Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Machineid can be edited not unique in docker container #10

Open
lzy370402 opened this issue Jan 9, 2020 · 2 comments
Open

Machineid can be edited not unique in docker container #10

lzy370402 opened this issue Jan 9, 2020 · 2 comments

Comments

@lzy370402
Copy link

I want to use machineid in docker to make sure that machines are unique, but machineid file can be edited in docker.So it happens that docker containers in diffierent machines can have the same machineid.

@dhcgn
Copy link

dhcgn commented Feb 22, 2021

I would suggest that we use cgroup to determine that we run under docker and than use the hash like string in cgroup as a salt.

Unique literal for docker container: head -1 /proc/self/cgroup|cut -d/ -f3
Usage of Docker: grep -q docker /proc/self/cgroup && echo Docker || echo NO_DOCKER

/proc/self/cgroup

PS H:\> docker run --rm centos:8 /bin/sh -c "cat /proc/self/cgroup"
14:name=systemd:/docker/4531c6cdf6e13484be06e3615ebf4721c51a0b814555b15c210115762fc5b484
13:rdma:/
12:pids:/docker/4531c6cdf6e13484be06e3615ebf4721c51a0b814555b15c210115762fc5b484
11:hugetlb:/docker/4531c6cdf6e13484be06e3615ebf4721c51a0b814555b15c210115762fc5b484
10:net_prio:/docker/4531c6cdf6e13484be06e3615ebf4721c51a0b814555b15c210115762fc5b484
9:perf_event:/docker/4531c6cdf6e13484be06e3615ebf4721c51a0b814555b15c210115762fc5b484
8:net_cls:/docker/4531c6cdf6e13484be06e3615ebf4721c51a0b814555b15c210115762fc5b484
7:freezer:/docker/4531c6cdf6e13484be06e3615ebf4721c51a0b814555b15c210115762fc5b484
6:devices:/docker/4531c6cdf6e13484be06e3615ebf4721c51a0b814555b15c210115762fc5b484
5:memory:/docker/4531c6cdf6e13484be06e3615ebf4721c51a0b814555b15c210115762fc5b484
4:blkio:/docker/4531c6cdf6e13484be06e3615ebf4721c51a0b814555b15c210115762fc5b484
3:cpuacct:/docker/4531c6cdf6e13484be06e3615ebf4721c51a0b814555b15c210115762fc5b484
2:cpu:/docker/4531c6cdf6e13484be06e3615ebf4721c51a0b814555b15c210115762fc5b484
1:cpuset:/docker/4531c6cdf6e13484be06e3615ebf4721c51a0b814555b15c210115762fc5b484

Try different docker images

docker run --rm ubuntu:16.04 /bin/sh -c "head -1 /proc/self/cgroup|cut -d/ -f3"
docker run --rm ubuntu:21.04 /bin/sh -c "head -1 /proc/self/cgroup|cut -d/ -f3"

docker run --rm alpine:3.13.2 /bin/sh -c "head -1 /proc/self/cgroup|cut -d/ -f3"

docker run --rm centos:6 /bin/sh -c "head -1 /proc/self/cgroup|cut -d/ -f3"
docker run --rm centos:7 /bin/sh -c "head -1 /proc/self/cgroup|cut -d/ -f3"
docker run --rm centos:8 /bin/sh -c "head -1 /proc/self/cgroup|cut -d/ -f3"

Output:
2996761066b129c02629c0a96d56cb1a87ff07df43b2ce67085e4010ce384c68
d70a6db52902f2cdbed846644beb78ec2d3c10331157ef6caf4a78c74dd60e88
0ce0ba2f7975cd95f9bb9d72929509f5c5c12c6b87ea53a3aa02de2e30001839
745a00b110b7c73656a1ada91351338f1587dde0a39e264143d3b25994f87816
fc92e7ad9102150d1f1314d0b78523054e7ef0115ecf120a2db5ad1b792a6227
6b28b03a20d07c19e2543c6d658721226ffb6ccbccbd162c144377874332bf2e

juanbretti added a commit to juanbretti/py-machineid that referenced this issue Jan 27, 2023
Usual Linux images for Docker containers, does not have the originally listed files.
Following the conversation at denisbrodbeck/machineid#10, I am including the following:
Because `/proc/self/cgroup` seams to not be working on same Docker versions, I am also including `/proc/self/mountinfo`.

Tested on `Python 3.11` running on `Debian GNU/Linux 11 (bullseye)` inside a Docker.
@juanbretti
Copy link

Looks like the /proc/self/cgroup works in most cases.
But there are some where could return nothing.

Take a look at:

Another idea is to extract the system from /proc/self/mountinfo.

Here is a PR with this proposal: keygen-sh/py-machineid#3

ezekg pushed a commit to keygen-sh/py-machineid that referenced this issue Feb 1, 2023
* Add an id for Docker containers

Usual Linux images for Docker containers, does not have the originally listed files.
Following the conversation at denisbrodbeck/machineid#10, I am including the following:
Because `/proc/self/cgroup` seams to not be working on same Docker versions, I am also including `/proc/self/mountinfo`.

Tested on `Python 3.11` running on `Debian GNU/Linux 11 (bullseye)` inside a Docker.

* Included "if 'docker' in mountinfo" for "linux"

Following your review, I made some updates on the patch.

* Update __init__.py

* Fixed the indentation to 2.
* Checked on a Docker container the `if 'docker' in cgroup:` works when the `docker` is not found. Same test with `mountinfo`.
* When the full code does not find an ID raises the following:

`Python 3.11.0 (main, Nov 15 2022, 19:58:01) [GCC 10.2.1 20210110] on linux                                                    
Type "help", "copyright", "credits" or "license" for more information.                                                        
>>> import machineid                                                                                                          
>>> print(machineid.id())                                                                                                     
Traceback (most recent call last):                                                                                            
  File "<stdin>", line 1, in <module>                                                                                         
  File "/usr/local/lib/python3.11/site-packages/machineid/__init__.py", line 90, in id                                        
    raise Exception('failed to obtain id on platform {}'.format(platform))                                                    
Exception: failed to obtain id on platform linux`

* Update __init__.py

Check if `cgroup` and `mountinfo` are not None, before checking if `docker` is inside the file.
To not rise a possible error when is trying to check `if 'docker' in None` (when the file does not exist).
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants