How to get SYS_PTRACE on AWS Elastic Beanstalk with Amazon Linux 2, single-container, no Docker Compose
Question
I need to do get the SYS_PTRACE kernel capability on my docker container. Here's the Docerrun.aws.json:
{
"AWSEBDockerrunVersion": "1",
"Authentication": {
"Bucket": "some-bucket",
"Key": "somekey"
},
"Image": {
"Name": "somename",
"Update": "true"
},
"Ports":[
{
"HostPort": 80,
"ContainerPort": 80
},
a few more ports
]
}
Remember, this is Amazon Linux 2, which is a whole new distribution and EB platform. We're not using Docker Compose (wherein you could add that to the yml).
I tried just adding in the following section:
"linuxParameters": {
"capabilities": {
"add": ["SYS_PTRACE"]
}
}
It was simply ignored.
Thanks!
1 answers
solution1
1 2021-04-13 02:16:17
It seems to me, this setting is not supported in v1 . When looking into the docs under section " Docker platform Configuration - without Docker Compose " [1], linuxParameters is not listed as part of "Valid keys and values for the Dockerrun.aws.json v1 file". You might have to switch to v2 by using multi container Docker. The docs for v2 state that "the container definition and volumes sections of Dockerrun.aws.json use the same formatting as the corresponding sections of an Amazon ECS task definition file". [2]
It looks like your code above would work in v2 because it is a valid task definition section, see [3].
[1] https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/single-container-docker-configuration.html
[2] https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_v2config.html
[3] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.