Question

strace显示我使用的转义可能会导致问题与shell形式相比（shell形式vs exec形式见https://docs.docker.com/engine/reference/builder/）

执行形式与[/ * 3 vars * /] - 打破/制造麻烦

ENTRYPOINT ["strace", "hugo", "server", "--watch=true", "--bind=0.0.0.0", "--source=\"/src\"", "--destination=\"/output\""]
execve("hugo", ["hugo", "server", "--watch=true", "--bind=0.0.0.0", "--source=\"/src\"", "--destination=\"/output\""], [/* 3 vars */]) = 0

带有[/ * 4 vars * /]的shell表单 - 工作正常

ENTRYPOINT strace hugo server --watch=true --bind=0.0.0.0 --source=""/src"" --destination=""/output""
execve("hugo", ["hugo", "server", "--watch=true", "--bind=0.0.0.0", "--source=/src", "--destination=/output"], [/* 4 vars */]) = 0"

Dockerfile：（使用ubuntu，因为我不能用alpine运行strace：最新。）

# escape=\
# first line can be removed and doesn't change the behavior of the described issue
FROM ubuntu:latest
RUN apt-get update && apt-get install hugo strace
RUN hugo new site src
WORKDIR /src
ENTRYPOINT ["strace", "hugo", "server", "--watch=true", "--bind=0.0.0.0", "--source=\"/src\"", "--destination=\"/output\""]
EXPOSE 1313

运行并保存输出的命令：

 sudo docker run --security-opt seccomp:unconfined docker-hugo &> docker-hugo.strace

（有关--security-opt）的信息，请参阅https://github.com/moby/moby/issues/20064#issuecomment-291095117

可能的情景概述：

+------------------+-------------------------------------------+------------------------+---------------------------------------------------+
|                  | No Entrypoint                             | Entrypoint (JSON-form) | Entrypoint (shell-form)                           |
+------------------+-------------------------------------------+------------------------+---------------------------------------------------+
| No CMD           | HostConfig.Config.cmd=/bin/bash is called | breaks                 | ok                                                |
|                  | (assumption as of docker inspect)         |                        |                                                   |
+------------------+-------------------------------------------+------------------------+---------------------------------------------------+
| CMD (JSON-form)  | breaks                                    | breaks                 | breaks                                            |
|                  |                                           |                        | (other issue; not handled here                    |
+------------------+-------------------------------------------+------------------------+---------------------------------------------------+
| CMD (shell-form) | ok                                        | ok                     | Breaks [seems to work as designed]                |
|                  |                                           |                        | (both are called with a shell concatinated)       |
|                  |                                           |                        | Example: /bin/sh -c <ENTRYPOINT> /bin/sh -c <CMD> |
+------------------+-------------------------------------------+------------------------+---------------------------------------------------+

所以我的问题是：我是不是正确地逃避了JSON数组？

转义双引号导致3而不是4参数

0 个答案: