You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Can build-recorder see what a docker/podman/chroot image is cooking?
We were asked this in FOSDEM two years ago, back then we said that it should be able to, but after exploring I've come to announce that currently no it cannot. Sorry for the wait!
Is it possible?
Yes! Containers are essentially chroots and the whole idea of a chroot is to change userspace while keeping kernelspace intact.
build-recorder works by capturing the interactions between userspace and kernelspace, so unless we are missing something it's absolutely possible to trace container processes.
Is it easy?
Unfortunately not. While build-recorder should be able to trace container processes, it's a fact that the tool is built around the idea that it lives in the same userspace as the build process it traces. Changing that could severely change the way it functions, perhaps limit its tracing ability, but could also potentially change it for the better.
Is it desirable?
You tell me!
I develop build-recorder using toolbox inside a fedora 41 container, running this: ~/projects/build-recorder $ ./build-recorder toolbox run -c build-recorder make
(invoke build-recorder to trace podman using the container named "build-recorder" to run "make" on directory ~/projects/build-recorder where build-recorder's source lies).
works, but it pollutes the output file with lots of files and processes that podman uses to set up the chroot, unrelated to the build itself.
So?
So to the guy(I believe it was Paul!) who asked us if that is possible or if he'd better be running build-recorder inside his dockerfile, personally I believe that running it in your dockerfile is a better idea =D.
The text was updated successfully, but these errors were encountered:
Can build-recorder see what a docker/podman/chroot image is cooking?
We were asked this in FOSDEM two years ago, back then we said that it should be able to, but after exploring I've come to announce that currently no it cannot. Sorry for the wait!
Is it possible?
Yes! Containers are essentially chroots and the whole idea of a chroot is to change userspace while keeping kernelspace intact.
build-recorder works by capturing the interactions between userspace and kernelspace, so unless we are missing something it's absolutely possible to trace container processes.
Is it easy?
Unfortunately not. While build-recorder should be able to trace container processes, it's a fact that the tool is built around the idea that it lives in the same userspace as the build process it traces. Changing that could severely change the way it functions, perhaps limit its tracing ability, but could also potentially change it for the better.
Is it desirable?
You tell me!
I develop build-recorder using toolbox inside a fedora 41 container, running this:
~/projects/build-recorder $ ./build-recorder toolbox run -c build-recorder make(invoke build-recorder to trace podman using the container named "build-recorder" to run "make" on directory ~/projects/build-recorder where build-recorder's source lies).
works, but it pollutes the output file with lots of files and processes that podman uses to set up the chroot, unrelated to the build itself.
So?
So to the guy(I believe it was Paul!) who asked us if that is possible or if he'd better be running build-recorder inside his dockerfile, personally I believe that running it in your dockerfile is a better idea =D.
The text was updated successfully, but these errors were encountered: