/go/src/runtime/asm_amd64.s:1721 +0x1

goroutine 7 [select]:
main.initSignalHandlers.func1(0xc820018540)
    /Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/signals.go:24 +0x356
created by main.initSignalHandlers
    /Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/signals.go:37 +0x140

goroutine 10 [IO wait]:
net.runtime_pollWait(0xf59d20, 0x72, 0xc8200101a0)
    /usr/local/go/src/runtime/netpoll.go:157 +0x60
net.(*pollDesc).Wait(0xc82010a8b0, 0x72, 0x0, 0x0)
    /usr/local/go/src/net/fd_poll_runtime.go:73 +0x3a
net.(*pollDesc).WaitRead(0xc82010a8b0, 0x0, 0x0)
    /usr/local/go/src/net/fd_poll_runtime.go:78 +0x36
net.(*netFD).Read(0xc82010a850, 0xc820230000, 0x2000, 0x2000, 0x0, 0xf54050, 0xc8200101a0)
    /usr/local/go/src/net/fd_unix.go:232 +0x23a
net.(*conn).Read(0xc82002e078, 0xc820230000, 0x2000, 0x2000, 0x0, 0x0, 0x0)
    /usr/local/go/src/net/net.go:172 +0xe4
crypto/tls.(*block).readFromUntil(0xc820122960, 0xf59e30, 0xc82002e078, 0x5, 0x0, 0x0)
    /usr/local/go/src/crypto/tls/conn.go:455 +0xcc
crypto/tls.(*Conn).readRecord(0xc8200b82c0, 0x59ec17, 0x0, 0x0)
    /usr/local/go/src/crypto/tls/conn.go:540 +0x2d1
crypto/tls.(*Conn).Read(0xc8200b82c0, 0xc820125000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
    /usr/local/go/src/crypto/tls/conn.go:901 +0x167
net/http.noteEOFReader.Read(0xf5e3e8, 0xc8200b82c0, 0xc8200ea738, 0xc820125000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
    /usr/local/go/src/net/http/transport.go:1370 +0x67
net/http.(*noteEOFReader).Read(0xc8201c0f40, 0xc820125000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
    <autogenerated>:126 +0xd0
bufio.(*Reader).fill(0xc8201bc6c0)
    /usr/local/go/src/bufio/bufio.go:97 +0x1e9
bufio.(*Reader).Peek(0xc8201bc6c0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0)
    /usr/local/go/src/bufio/bufio.go:132 +0xcc
net/http.(*persistConn).readLoop(0xc8200ea6e0)
    /usr/local/go/src/net/http/transport.go:876 +0xf7
created by net/http.(*Transport).dialConn
    /usr/local/go/src/net/http/transport.go:685 +0xc78

goroutine 11 [select]:
net/http.(*persistConn).writeLoop(0xc8200ea6e0)
    /usr/local/go/src/net/http/transport.go:1009 +0x40c
created by net/http.(*Transport).dialConn
    /usr/local/go/src/net/http/transport.go:686 +0xc9d

goroutine 18 [runnable]:
syscall.errnoErr(0x24, 0x0, 0x0)
    /usr/local/go/src/syscall/syscall_unix.go:140 +0xac
syscall.connect(0x6, 0xc82024600c, 0x10, 0x0, 0x0)
    /usr/local/go/src/syscall/zsyscall_darwin_amd64.go:68 +0x5f
syscall.Connect(0x6, 0xf58df8, 0xc820246000, 0x0, 0x0)
    /usr/local/go/src/syscall/syscall_unix.go:222 +0x74
net.(*netFD).connect(0xc820244000, 0x0, 0x0, 0xf58df8, 0xc820246000, 0x0, 0x0, 0x0, 0x0, 0x0)
    /usr/local/go/src/net/fd_unix.go:75 +0x6a
net.(*netFD).dial(0xc820244000, 0xf58db0, 0x0, 0xf58db0, 0xc8201d3ec0, 0x0, 0x0, 0x0, 0x0, 0x0)
    /usr/local/go/src/net/sock_posix.go:137 +0x351
net.socket(0x4d4348, 0x3, 0x2, 0x1, 0x0, 0xc8201d3e00, 0xf58db0, 0x0, 0xf58db0, 0xc8201d3ec0, ...)
    /usr/local/go/src/net/sock_posix.go:89 +0x411
net.internetSocket(0x4d4348, 0x3, 0xf58db0, 0x0, 0xf58db0, 0xc8201d3ec0, 0x0, 0x0, 0x0, 0x1, ...)
    /usr/local/go/src/net/ipsock_posix.go:160 +0x141
net.dialTCP(0x4d4348, 0x3, 0x0, 0xc8201d3ec0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    /usr/local/go/src/net/tcpsock_posix.go:171 +0x11e
net.DialTCP(0x4d4348, 0x3, 0x0, 0xc8201d3ec0, 0x0, 0x0, 0x0)
    /usr/local/go/src/net/tcpsock_posix.go:167 +0x2f2
github.com/go-mangos/mangos/transport/tcp.(*dialer).Dial(0xc8202360a0, 0x0, 0x0, 0x0, 0x0)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/go-mangos/mangos/transport/tcp/tcp.go:82 +0x75
github.com/go-mangos/mangos.(*dialer).dialer(0xc8200e0940)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/go-mangos/mangos/core.go:572 +0x72
created by github.com/go-mangos/mangos.(*dialer).Dial
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/go-mangos/mangos/core.go:539 +0x121

goroutine 20 [runnable]:
github.com/go-mangos/mangos.(*dialer).dialer(0xc8200e09c0)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/go-mangos/mangos/core.go:568
created by github.com/go-mangos/mangos.(*dialer).Dial
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/go-mangos/mangos/core.go:539 +0x121

But I had other images, like nilqed/fricas_jupyter or official ubuntu image, their images were built successfully by docker-slim. I want to know why daly/axiom cannot be built.

Other info:
./docker-slim --version

docker-slim version darwin|Tetra|1.15|98b6913d1811004548e7989310c8b8c02da6bdbb|2016-06-20_05:02:53AM

docker --version

Docker version 1.11.2, build b9f10c9

And I did not install go.
If there is any other information I have not supplied, please tell me. Thank you!

Seccomp profiling of Mongo/postgres and others docker run not working

Hi there!

i am trying to profile a mongo container
after creating the profile and executing the command
docker run --security-opt seccomp:/home/da5h/Desktop/dist_linux/.images/39f5c173b5d403baaf377eb0af4ad8b3db1952a18308b55d51fe56a7e67808e1/artifacts/mongo-seccomp.json
there is nothing, no errors no logs no running container
i just receive the bash console back and that's it

the same happens with postgres image and both are from the official docker hub

another issue that i've noticed:
if i try to execute the minified image of mongo i receive an error:
chown: invalid user: 'mongodb'
i guess the second issue is related to the non-root user issue but would like to confirm

How to execute docker run instructions?

Say I run my docker image named sample-image using this command:

docker run -dti --name=sample-image -u=0 --pid=host --net=host --uts=host --privileged=true -p 9279:9279 -v /tmp:/tmp:rw --entrypoint=/entrypoint.sh -e LISTEN_PORT=80 -e PROTOCOL=http -e BACKEND_IP=127.0.0.1 -e BACKEND_PORT=9100 sample-image -a 40.23.123.75

Now I am not able to understand how to exactly run my docker image with docker-slim with all these arguments, so please explain how to do that!

Thanks

ownership not respected

because docker COPY does not preserve file owners, copying the whole slimmed root folder over, changes the ownership of all the files to root. Software relying on proper ownership will have problems, some apps have inbuilt ownership fixers, some don't.

docker-slim does not work with non root images

If you try running docker-slim on an image that does not use the root user it ends up throwing

time="2018-06-02T20:45:02Z" level=info msg="sensor: args => []string{"/opt/dockerslim/bin/sensor"}" 
time="2018-06-02T20:45:02Z" level=info msg="sensor: creating event publisher..." 
time="2018-06-02T20:45:02Z" level=info msg="sensor: creating cmd server..." 
time="2018-06-02T20:45:02Z" level=info msg="sensor: waiting for commands..." 
time="2018-06-02T20:45:02Z" level=info msg="sensor: monitor starting..." 
time="2018-06-02T20:45:02Z" level=info msg="fanmon: Run" 
time="2018-06-02T20:45:02Z" level=fatal msg="docker-slim: failure" error="operation not permitted" stack="goroutine 1 [running]:
runtime/debug.Stack(0xffffffffffffffff, 0x1, 0x5d7320)
	/usr/local/go/src/runtime/debug/stack.go:24 +0xa7
github.com/docker-slim/docker-slim/pkg/utils/errutils.FailOn(0x5d7320, 0xc42039c0d8)
	/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/pkg/utils/errutils/errutils.go:14 +0x51
github.com/docker-slim/docker-slim/internal/app/sensor/monitors/fanotify.Run(0x5b61fa, 0x1, 0xc420380300, 0x1)
	/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/internal/app/sensor/monitors/fanotify/monitor.go:38 +0x8f
github.com/docker-slim/docker-slim/internal/app/sensor.monitor(0xc4203a8000, 0xc420380240, 0xc420396180, 0xc4203a8070, 0xc4200104e0, 0xc42034a152, 0xa)
	/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/internal/app/sensor/app.go:47 +0x122
github.com/docker-slim/docker-slim/internal/app/sensor.Run()
	/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/internal/app/sensor/app.go:130 +0x4ec
main.main()
	/Users/q/Desktop/ALL_DSLIM/BUG_DS_ISSUE_44/docker-slim/_gopath/src/github.com/docker-slim/docker-slim/cmd/docker-slim-sensor/main.go:8 +0x20
" version="linux|Tetra|latest|latest|latest (go1.10)"

