syft does not find anything in archives if /tmp is a tmpfs #2894

martinetd · 2024-05-23T03:50:11Z

What happened:

Running syft scan someimage.tar doesn't find anything on my system with /tmp mounted as tmpfs

What you expected to happen:

It should work as expected

Steps to reproduce the issue:

# if not already a tmpfs
sudo mount -t tmpfs tmpfs /tmp
# get any random archive
curl -O https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/x86_64/alpine-minirootfs-3.20.0-x86_64.tar.gz
# run syft
syft alpine-minirootfs-3.20.0-x86_64.tar.gz
 ✔ Indexed file system                                          /tmp/syft-archive-contents-1080653417
 ✔ Cataloged contents                f7dc00a9fa83e70f0940486a37761faa850ed8d67ebc24a3fb6e93c832dca43d
   ├── ✔ Packages                        [0 packages]  
   └── ✔ Executables                     [0 executables]  
No packages discovered

Anything else we need to know?:

Patching the exclusion for tmpfs obviously works:

diff --git a/syft/internal/fileresolver/directory_indexer.go b/syft/internal/fileresolver/directory_indexer.go
index 92495ab77a36..bf0c1354303e 100644
--- a/syft/internal/fileresolver/directory_indexer.go
+++ b/syft/internal/fileresolver/directory_indexer.go
@@ -485,7 +485,7 @@ func keepUnixSystemMountPaths(infos []*mountinfo.Info) []string {
 		//     - tmpfs - used for /dev in special instances (within a container)
 
 		switch info.FSType {
-		case "proc", "procfs", "sysfs", "devfs", "devtmpfs", "udev", "tmpfs":
+		case "proc", "procfs", "sysfs", "devfs", "devtmpfs", "udev":
 			log.WithFields("mountpoint", info.Mountpoint).Debug("ignoring system mountpoint")
 
 			mountPaths = append(mountPaths, info.Mountpoint)

I guess these would make sense when running syft on a live container, but perhaps we should make sure we're not ignoring the filesystem that contains the scan target?
In the archive case, it's extracting the archive to /tmp/syft-archive-contents-foobar so I'd assume we get that /tmp path somewhere as "scan target", and that should always be allowed.
Anything below (e.g. if /tmp/syft-archive-contents-foobar/tmp) can be ignored as currently done.

Not sure how to do that properly so opening issue first; this can be worked around by running syft in a container so it doesn't see that /tmp is a tmpfs so there is no urgence.

Environment:

Output of syft version: master
OS (e.g: cat /etc/os-release or similar): linux

The text was updated successfully, but these errors were encountered:

martinetd · 2024-06-04T22:39:38Z

Thanks!

martinetd added the bug Something isn't working label May 23, 2024

anchoretoolsops added this to OSS May 23, 2024

This was referenced May 23, 2024

Distro tests fail within nixos anchore/grype#1822

Closed

Scanning a git repository folder present in /tmp produce an empty sbom #2847

Closed

willmurphyscode self-assigned this May 28, 2024

willmurphyscode moved this to In Progress in OSS May 28, 2024

willmurphyscode mentioned this issue May 31, 2024

fix: skip tmpfs mounts only for select paths #2918

Merged

wagoodman self-assigned this Jun 3, 2024

wagoodman moved this from In Progress to In Review in OSS Jun 3, 2024

wagoodman closed this as completed in #2918 Jun 4, 2024

github-project-automation bot moved this from In Review to Done in OSS Jun 4, 2024

BrewTestBot mentioned this issue Jun 10, 2024

syft 1.6.0 Homebrew/homebrew-core#174169

Merged

popey mentioned this issue Aug 1, 2024

Recognition of files in a folder works inconsistently between Linux distributions. #2808

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

syft does not find anything in archives if /tmp is a tmpfs #2894

syft does not find anything in archives if /tmp is a tmpfs #2894

martinetd commented May 23, 2024

martinetd commented Jun 4, 2024

syft does not find anything in archives if /tmp is a tmpfs #2894

syft does not find anything in archives if /tmp is a tmpfs #2894

Comments

martinetd commented May 23, 2024

martinetd commented Jun 4, 2024