Comments (71)
error: failed to launch REPL process: process launch failed: 'A' packet returned an error: 8
from swift-docker.
Had to add --privileged
like @LoiKos mentioned. Maybe it is time to update the README that is shown on https://hub.docker.com/_/swift/
from swift-docker.
@hamin @gabhi You can use --security-opt seccomp=unconfined
instead to disable seccomp. It's a little more secure. :)
docker run -it --security-opt seccomp=unconfined --name swiftfun swiftdocker/swift:latest /bin/bash
from swift-docker.
Hello, I download the latest official swift image from docker hub and there is still the problem with REPL.
mbp-de-loic:Orange loik$ docker run --cap-add sys_ptrace -ti --rm swift swift
error: failed to launch REPL process: process launch failed: 'A' packet returned an error: 8
mbp-de-loic:Orange loikos$ docker images swift
REPOSITORY TAG IMAGE ID CREATED SIZE
swift latest d505ae70cb39 2 weeks ago 1.15 GB
Can't make it work even using --cap-add sys_ptrace
but it work with --privileged
from swift-docker.
So what is the way to make this docker work? As I keep getting error: failed to launch REPL process: process launch failed: 'A' packet returned an error: 8
no matter what I try to copy from here to my terminal.
Can't pass even first step to install this docker. I'm not familiar with REPL, so definitely have no clue how to set up it, just following readme, which is not working.
from swift-docker.
In the same way as @LoiKos and @andradei
I had to add --privileged
docker run --privileged --cap-add sys_ptrace -it --rm swift:5.0-xenial swift
I have Docker running on macOS Mojave. We are in 2019 and they still don't update the README in docker Hub.
from swift-docker.
As @tianon comment for --privileged
maybe
docker run --cap-add sys_ptrace --security-opt seccomp=unconfined -it --rm swift swift
better than
docker run --privileged --cap-add sys_ptrace -it --name swiftfun swift /bin/bash
from swift-docker.
Ok, here's what I've had success with: (where default.json
comes from https://raw.githubusercontent.com/docker/docker-ce/v17.06.2-ce/components/engine/profiles/seccomp/default.json)
--- default.json 2017-09-08 15:02:37.061507178 -0700
+++ swift.json 2017-09-08 15:02:54.821989684 -0700
@@ -216,6 +216,7 @@
"open",
"openat",
"pause",
+ "personality",
"pipe",
"pipe2",
"poll",
$ docker run -it --rm --security-opt seccomp=swift.json --cap-add sys_ptrace swift swift
Welcome to Swift version 3.1 (swift-3.1-RELEASE). Type :help for assistance.
1>
from swift-docker.
from swift-docker.
I have this issue too (on clean install ubuntu 14.04 VM),
But I found that if I add the --privileged
to docker command, it works
otherwise I got error: failed to launch REPL process: process launch failed: 'A' packet returned an error: 8
from swift-docker.
@tianon @swizzlr @hamin that works:
docker run --cap-add sys_ptrace -ti --rm swiftdocker/swift swift
from swift-docker.
We need a third person to try this out to figure out which of our machines is wrong. The image ID is c9f6b5fece4f
, what's yours?
from swift-docker.
I'd suggest we document this in the README, since we don't have any power over this right now, then close this issue.
from swift-docker.
Indeed -- --privileged
is a huge hammer, and should be used with extreme caution and care. It'd be useful IMO to narrow down exactly which part of Docker's default seccomp profile is causing the denial, especially so either the debugger can be fixed to not require that (if possible) or a custom profile to allow it can be written (to avoid using a bare unconfined
). 👍
from swift-docker.
@tianon thanks for the tip. we know it's something to do with accessing keyboard drivers in LLDB, but we might have more luck following up on their mailing list. In any case, REPL support is something rarely requested – most devs have their own local install of Swift that works just fine for that. It would be very nice to have a permanent solution.
from swift-docker.
from swift-docker.