Base CentOS images error: "no such file or directory"

Hi, I've ran into an issue after running "docker-slim build centos" (using the official latest image from Docker Hub). Once minified, the centos.slim image can't be executed:

docker run centos.slim:
docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "exec: "/bin/bash": stat /bin/bash: no such file or directory": unknown.

docker run -it centos.slim bash:
standard_init_linux.go:190: exec user process caused "no such file or directory"

Is this a known issue that I simply couldn't find mentioned?

Thanks!

creport.json no such file or directory

Hi ,
When I used the docker-slim tool like this:
./docker-slim build --tag testslim myapp

It failed with below steps:
FATA[0138] docker-slim: failure error=stat /scratch/dockerfiles/slim/dist_linux/.images/cc1e574be08e894141e108356d70c592db7f85df9956170abb4aff8d22e50349/artifacts/creport.json: no such file or directory stack=/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/utils/errors.go:11 (0x561576)
/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/master/commands/build.go:120 (0x4aeacf)
/Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/cli.go:321 (0x40b623)
/usr/local/go/src/runtime/asm_amd64.s:437 (0x466dce)
/usr/local/go/src/reflect/value.go:432 (0x53fc4a)
/usr/local/go/src/reflect/value.go:300 (0x53e911)
/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:483 (0x4bfcce)
/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:186 (0x4c1c7f)
/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:237 (0x4bd369)
/Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/cli.go:526 (0x4063fb)
/Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/main.go:5 (0x4064e9)
/usr/local/go/src/runtime/proc.go:111 (0x439140)
/usr/local/go/src/runtime/asm_amd64.s:1721 (0x469101)

Could you please help me on this? What's the root cause of it? And how can I resolve it?
Thank you very much!

Broken build in CircleCI

I am trying to slim a container after a git push in CircleCI. This error message is appearing though.

echo | ./dist_linux/docker-slim build --http-probe nodecraft/ubuntu
docker-slim: [build] image=nodecraft/ubuntu http-probe=true remove-file-artifacts=false
INFO[0000] docker-slim: inspecting 'fat' image metadata... 
INFO[0000] docker-slim: [91adf44c9b55e69b4fb5d0caacd1c966466e2c373bff5caab38bda7c4ee18833] 'fat' image size => 173817308 (174 MB)

INFO[0000] docker-slim: processing 'fat' image info...  
INFO[0000] docker-slim: starting instrumented 'fat' container... 
INFO[0000] docker-slim: created container => e8eabe1244abcbdaba66590b90b90b51d75d22ba7c14be4b552a3643338759b7 
panic: runtime error: index out of range

goroutine 1 [running]:
github.com/cloudimmunity/docker-slim/master/inspectors/container.(*Inspector).initContainerChannels(0xc820070b80, 0x0, 0x0)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/master/inspectors/container/container_inspector.go:152 +0x206
github.com/cloudimmunity/docker-slim/master/inspectors/container.(*Inspector).RunContainer(0xc820070b80, 0x0, 0x0)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/master/inspectors/container/container_inspector.go:102 +0xd89
github.com/cloudimmunity/docker-slim/master/commands.OnBuild(0x7ffff2ce1376, 0x10, 0x1)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/master/commands/build.go:48 +0xe11
main.init.1.func4(0xc82007a8c0)
    /Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/cli.go:111 +0x283
github.com/codegangsta/cli.Command.Run(0x8a8e80, 0x5, 0x0, 0x0, 0xc8200b80e0, 0x1, 0x1, 0x93e240, 0x3e, 0x0, ...)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:174 +0x1397
github.com/codegangsta/cli.(*App).Run(0xc82007a640, 0xc82000a240, 0x4, 0x4, 0x0, 0x0)
    /Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:187 +0x1135
main.runCli()
    /Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/cli.go:136 +0x4b
main.main()
    /Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/main.go:4 +0x14

goroutine 6 [IO wait]:
net.runtime_pollWait(0x7fad2d8eda10, 0x72, 0xc8200141e0)
    /usr/local/go/src/runtime/netpoll.go:157 +0x60
net.(*pollDesc).Wait(0xc8200bc530, 0x72, 0x0, 0x0)
    /usr/local/go/src/net/fd_poll_runtime.go:73 +0x3a
net.(*pollDesc).WaitRead(0xc8200bc530, 0x0, 0x0)
    /usr/local/go/src/net/fd_poll_runtime.go:78 +0x36
net.(*netFD).Read(0xc8200bc4d0, 0xc8200c2000, 0x1000, 0x1000, 0x0, 0x7fad2d8e8050, 0xc8200141e0)
    /usr/local/go/src/net/fd_unix.go:232 +0x23a
net.(*conn).Read(0xc82002a060, 0xc8200c2000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
    /usr/local/go/src/net/net.go:172 +0xe4
net/http.noteEOFReader.Read(0x7fad2d8edad0, 0xc82002a060, 0xc8200101b8, 0xc8200c2000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
    /usr/local/go/src/net/http/transport.go:1370 +0x67
net/http.(*noteEOFReader).Read(0xc82000ff80, 0xc8200c2000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
    <autogenerated>:126 +0xd0
bufio.(*Reader).fill(0xc820018b40)
    /usr/local/go/src/bufio/bufio.go:97 +0x1e9
bufio.(*Reader).Peek(0xc820018b40, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0)
    /usr/local/go/src/bufio/bufio.go:132 +0xcc
net/http.(*persistConn).readLoop(0xc820010160)
    /usr/local/go/src/net/http/transport.go:876 +0xf7
created by net/http.(*Transport).dialConn
    /usr/local/go/src/net/http/transport.go:685 +0xc78

goroutine 7 [select]:
net/http.(*persistConn).writeLoop(0xc820010160)
    /usr/local/go/src/net/http/transport.go:1009 +0x40c
created by net/http.(*Transport).dialConn

echo | ./dist_linux/docker-slim build --http-probe nodecraft/ubuntu returned exit code 2

/usr/local/go/src/net/http/transport.go:686 +0xc9d Action failed: echo | ./dist_linux/docker-slim build --http-probe nodecraft/ubuntu

Sensor failure due to FANOTIFY exceptions (was - /creport.json: no such file or directory stack=goroutine 1 [running]):

Hello

I noticed the issue 27, here are some details on my similar problem
I launch my container with

docker run -e DISPLAY -v $HOME/.Xauthority:/home/developer/.Xauthority -v /tmp/.X11-unix:/tmp/.X11-unix:ro --net=host k3ck3c/captvty_2562

I get an error

$ ./docker-slim build k3ck3c/captvty_2562
docker-slim: [build] image=k3ck3c/captvty_2562 http-probe=false remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[]
INFO[0000] docker-slim: inspecting 'fat' image metadata...
INFO[0000] docker-slim: [sha256:98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067] 'fat' image size => 3043839780 (3.0 GB)

INFO[0000] docker-slim: processing 'fat' image info...
INFO[0000] docker-slim: starting instrumented 'fat' container...
INFO[0000] docker-slim: created container => 49441d79446d7e64dc3e57781751772900cc52a7bf6c7a3ee86f6fff3710b226
INFO[0000] docker-slim: watching container monitor...
docker-slim: press when you are done using the container...

INFO[0069] sendCmd(): receive timeout...
INFO[0069] docker-slim: waiting for the container finish its work...
WARN[0189] docker-slim: warning error=receive time out stack=goroutine 1 [running]:
runtime/debug.Stack(0x0, 0x0, 0x0)
/usr/local/go/src/runtime/debug/stack.go:24 +0x79
github.com/docker-slim/docker-slim/utils.WarnOn(0x97bc60, 0xc42000f9e0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:18 +0x51
github.com/docker-slim/docker-slim/master/inspectors/container.(*Inspector).FinishMonitoring(0xc42013c240)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/inspectors/container/container_inspector.go:246 +0x1d7
github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffdec0c529d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:112 +0xa7f
main.init.1.func4(0xc420090a00, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713
reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...)
/usr/local/go/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc42002c800, 0xc4200dd910, 0x4b25f6)
/usr/local/go/src/reflect/value.go:302 +0xa4
github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0
github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b
github.com/codegangsta/cli.(*App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611
main.runCli()
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55
main.main()
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19

INFO[0189] docker-slim: shutting down 'fat' container...
WARN[0190] docker-slim: warning error=Container not running: 49441d79446d7e64dc3e57781751772900cc52a7bf6c7a3ee86f6fff3710b226 stack=goroutine 1 [running]:
runtime/debug.Stack(0x55, 0x0, 0x0)
/usr/local/go/src/runtime/debug/stack.go:24 +0x79
github.com/docker-slim/docker-slim/utils.WarnOn(0x97bda0, 0xc42034bda0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:18 +0x51
github.com/docker-slim/docker-slim/master/inspectors/container.(*Inspector).ShutdownContainer(0xc42013c240, 0x1, 0x1)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/inspectors/container/container_inspector.go:224 +0xd0
github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffdec0c529d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:115 +0xb26
main.init.1.func4(0xc420090a00, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713
reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...)
/usr/local/go/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc42002c800, 0xc4200dd910, 0x4b25f6)
/usr/local/go/src/reflect/value.go:302 +0xa4
github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0
github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b
github.com/codegangsta/cli.(*App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611
main.runCli()
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55
main.main()
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19

INFO[0190] docker-slim: processing instrumented 'fat' container info...
INFO[0190] docker-slim: generating AppArmor profile...
FATA[0190] docker-slim: failure error=stat /home/gg/bbc/strip-docker-image/docker_slim/dist_linux/.images/98976d017751420499ae3aca99139bc6a1f79b4aacbb87338f5ae26ed2048067/artifacts/creport.json: no such file or directory stack=goroutine 1 [running]:
runtime/debug.Stack(0x4a0d9b, 0xc4200128c0, 0xc4200dcbf0)
/usr/local/go/src/runtime/debug/stack.go:24 +0x79
github.com/docker-slim/docker-slim/utils.FailOn(0x97c960, 0xc42021abd0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:11 +0x51
github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc42000bda0, 0x7ffdec0c529d, 0x13, 0x0, 0x0, 0xc42000bd00, 0x9bb9e8, ...)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:120 +0xbfd
main.init.1.func4(0xc420090a00, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713
reflect.Value.call(0x76a020, 0x816a88, 0x13, 0x7e4989, 0x4, 0xc4200dd930, 0x1, 0x1, 0x4a92e8, 0x7d8380, ...)
/usr/local/go/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x76a020, 0x816a88, 0x13, 0xc4200dd930, 0x1, 0x1, 0xc42002c800, 0xc4200dd910, 0x4b25f6)
/usr/local/go/src/reflect/value.go:302 +0xa4
github.com/codegangsta/cli.HandleAction(0x76a020, 0x816a88, 0xc420090a00, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0
github.com/codegangsta/cli.Command.Run(0x7e4eac, 0x5, 0x0, 0x0, 0xc42000fd90, 0x1, 0x1, 0x7f75e3, 0x3e, 0x0, ...)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b
github.com/codegangsta/cli.(*App).Run(0xc4200f0000, 0xc42000a1b0, 0x3, 0x3, 0x0, 0x0)
/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611
main.runCli()
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55
main.main()
/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19

Thanks for your time

exec: "/bin/sh": stat /bin/sh: no such file or directory

After using docker-slim to minify a base image (ui_base) which is used to build one of my apps. The child image fails to build with the error message provided in the title:

exec: "/bin/sh": stat /bin/sh: no such file or directory

Relevant parts of my dockerfile for the child image:

WORKDIR /src
ENTRYPOINT ["/src/docker-entrypoint.sh"]

RUN . /src/deploy.sh

For the deploy script i changed it around to:

CMD ["/src/deploy.sh"]

Which prevents error on the build step, but the entrypoint still gives the same error as above. Is this something obvious that im missing? The minification seems to work great. from 870mb -> 23

Im using:

docker -v
Docker version 1.9.1, build a34a1d5

GitHub: offer .tar.gz binary downloads - not just .zip

https://github.com/docker-slim/docker-slim/releases

Two reasons:

Every Linux comes with tar - but not unzip.
ZIP format doesn't carry a +x flag for binaries. chmod +x is needed after unzip.

came across a permission denied, in jenkins slave docker runtime.

time="2016-03-02T09:47:03+08:00" level=info msg="docker-slim: processing 'fat' image info..." 
time="2016-03-02T09:47:03+08:00" level=info msg="docker-slim: starting instrumented 'fat' container..." 
time="2016-03-02T09:47:03+08:00" level=info msg="docker-slim: created container => 003570b71cc4f29f1c1f408ab222046369bf7bb7a5a439804f00735b91798b45" 
time="2016-03-02T09:47:04+08:00" level=fatal msg="docker-slim: failure" error="API error (500): Cannot start container 003570b71cc4f29f1c1f408ab222046369bf7bb7a5a439804f00735b91798b45: [8] System error: exec: \"/opt/dockerslim/bin/sensor\": permission denied\n" 
Build step 'Execute shell' marked build as failure
a

Skip dynamic analysis

Hello, I would like to crush a large image, without automatically deleting any files. Basically I just want to do manual clean-up at the end of my Dockerfile(s), and then flatten the image.

Could it provide an option to skip the runtime analysis?

Doesn't build on armhf

I'm getting a following when trying to build on armhf:

go build ./apps/docker-slim
# github.com/cloudimmunity/system
../system/system_linux.go:24: cannot use unameInfo.Sysname (type [65]uint8) as type [65]int8 in argument to nativeCharsToString
../system/system_linux.go:25: cannot use unameInfo.Nodename (type [65]uint8) as type [65]int8 in argument to nativeCharsToString
../system/system_linux.go:26: cannot use unameInfo.Release (type [65]uint8) as type [65]int8 in argument to nativeCharsToString
../system/system_linux.go:27: cannot use unameInfo.Version (type [65]uint8) as type [65]int8 in argument to nativeCharsToString
../system/system_linux.go:28: cannot use unameInfo.Machine (type [65]uint8) as type [65]int8 in argument to nativeCharsToString
../system/system_linux.go:29: cannot use unameInfo.Domainname (type [65]uint8) as type [65]int8 in argument to nativeCharsToString

Add a tlsverify option to disable certificate validation

Because of VPN software I redirect the docker port to localhost, which causes the certificate validation to fail. It is easy to workaround with docker --tlsverify=false, could you implement a similar option for docker-slim ?

Publish to homebrew

It'd be awesome if this tool could be made available in homebrew for easy installation.

Doesn't build on Ubuntu 14.04

Currently attempting to run docker-slim and docker-slim-sensor on Ubuntu and I've gotten
"bash :./docker-slim: cannot execute binary file: Exec format error"
Is there anyway to convert the Mac binary to be compatible with Linux?

Tag 1.17

The last tag in this repository is v1.13, but the latest release is v1.17. Would you please tag v1.17 from the appropriate commit. This will help packagers immensely. 😸

Problem in /utils/dirs.go#CopyFile()

Hi!

I found when copying files, it could not copy the symbol links correctly. It will always follow the symbol link, so some dependency issues will occur.

I think it should be

func CopyFile(src, dst string, makeDir bool) error {
	info, err := os.Lstat(src)
        ...
}

instead of

func CopyFile(src, dst string, makeDir bool) error {
	info, err := os.Stat(src)
        ...
}

Generates 0B File

Hey, I ran through the directions and it gave me a 0B file... what am I missing?

Problems when using a non-root user (workaround exists)

Hi!

I have an image based on node:6.9.2 where I'm following Docker-node best practices to avoid security issues (check here) but whenever I use a non-root user docker-slim is unable to build the image. here is my Dockerfile, but you should be able to replicate the problem just by creating and using a non-root user e.g:

FROM node:6.9.2
# Add our user and group first to make sure their IDs get assigned consistently
RUN groupadd -r app && useradd -r -g app app

USER app

CMD ["node", "/usr/src/app/server.js"]

Any clues?

starting container process caused "exec: \"/bin/sh\": stat /bin/sh: no such file or directory".

Description

I have error after running RUN docker run -d lonly/docker-alpine-java.slim:

a26edf53fecf609b9fb93adf0880a1dc0da6f26cfe30f38041b89f651c96587e
docker: Error response from daemon: oci runtime error: container_linux.go:265: starting container process caused "exec: \"/bin/sh\": stat /bin/sh: no such file or directory".

Steps to reproduce the issue:

RUN docker-slim build --http-probe lonly/docker-alpine-java:oraclejre-8u152
RUN docker run -d lonly/docker-alpine-java.slim
See error

working in different base images?

I see all the sample images are from debian/ubuntu , I am not sure how much slimmer an alpine image could be but at the moment it does not seem to work on alpine images.

Step 1 : FROM scratch
 ---> 
Step 2 : COPY files /
FATA[0004] docker-slim: failure                          error=lstat files: no such file or directory stack=/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/utils/errors.go:11 (0x558ad6)
/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/master/commands/build.go:134 (0x4ae52f)
/docker-slim/apps/docker-slim/cli.go:309 (0x40afed)
/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:174 (0x4bfb47)
/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:187 (0x4bc0b5)
/docker-slim/apps/docker-slim/cli.go:507 (0x405f6b)
/docker-slim/apps/docker-slim/main.go:5 (0x406059)
/usr/local/go/src/runtime/proc.go:111 (0x4389c0)
/usr/local/go/src/runtime/asm_amd64.s:1721 (0x468981)

It does not pick up any files among the artifacts

Windows Support

Are there any plans to make docker-slim available for windows?

Not working in docker 1.12

In docker 1.12 (1.12.0-rc4-beta19 (build: 10258)) the API has changed and building image with docker-slim now generates error:

FATA[0000] docker-slim: failure error=API error (400): {"message":"starting container with HostConfig was deprecated since v1.10 and removed in v1.12"}

Are there any plans to support this version of docker?

please upload ready to use docker images to Docker Hub

Could you upload a few of your images to Docker Hub please.

docker-slim info not generating dockerfile

root@node: ~/mobi-docker# docker-slim info 3afd47092a0e
2018/04/25 12:44:17 Couldn't set key CPE_NAME, no corresponding struct field found
2018/04/25 12:44:17 Couldn't set key , no corresponding struct field found
2018/04/25 12:44:17 Couldn't set key CENTOS_MANTISBT_PROJECT, no corresponding struct field found
2018/04/25 12:44:17 Couldn't set key CENTOS_MANTISBT_PROJECT_VERSION, no corresponding struct field found
2018/04/25 12:44:17 Couldn't set key REDHAT_SUPPORT_PRODUCT, no corresponding struct field found
2018/04/25 12:44:17 Couldn't set key REDHAT_SUPPORT_PRODUCT_VERSION, no corresponding struct field found
2018/04/25 12:44:17 Couldn't set key , no corresponding struct field found
docker-slim: [info] image= 3afd47092a0e
docker-slim: [info] done.

