I have a directory which contains the docker file, a attack.py and a requirements.txt.
Using that, I created the following dockerfile:
FROM arm64v8/python:3.7-alpine
COPY qemu-arm-static /usr/bin
COPY ./ app-ids
WORKDIR /app-ids
RUN pip install --no-cache-dir -r requirements.txt
CMD["python","./attack.py"]
However, the pip install line throws: standard_init_linux.go:211:exec user process caused "no such file or directory"
I can't figure out why. Using commands like ls, pwd and so on in an attempt to debug this yields the same error.
Can anyone explain what exactly I am doing wrong?
I guess you are trying to build the docker image on a non-arm64v8 platform. I would assume that for the rest of the answer.
The solution provided will be specific for Ubuntu distribution (host), but I guess it should be similar on other linux distribution.
SOLUTION 1 [working on Ubuntu 18.04]
From https://github.com/docker/for-linux/issues/56 we can see that there is bug currently in the packages for Debian (and thus Ubuntu?).
sudo apt-get install qemu-user-static
git clone https://github.com/computermouth/qemu-static-conf.git
sudo mkdir -p /lib/binfmt.d
sudo cp qemu-static-conf/*.conf /lib/binfmt.d/
sudo systemctl restart systemd-binfmt.service
This will remove the qemu-user-binfmt
method from solution 2. However in that package the provided configuration files are not in the folder, and missconfigured, to be used by systemd-binfmt
.
Also, we get the configuration files from a git repository and place them in a folder where the systemd-binfmt looks into: /lib/binfmt.d/
(not /var/lib/binfmts/
as install by qemu-user-static)
Then check the status:
systemctl status systemd-binfmt
And try to compile your docker again. It should work!
SOLUTION 2 [not currently working on Ubuntu 18.04]
It used to be a manually configuration process on previous, but now it is supported via a apt package:
sudo apt-get install qemu-user-binfmt
With that it will create the binfmt
configuration for all platforms under /proc/sys/fs/binfmt_misc/qemu-*
. And when your system detects that the executable is for arm, it will call qemu instead of trying to execute directly.
Here is a link to a more detailed explanation: https://ownyourbits.com/2018/06/13/transparently-running-binaries-from-any-architecture-in-linux-with-qemu-and-binfmt_misc/ or https://ownyourbits.com/2018/06/27/running-and-building-arm-docker-containers-in-x86/
To understand how it works, it is good to the following paragraph:
The kernel recognizes the ARM ELF magic, and uses the interpreter
/usr/bin/qemu-arm-static
, which is the correct QEMU binary for the architecture. 0x7F 'ELF' in hexadecimal is7f 45 4c 46
, so we can see how the magic and the mask work together, considering the structure of the ELF header
typedef struct {
unsigned char e_ident[EI_NIDENT]; /* 0x7F 'ELF' four byte ELF magic for any architecture */
uint16_t e_type;
uint16_t e_machine; /* architecture code, 40=0x28 in the case of ARM */
uint32_t e_version;
ElfN_Addr e_entry;
ElfN_Off e_phoff;
ElfN_Off e_shoff;
uint32_t e_flags;
uint16_t e_ehsize;
uint16_t e_phentsize;
uint16_t e_phnum;
uint16_t e_shentsize;
uint16_t e_shnum;
uint16_t e_shstrndx;
} ElfN_Ehdr;
Note that the binfmt
configuration is shared by docker, therefore it will trying to get the /usr/bin/qemu-arm-static
inside the container. And that is the reason you still need to copy the /usr/bin/qemu-arm-static.