acbuild creates /dev/stdin /dev/stdout and /dev/stderr on build but rkt does not on run

[dansteen]

When building container images with acbuild. acbuild automatically creates /dev/std* in the container for each acbuild run command:

$ acbuild begin                                                                      
$ acbuild --debug dep add quay.io/coreos/alpine-sh                     

Adding dependency "quay.io/coreos/alpine-sh"
$ sudo acbuild run -- ls -l /dev                                                      
Downloading quay.io/coreos/alpine-sh: [========================] 2.65 MB/2.65 MB
total 0
crw-------    1 root     root      136,  23 Oct 13 16:03 console
lrwxrwxrwx    1 root     root            11 Oct 13 16:03 core -> /proc/kcore
lrwxrwxrwx    1 root     root            13 Oct 13 16:03 fd -> /proc/self/fd
crw-rw-rw-    1 root     root        1,   7 Oct 13 16:03 full
drwxr-xr-x    2 root     root            60 Oct 13 16:03 net
crw-rw-rw-    1 root     root        1,   3 Oct 13 16:03 null
lrwxrwxrwx    1 root     root             8 Oct 13 16:03 ptmx -> pts/ptmx
drwxr-xr-x    2 root     root             0 Oct 13 16:03 pts
crw-rw-rw-    1 root     root        1,   8 Oct 13 16:03 random
drwxrwxrwt    2 root     root            40 Oct 13 16:03 shm
lrwxrwxrwx    1 root     root            15 Oct 13 16:03 stderr -> /proc/self/fd/2
lrwxrwxrwx    1 root     root            15 Oct 13 16:03 stdin -> /proc/self/fd/0
lrwxrwxrwx    1 root     root            15 Oct 13 16:03 stdout -> /proc/self/fd/1
crw-rw-rw-    1 root     root        5,   0 Oct 13 16:03 tty
crw-rw-rw-    1 root     root        1,   9 Oct 13 16:03 urandom
crw-rw-rw-    1 root     root        1,   5 Oct 13 16:03 zero

However, rkt does not create these links in the running container:

$ acbuild set-name test
$ acbuild write test.aci
$ rkt fetch test.aci                                                               
image: using image from file test.aci
image: signature verified:
  XXXXXX (ACI signing key) <[email protected]>
image: using image from local store for image name quay.io/coreos/alpine-sh
sha512-4c7f470e729558d51724a0cb3ae3478b
$ sudo rkt run --interactive test --exec /bin/ash                                
image: using image from local store for image name coreos.com/rkt/stage1-coreos:1.13.0
image: using image from local store for image name test
image: using image from local store for image name quay.io/coreos/alpine-sh
networking: loading networks from /etc/rkt/net.d
networking: loading network default with type ptp
/ # ls -l /dev
total 4
crw--w----    1 root     root      136,  22 Oct 13 16:06 console
crw-rw-rw-    1 root     root        1,   7 Oct 13 16:06 full
lrwxrwxrwx    1 root     root            28 Oct 13 16:06 log -> /run/systemd/journal/dev-log
drwxr-xr-x    2 root     root          4096 Oct 13 16:06 net
crw-rw-rw-    1 root     root        1,   3 Oct 13 16:06 null
lrwxrwxrwx    1 root     root            13 Oct 13 16:06 ptmx -> /dev/pts/ptmx
drwxr-xr-x    2 root     root             0 Oct 13 16:06 pts
crw-rw-rw-    1 root     root        1,   8 Oct 13 16:06 random
drwxrwxrwt    2 root     root            40 Oct 13 16:06 shm
crw-rw-rw-    1 root     root        5,   0 Oct 13 16:06 tty
crw-rw-rw-    1 root     root        1,   9 Oct 13 16:06 urandom
crw-rw-rw-    1 root     root        1,   5 Oct 13 16:06 zero
/ #

This creates issues actually adding in those links for applications that need it:

$sudo acbuild run -- ln -s /proc/self/fd/0 /dev/stdin
ln: /dev/stdin: File exists

Even worse, If you force it with -f, acbuild will remove the link you create (I assume under the assumption that it created it).

In the end I wound up using COPY:

$acbuild copy /dev/stdin /dev/stdin

But it took some time to figure out that I could do that, and was quite confusing. This becomes even more of a problem if you need to create a link that does not exist in your current system (something like /dev/console to /dev/std(in|out) for systemd). Then you have to keep a copy of the link you need in your repo and copy that in.

Thanks!

[cgonyeo]

Interesting. Maybe an acbuild ln command would be an acceptable solution to this?

Also just so I understand the use case better, why does your application need these files to exist?

[dansteen]

hi @dgonyeo,

Thanks for the reply! The application writes messages out to /dev/stdout and /dev/stderr (stdin above was just by way of example), under the assumption that these links exist in most distros, and when running under systemd this is the "correct" way to do things. I've reached out to the developer to see if I could get things adjusted, but this seemed like a valid general case issue, so I figured I'd open a ticket.

There is a lot of discussion of this sort of issue in the docker world (here as an example: moby/moby#8755)

Thanks!

[cgonyeo]

Now that I've thought of it I would like to create an acbuild ln command (it would be generally useful), but maybe a rkt flag to generate these at runtime would also be appropriate. I'll file an issue over in the rkt repo for at least consideration.

[cgonyeo]

And crosslinking this: rkt/rkt#3294

[sanmai-NL]

The acbuild ln command should be a separate issue, to keep things clear. Once rkt/rkt#3294 is resolved, this can be closed, I think.