The real was definitely working for me, but I was installing all the deps that apple was suggesting. Should we put those deps back for completeness sake? We might be breaking other parts of the toolchain without knowing it but not having deps apple details in their docs. Perhaps revert that commit and see what happens?
from swift-docker.
@hamin When they say "development dependencies" I assume they mean for building the swift toolchain itself. (right, @jckarter)? I'll work backwards from the list of dependencies and find which libraries are necessary; then I'll open a PR to the swift repo updating their docs.
from swift-docker.
@swizzlr yeah what you're saying makes sense, checking it out
from swift-docker.
@hamin just tried "reverting" those changes and no dice. are you sure it worked for you, back then? maybe it's flaky?
from swift-docker.
So its working for me right now. I'm running latest master:
from swift-docker.
@swizzlr its working for me. I'm running latest master
from swift-docker.
@swizzlr what were you trying to run exactly?
from swift-docker.
@swizzlr argh sorry its not running for me...i was running my old docker image...gimme a few
from swift-docker.
@swizzlr confirmed this master is not working for me...the above screenshot was from my original repo. It definitely worked
from swift-docker.
Does this commit work 369c495 ?
from swift-docker.
@swizzlr checking it out. Meanwhile do a docker pull from here https://hub.docker.com/r/harisamin/docker-swift/
docker pull harisamin/docker-swift
Try that and see if it works there
from swift-docker.
Nope, not working on this (digital ocean VM hooked up with docker-machine).
docker run -it harisamin/docker-swift bash
from swift-docker.
wtf how is it working for me then from my original image. you're just typing swift
right? I know there's a swift_repl
not sure what exactly that one does
from swift-docker.
The one I pushed to Docker Hub earlier today was this: harisamin/docker-swift latest 48660452cc49
from swift-docker.
Again from original one I had.
from swift-docker.
@swizzlr master on our repo:
Step 7 : RUN wget https://swift.org/builds/ubuntu1404/swift-2.2-SNAPSHOT-2015-12-01-b/swift-2.2-SNAPSHOT-2015-12-01-b-ubuntu14.04.tar.gz
---> Running in 0e5501001ce0
--2015-12-04 00:32:30-- https://swift.org/builds/ubuntu1404/swift-2.2-SNAPSHOT-2015-12-01-b/swift-2.2-SNAPSHOT-2015-12-01-b-ubuntu14.04.tar.gz
Resolving swift.org (swift.org)... 169.45.67.140
Connecting to swift.org (swift.org)|169.45.67.140|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2015-12-04 00:32:30 ERROR 404: Not Found.
Checking if there's a new tar, maybe apple removed the old one
from swift-docker.
@swizzlr lol the link is dead: https://swift.org/builds/ubuntu1404/swift-2.2-SNAPSHOT-2015-12-01-b/swift-2.2-SNAPSHOT-2015-12-01-b-ubuntu14.04.tar.gz
Got it from here: https://swift.org/download/
from swift-docker.
On my own docker implementation I had user reporting the same issue. Funny thing is it work for my docker on VM.
from swift-docker.
@lxcid That's fascinating! Do you think you could find out what the implementations are?
Maybe this is a TTY thing?
I was interested in creating a latest
image that would provide the most recent version built from source. Perhaps if we try building from scratch inside the container we might unearth the dependencies that are not present?
from swift-docker.
I'm trying to build from source at the moment though. Its painfully slow, maybe its because I'm building a release build.
Use the following python (2.7) script https://github.com/apple/swift/blob/master/utils/build-script
I'm not sure if I can wait until it complete but I'll keep you updated on my finding.
from swift-docker.
root@ab75a4cb7eff:/usr/src/swift# ./build/Ninja-ReleaseAssert/swift-linux-x86_64/bin/swift --version
Swift version 2.2-dev (LLVM 46be9ff861, Clang 4deb154edc, Swift c959ce2c83)
Target: x86_64-unknown-linux-gnu
root@ab75a4cb7eff:/usr/src/swift# ./build/Ninja-ReleaseAssert/swift-linux-x86_64/bin/swift
LLVM ERROR: Compiler-internal integrated REPL unimplemented for this platform
This is the output of the release build.