error=receive time out stack=/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/utils/errors.go:18 (0x5617b6)

Hi, saw in the other post to make sure to have write permissions - everything works and the app does as well, until the point where it stops at this error... How to rectify? Thanks

INFO[0051] docker-slim: waiting for the container finish its work...
WARN[0171] docker-slim: warning error=receive time out stack=/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/utils/errors.go:18 (0x5617b6)
/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/master/inspectors/container/container_inspector.go:249 (0x55ded8)
/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/master/commands/build.go:112 (0x4ae891)
/Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/cli.go:321 (0x40b623)
/usr/local/go/src/runtime/asm_amd64.s:437 (0x466dce)
/usr/local/go/src/reflect/value.go:432 (0x53fc4a)
/usr/local/go/src/reflect/value.go:300 (0x53e911)
/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:483 (0x4bfcce)
/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:186 (0x4c1c7f)
/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:237 (0x4bd369)
/Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/cli.go:526 (0x4063fb)
/Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/main.go:5 (0x4064e9)
/usr/local/go/src/runtime/proc.go:111 (0x439140)
/usr/local/go/src/runtime/asm_amd64.s:1721 (0x469101)

INFO[0171] docker-slim: shutting down 'fat' container...
INFO[0173] docker-slim: processing instrumented 'fat' container info...
INFO[0173] docker-slim: generating AppArmor profile...
FATA[0173] docker-slim: failure error=stat /home/user/dockers/dist_linux/.images/3gju2he99ueh92g93r2h4rh83th29th2rhg28h042hgkmh/artifacts/creport.json: no such file or directory stack=/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/utils/errors.go:11 (0x561576)
/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/cloudimmunity/docker-slim/master/commands/build.go:120 (0x4aeacf)
/Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/cli.go:321 (0x40b623)
/usr/local/go/src/runtime/asm_amd64.s:437 (0x466dce)
/usr/local/go/src/reflect/value.go:432 (0x53fc4a)
/usr/local/go/src/reflect/value.go:300 (0x53e911)
/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:483 (0x4bfcce)
/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:186 (0x4c1c7f)
/Users/me/Desktop/CI_GITHUB/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:237 (0x4bd369)
/Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/cli.go:526 (0x4063fb)
/Users/me/Desktop/CI_GITHUB/docker-slim/apps/docker-slim/main.go:5 (0x4064e9)
/usr/local/go/src/runtime/proc.go:111 (0x439140)
/usr/local/go/src/runtime/asm_amd64.s:1721 (0x469101)

No data artifacts on Alpine

I tried running docker-slim against an Alpine container which worked (creport.json exists and has files in it), but docker-slim complains that there are no data artifacts and the resulting image is unusable (because there is no data in it). The volume mount for the artifacts seems fine, but there is no data being copied. Let me know what data I should provide to help with debugging.

Docker Compose possible?

Our ports and volumes are exposed through docker-compose. We tried slimming an image using the built image but it didn't work correctly I think because the ports weren't exposed so the profiler couldn't see any traffic.

If docker-compose isn't in the realm of docker-slim, would the steps be something like:

modify Dockerfile to do what docker-compose.yml does (expose/volumes)
slim the image
undo the Dockerfile changes or just have two paths

Curious to see if this would work. It'd be cool if we could slim the images generated by docker-compose. Or if I could somehow tell docker-slim to build using the docker-compose.yml file.

Process Event Monitoring Doesn't Work Inside Containers

Silent mode?

is there any silent or non interactive mode? to create a slim image without needing to press enter?

thanks
chen

docker: Error response from daemon: oci runtime error: lstat /proc/self/fd/0: operation not permitted.

Hi,

I just tried on my Mac and on the Linux server to crate an sec comp profile.

The application which was used for testing is a very simple blog with apache.

