[[+content_image]]

Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
SweetPony12017-09-18 17:49:02
Docker
SweetPony1, 2017-09-18 17:49:02

How to bypass "service httpd restart" run restrictions inside Centos7 container?

I tried everything that is on the Internet on this topic, I can not get around the restrictions on running the service inside the container.

[[email protected] bitrix]# systemctl --version
systemd 219
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN

[[email protected] bitrix]# service httpd restart
Redirecting to /bin/systemctl restart httpd.service
Failed to get D-Bus connection: Operation not permitted

#dockerfile
FROM centos:latest
RUN yum -y upgrade
RUN yum -y install initscripts boost-devel && yum clean all 
#RUN yum -y install lsb boost-devel
ADD http://repos.1c-bitrix.ru/yum/bitrix-env.sh /tmp/
RUN sed -i s/'print_e "Cannot configure firewall on the server. PLease see $LOGS_FILE"'/'echo  "Cannot configure firewall on the server. PLease see $LOGS_FILE"'/gi /tmp/bitrix-env.sh
RUN sed -i 's/read version_c/version_c=5/gi' /tmp/bitrix-env.sh
RUN chmod +x /tmp/bitrix-env.sh
RUN /tmp/bitrix-env.sh <<< "n"

While writing, I found a very rough solution, where security is violated, and the container gets access to the real machine.
https://github.com/moby/moby/issues/2296
But I would like to understand if there is a correct way to solve it?
#run.sh
docker build -t bitrix1/eod-docker .
docker rm -f eod-docker
docker run --privileged=true \
 --cap-add=SYS_ADMIN \
 -e "container=docker" \
 -d \
 --security-opt seccomp=unconfined \
 --tmpfs /run --tmpfs /run/lock \
 -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
 --name eod-docker -v /root/mydocker/eod-docker/bitrix:/home/bitrix \
 -ti -p 803:80  bitrix1/eod-docker \
 bash -c "/usr/sbin/init"

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

[[+comments_count]] answer(s)
Report
R
rustler2000, 2017-09-18
@rustler2000

No way.
Systemd should never be a supervisor in a container.
And you don’t need to reinvent the wheel, but find a suitable container with Apache.

Report
I
Ilya Ryabykin, 2017-11-17
@geesoff

#Run
a container
docker run -it -e "container=docker" --privileged=true -d --security-opt seccomp:unconfined --cap-add=SYS_ADMIN -v /sys/fs/cgroup:/sys/ fs/cgroup:ro local_redis bash -c "/usr/sbin/init"
#Exec bash to get shell
docker exec -it [ContainerID] /bin/bash --

Similar questions
M
Madi Pagani2021-08-14 14:46:38
Curl does not create a new Laravel project, what should I do? 1Reply
C
ciedooy2018-05-02 15:42:33
Where can I find a sample Docker deployment for a PHP application? 1Reply
E
ENigma3712020-06-01 12:47:03
When creating Docker-Compose, I get an error not "class str"? 0Reply
I
Irina25902018-05-05 14:26:32
Freeipa server doesn't work when run from docker container, why? 0Reply
D
DanOK172021-08-19 20:08:29
What is wrong in docker compose? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question