I run docker exec -it 375babe4d6fc --user root /bin/bash and I get error message as follows:
OCI runtime exec failed: exec failed: container_linux.go:346: starting container process caused "exec: \"--user\": executable file not found in $PATH": unknown
But I am sure I have succeeded to run this command before.But Now I can only run docker exec -it 375babe4d6fc /bin/bash to enter the docker container.
Anybody help? Thank you
My docker's version is 2.1.0.5 on windows
I found the problem. It will be OK to use docker exec -it --user root 375babe4d6fc root /bin/bash
Related
I want to use zsh as a part of shell in the running docker container. The thing is, I am using the third part image, Therefore I cannot update the image file.
zsh
zsh is already installed in my system.
Path for my zsh is '/bin/zsh'
The Solutions that I have tried is:
docker exec -it container_id /bin/zsh
docker exec -it container_id zsh
Exceptions While running above commands:
OCI runtime exec failed: exec failed: container_linux.go:380: starting container process caused: exec: "/bin/zsh": stat /bin/zsh: no such file or directory: unknown
For example, I have a dockerfile which has a ENTRYPOINT command:
From alpine:latest
WORKDIR /app/
RUN apk add --no-cache bash && echo 'echo foo:$FOO' > echo.sh && cat echo.sh && chmod a+x echo.sh
ENTRYPOINT ["sh", "-c", "_FOO=$FOO ./echo.sh && unset FOO && sleep 30"]
Then I run this docker and pass env FOO with value bar:
$ docker run --rm -e FOO=bar --name=demo docker-image-demo
How to unset the environment variable FOO in container which is provided by docker run -e FOO=bar command ?
$ docker exec -it demo bash
$ bash-5.0$ echo $FOO
bar
I try to use exec to replace container process with bash, but I get some error:
ENTRYPOINT ["exec", "sh", "-c", "_FOO=$FOO ./echo.sh && unset FOO && sleep 30"]
docker: Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "exec: "exec": executable file not found in $PATH": unknown.
I'd use docker secret for this purpose. Injecting secrets to the container via env variables is perfectly acceptable - even security-hardened Openshift permits it in their Templates.
If the adversary is already inside of the server container, then they must have hacked the very password you are trying to hide here. Or they gained access to your machine and can execute docker commands (docker group password is usually at the same level as sudo, so it means you have been hacked down to root level) or have your CLI password in case of Openshift, so they can connect to remote shells in all other containers in your namespace and do whatever they please. So hiding env vars seems now a bit too late.
You do it with the unset shell built-in, exactly as you're doing it.
However: docker exec shells do not run as children of your entrypoint, so any changes the entrypoint makes to the environment won't be visible to those shells. This usually isn't a practical problem, since you should usually reserve docker exec for occasional debugging tasks.
One way to see this is to edit your Dockerfile to run the echo.sh script again after the unset command.
You can also restructure this to use an entrypoint wrapper script, and honor the Docker CMD. For example, we could take the long command in your current ENTRYPOINT line and rewrite it into a script:
#!/bin/sh
# Do any first-time setup that's required
echo "FOO was '$FOO'"
unset FOO
echo "FOO is now '$FOO'"
# Then run the main container command, replacing this script
exec "$#"
You can then invoke this in the Dockerfile:
FROM alpine:latest
# RUN apk add --no-cache bash
WORKDIR /app
COPY echo.sh entrypoint.sh . # will preserve executable bit
# Must use JSON-array syntax; must not use `sh -c` wrapper
ENTRYPOINT ["/app/entrypoint.sh"]
# Can be anything
CMD sleep 30
Now if you build this image, you can docker run it with an alternate command. For example, if you just want to see the environment the main container process will run with, you can
docker run --rm docker-image-demo env
Google's distroless images by default do not have any shell (even sh), so they are ideal for hiding environment variables and protecting scripted apps code (if you are lucky to use the supported languages such as Go, Java, or Rust, sadly not python yet).
More info
As for debugging during development time, these images have also special dev versions with busybox installed (and thus sh) - it's enough to switch to the debug tag:
$ docker run -it --rm --name base -u 0 gcr.io/distroless/base:debug
/ # id
uid=0(root) gid=0(root)
... versus my vain hacking attempts of the shell-less production version of the same container:
$ docker run -it --rm --name base -u 0 gcr.io/distroless/base:latest
docker: Error response from daemon: No command specified.
See 'docker run --help'.
$ docker run -it --rm --name base -u 0 gcr.io/distroless/base:latest cat /etc/shells
docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "cat": executable file not found in $PATH: unknown.
$ docker run -it --rm --name base -u 0 gcr.io/distroless/base:latest echo $SHELL
docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "echo": executable file not found in $PATH: unknown.
$ docker run -it --rm --name base -u 0 gcr.io/distroless/base:latest echo $PATH
docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "echo": executable file not found in $PATH: unknown.