./docker-slim profile --http-probe mylocalregistry/parcels/bludit

docker info
Containers: 4
Running: 2
Paused: 0
Stopped: 2
Images: 2
Server Version: 1.12.1
Storage Driver: device mapper
Pool Name: docker-253:0-67186553-pool
Pool Blocksize: 65.54 kB
Base Device Size: 10.74 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 482.1 MB
Data Space Total: 107.4 GB
Data Space Available: 16.75 GB
Metadata Space Used: 999.4 kB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.146 GB
Thin Pool Minimum Free Space: 10.74 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Use --storage-opt dm.thinpooldev to specify a custom block storage device.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2016-06-09)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: overlay host bridge null
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-327.28.3.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 976.9 MiB
Name: rocket.test
ID: XHAH:MIU4:SFPM:EX2O:2AOB:4LVI:ZRWJ:TQQZ:5WW3:2KLT:5ENY:VOJT
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Insecure Registries:
127.0.0.0/8

Error oci runtime error: exec: "/opt/dockerslim/bin/sensor": permission denied

Hi!
I downloaded latest dist for mac v1.17, cloned samples from docker-slim/docker-slim/tree/master/sample/apps/node and built image from Dockerfile docker build -t my/sample-node-app .
When i tried run ./docker-slim build --http-probe my/sample-node-app and got error:

MacBook-Pro:dist_mac alex$ ./docker-slim build --http-probe my/sample-node-app
docker-slim: [build] image=my/sample-node-app http-probe=true remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[]
INFO[0000] docker-slim: inspecting 'fat' image metadata...
INFO[0000] docker-slim: [sha256:4c29409bc9585b228986bf1fa544153254b4e4ad76c36fdd46f2a8557cd8aed8] 'fat' image size => 419509897 (420 MB)

INFO[0000] docker-slim: processing 'fat' image info...
INFO[0000] docker-slim: starting instrumented 'fat' container...
INFO[0000] docker-slim: created container => 0880f964950ba839968bc42940eda55d40070a6719e6b8540b350ae642adf53a
FATA[0000] docker-slim: failure                          error=API error (500): {"message":"oci runtime error: exec: \"/opt/dockerslim/bin/sensor\": permission denied"}
 stack=goroutine 1 [running]:
runtime/debug.Stack(0xa2f57, 0xc4200188a8, 0x0)
	/usr/local/go/src/runtime/debug/stack.go:24 +0x79
github.com/docker-slim/docker-slim/utils.FailOn(0x582f00, 0xc42023ee60)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/utils/errors.go:11 +0x51
github.com/docker-slim/docker-slim/master/commands.OnBuild(0x0, 0x0, 0x0, 0xc420017c20, 0x7fff5fbff721, 0x12, 0x0, 0x0, 0xc420017b01, 0x5c27d8, ...)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/docker-slim/docker-slim/master/commands/build.go:76 +0x969
main.init.1.func4(0xc42009a8c0, 0x0, 0x0)
	/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:321 +0x713
reflect.Value.call(0x36e4a0, 0x41b388, 0x13, 0x3e96a9, 0x4, 0xc420125920, 0x1, 0x1, 0xaa218, 0x3dd0a0, ...)
	/usr/local/go/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x36e4a0, 0x41b388, 0x13, 0xc420125920, 0x1, 0x1, 0x0, 0xc4200e3910, 0xb3526)
	/usr/local/go/src/reflect/value.go:302 +0xa4
github.com/codegangsta/cli.HandleAction(0x36e4a0, 0x41b388, 0xc42009a8c0, 0x0, 0x0)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:487 +0x1e0
github.com/codegangsta/cli.Command.Run(0x3e9bc7, 0x5, 0x0, 0x0, 0xc420015ca0, 0x1, 0x1, 0x3fbdb7, 0x3e, 0x0, ...)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/command.go:191 +0xc3b
github.com/codegangsta/cli.(*App).Run(0xc4200f2000, 0xc42000c280, 0x4, 0x4, 0x0, 0x0)
	/GITHUB/docker-slim-org/docker-slim/_vendor/src/github.com/codegangsta/cli/app.go:240 +0x611
main.runCli()
	/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/cli.go:526 +0x55
main.main()
	/GITHUB/docker-slim-org/docker-slim/apps/docker-slim/main.go:5 +0x19

Lost files in the slimmed image for nginx fat image

Hi,

I run docker-slim to generated a slimmed nginx images:

$ ./docker-slim build --http-probe centos:nginx

And the command generated a 6.4MB image successfully, however, I can't run this slimmed image due to missed file:

$ docker run centos.slim
   2018/02/23 07:52:36 [emerg] 1#1: open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)

I checked artifacts reports, and find nginx.conf file is recorded in creport.json:
"/etc/nginx/nginx.conf": {
"event_count": 2,
"first_eid": 0,
"reads": 1
},
But check "files" directory in artifacts, I can't find nginx.conf:

$ cd files/etc/
$ ll
total 4
-rw-r--r--. 1 root root 590 Nov  8  2016 group

I don't know what's wrong with docker-slim tool.

Docker-slim for dotnet core?

This looks awesome, so I tried ot on one of my images based on microsoft/dotnet:2.1.2-runtime-deps-alpine3.7.
It did not crash but gave an output of 0 bytes.

Any plans to support dotnet core based images?

create detailed build instructions

I'm not familiar with the go build process and like to try your tool as an user.

Would you be so kind and provide detailed build instructions maybe as a docker file!

Thx!