I'm doing another debug build at the moment.
from swift-docker.
@lxcid do u mind trying the latest master? I've tested the current master on my local docker instances and am able to launch the repl without issue. Let us know :)
from swift-docker.
I just tried the latest master fb7ff42 but it still have the same error in Digital Ocean docker.
I suspect it is the binary that have issue.
from swift-docker.
@hamin you running it on your MB in boot2docker?
from swift-docker.
I installed docker via their official mac DMG.
sh --login '/Applications/Docker/Docker Quickstart Terminal.app/Contents/Resources/Scripts/start.sh'
That's how i start it its funny because looking at #12 seems like @sosedoff was able to deploy our image and it seems to be running.
from swift-docker.
Im running swift docker image: swiftdocker/swift:836d5b4ca56e and it works fine on both linux and osx machines. Locally (on osx) im using docker-machine and can run REPL with this command:
$ docker run -it swiftdocker/swift swift
Welcome to Swift version 2.2-dev (LLVM 46be9ff861, Clang 4deb154edc, Swift 778f82939c). Type :help for assistance.
1>
from swift-docker.
I'm laboriously downloading the entire thing to my local machine now, but I think we might be able to isolate this to digitalocean. Curious, but not worth leaving in the open without more reports.
from swift-docker.
I can confirm it works locally!
This is so weird.
from swift-docker.
Works locally on OS X. Failed on EC2.
https://hub.docker.com/r/swiftdocker/swift/
https://hub.docker.com/r/ontouchstart/docker-swift-snapshot/ (my own docker image)
Local OS X docker machine
EC2
from swift-docker.
@CorcovadoMing awesome find! I can confirm that --privileged=true
fixed it. I still like to know whats wrong though. I going to do some more investigation.
from swift-docker.
@CorcovadoMing Awesome find! Would be great to know what's causing this. If its something we can fix in our docker configuration I'm game :). @CorcovadoMing @lxcid feel free to submit PR :)
from swift-docker.
It seems that we may need to fix swift, it may be attempting to access hardware that it isn't allowed to find.
from swift-docker.
As you can see, there is no problem with interpreted the swift file without lldb via swift *.swift
and also compiled with swiftc
command in docker without --privileged=true
lldb seems to need to access the bottom layer to provide the runtime information
is it possible that we manually disable the lldb debugger to run swift repl?
for now, I think the whole swift repl is built on top of lldb, so there are not much thing we can do on docker configuration
from swift-docker.
You can't run interactive swift without lldb, I've tried. Seems we need to figure out what lldb needs at the machine level.
from swift-docker.
--privileged
worked for me
sudo docker run --privileged -it ontouchstart/docker-swift-snapshot
from swift-docker.
If anyone else is looking, this issue is already listed on the swift bug tracker: https://bugs.swift.org/browse/SR-54
from swift-docker.
Fixed by #24
from swift-docker.
@aduermael niiiice, I've confirmed that's working here too! That's way better. 🤘
from swift-docker.
@tianon @aduermael Thanks so much Adrian! I will fold this into the documentation.
from swift-docker.
So, to run the REPL we need to add the sys_ptrace key which allows you to "Trace arbitrary processes using ptrace(2)."
https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities
Now we just need to figure out how necessary that is, and if the REPL can run without it!
from swift-docker.
The Swift.org community makes use of the LLDB debugger to provide a rich REPL as well as the debugging environment for the Swift Language
@swizzlr the REPL uses LLDB, and LLDB needs ptrace...
https://swift.org/lldb/#why-combine-the-repl-and-debugger
from swift-docker.
this one is tough and has been haunting us forever :) . Not sure what to do here, in the Github readme we have privileged noting that ppl use containers locally for development too and not just for deployments, places where a Swift repl is more needed or helpful. I think we decided to exclude them from the Docker hub documentation specifically for containers on linux servers concern. I think this was also pointed to us out by Docker team when we were merging the project in the official images section that they maintain.
from swift-docker.
Sounds like more caps are now required than before
Unfortunately, even with --cap-add=ALL
, I can't make it work... 😕
from swift-docker.
from swift-docker.
from swift-docker.
Should we even be supporting repl in the official image? If things like text editors are excluded, everything except the core compiler and runtime should be excluded right? The purpose of this image is execution, not dev support.
from swift-docker.
@jonauz If the Readme instructions aren't working for you, please open a separate issue. This issue tracks the fact that the REPL fails without elevated security privileges.
from swift-docker.
Action item: me to update Readme and sync it with official repo README.
from swift-docker.
I get this:
docker run --cap-add sys_ptrace -it --rm swift swift
error: failed to launch REPL process: process launch failed: 'A' packet returned an error: 8
I see from above I should perhaps open a new issue?
from swift-docker.
@fekerr it likely also needs a slightly customised seccomp profile, as I noted above (#9 (comment))
from swift-docker.
@swizzlr We are moving Swift Docker issues to https://bugs.swift.org Component: Docker. Can you please file your issue on bugs.swift.org?
We are planning on closing GitHub swift-docker issues on Dec 20th, 2018 (PST).
from swift-docker.
Adding --privileged
is a huge hammer with broad security implications. What should be documented is the specific security features that need to be disabled, add I already noted above: #9 (comment)
from swift-docker.
When I add --cap-add sys_ptrace the image never gets created.
from swift-docker.
Hi,
I just tried today and this worked for me!
docker run --privileged --cap-add sys_ptrace -it --name swiftfun swift /bin/bash
from swift-docker.
I've gotten it working with only one change to the seccomp profile.
root@2b7a2030895e:~# strace -f swift repl 2>&1 | grep EPERM
[pid 436] setsid() = -1 EPERM (Operation not permitted)
[pid 439] personality(PER_LINUX|ADDR_NO_RANDOMIZE) = -1 EPERM (Operation not permitted)
My change to the default seccomp profile:
--- seccomp.json.orig 2023-08-31 03:56:06.480864664 +0100
+++ seccomp.json 2023-08-31 03:56:51.149223795 +0100
@@ -824,6 +824,19 @@
"CAP_PERFMON"
]
}
+ },
+ {
+ "names": [
+ "personality"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [
+ {
+ "index": 0,
+ "value": 262144,
+ "op": "SCMP_CMP_EQ"
+ }
+ ]
}
]
}
\ No newline at end of file
$ docker run --rm -it --security-opt seccomp=seccomp.json swift swift repl
Welcome to Swift version 5.8.1 (swift-5.8.1-RELEASE).
Type :help for assistance.
1> import Foundation
2> Date()
$R0: Foundation.Date = 2023-08-31 02:43:28 GMT
3> ^D
Allowing ADDR_NO_RANDOMIZE by default was requested in moby/moby#43011, but the answer was to maintain your own seccomp profile.
from swift-docker.
Related Issues (20)
- no matching manifest for linux/arm64/v8 in the manifest list entries HOT 4
- Swift LLDB cannot launch application in 5.6-centos7 docker image HOT 3
- swift: not found on focal-slim HOT 3
- Vapor build crash swift:5.6.2-centos7 HOT 1
- Swift 5.7 Ubuntu 22.04 jammy container HOT 12
- Nightly centos7 and bionic images not pushed recently HOT 1
- Nightly 5.7 contains old version HOT 2
- `swift repl` broken on Ubuntu images, appears to require libpython-dev HOT 1
- Slim version plus the package module HOT 3
- New
- Swift docker
- Problem with Docker.build Vapor project with qemu HOT 3
- Missing "5.9.1-slim" docker image for architecture "linux/arm64/v8" HOT 1
- HBushIA
- Request: Include nightly snapshot name in image tag HOT 1
- Ubuntu 24.04 LTS Noble Numbat HOT 5
- Consider changing the installation location HOT 9
- [Swift 6.0] Support nightly docker image for Windows HOT 1
- The new Musl SDK does not include XCTest HOT 2
- Cannot build CentOS 7 images (and that causes CI failures) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from swift-docker.