$ docker run -it --rm --name base -u 0 gcr.io/distroless/base:latest cat $PATH
docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "cat": executable file not found in $PATH: unknown.
$ docker run -it --rm --name base -u 0 gcr.io/distroless/base:latest cat $SHELL
docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "cat": executable file not found in $PATH: unknown.
$ docker run -it --rm --name base -u 0 gcr.io/distroless/base:latest sh
docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "sh": executable file not found in $PATH: unknown.
$ docker run -it --rm --name base -u 0 gcr.io/distroless/base:latest bash
docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "bash": executable file not found in $PATH: unknown.
$ docker run -it --rm --name base -u 0 gcr.io/distroless/base:latest busybox
docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "busybox": executable file not found in $PATH: unknown.
$ docker run -it --rm --name base -u 0 gcr.io/distroless/base:latest id
docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "id": executable file not found in $PATH: unknown.
ERRO[0000] error waiting for container: context canceled
$ docker run -it --rm --name base -u 0 gcr.io/distroless/base:latest env
docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "env": executable file not found in $PATH: unknown.
I have created a docker to run PIVX coin in it. I can see the files are in the docker.
$ sudo docker exec -i ff6438b86a55 ls /usr/local/bin
pivx-cli
pivx-tx
pivxd
But when I run sudo docker exec -i ff6438b86a55 pivx-cli :
OCI runtime exec failed: exec failed: container_linux.go:344: starting
container process caused "exec: \"pivx-cli\": executable file not
found in $PATH": unknown
The docker is running and it seems the pivxd daemon is running.
$ sudo docker exec -i ff6438b86a55 ps fax
PID TTY STAT TIME COMMAND
6 ? Rs 0:00 ps fax
1 pts/0 Ss+ 0:00 tail -f /dev/null /usr/local/bin/pivxd
Make sure the executables have exec privs and Try
sudo docker exec -it ff6438b86a55 /usr/local/bin/pivx-cli
I'm trying to use zsh instead of bash with the docker exec command, like this:
docker exec -it d52b251308b3 zsh
Or this:
docker exec -it d52b251308b3 /bin/zsh
The location is correct but I receive this error:
rpc error: code = 2 desc = oci runtime error: exec failed:
container_linux.go:247: starting container process caused "exec:
\"zsh\": executable file not found in $PATH"
It looks like zsh is not installed on that image as /bin/zsh would likely be the path. You can create a new Dockerfile that uses the base image and installs zsh, or you can install it within the container temporarily and launch from bash.
I am running the container hypriot/rpi-busybox-httpd
I am trying to ssh to docker container: but it is giving error :
pi#raspberrypi:~ $ docker exec -it cc55da85b915 bash
rpc error: code = 2 desc = oci runtime error: exec failed: container_linux.go:247: starting container process caused "exec: \"bash\": executable file not found in $PATH"
pi#raspberrypi:~ $ docker exec -it cc55da85b915 sh
rpc error: code = 2 desc = oci runtime error: exec failed: container_linux.go:247: starting container process caused "exec: \"sh\": executable file not found in $PATH"
am I doing the right away ?
It could be your image does not have the binary /bin/bash installed (as suggested before), I had the same problem and I was able to enter into the container using /bin/sh
docker exec -ti cc55da85b915 /bin/sh
Another workaround could be execute directly the commands without get access to any shell.
docker exec -ti cc55da85b915 ls /etc
The image you're using seems that it doesn't have the binary /bin/bash installed but it should have /bin/sh
Try:
docker exec -it cc55da85b915 sh
You might need to specify the full path to bash, e.g.:
docker exec -it cc55da85b915 /bin/bash
or /usr/local/bin/bash, or wherever bash is located in that image.
Hope this helps!
You have many different ways to do that, you can attach using docker's attach command.
$ sudo docker attach cc55da85b915 #by ID
Or you can use docker exec command:
$ sudo docker exec -i -t cc55da85b915 /bin/bash
If /bin/bash fails, you can use /bin/sh that works in more containers:
$ sudo docker exec -i -t cc55da85b915 /bin/sh
if you are still looking for an answer. This worked for me on windows.
winpty docker exec -it <containerid> sh
For Alpine based image, docker exec -ti cc55da85b915 /bin/sh and docker exec -ti cc55da85b915 ls /etc worked. As suggested by 'Esteban Collado'.
However for other Linux versions I use,
docker exec -ti cc55da85b915 bash
Try Below Command:
docker exec -it cc55da85b915 /bin/busybox sh
To list all the available commands use:
docker exec -it cc55da85b915 /bin/busybox --list
This will also relevant for Kubernetes pods.
For example if you'll try to connect to a pod which doesn't contain the shell you specified:
kubectl exec -it some-busybox-pod bash
(busybox have sh on it not bash).
You'll end up with the same error:
OCI runtime exec failed: exec failed: container_linux.go:349: starting container process caused "exec: \"bash\": executable file not found in $PATH": unknown
command terminated with exit code 126