Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

syft does not find anything in archives if /tmp is a tmpfs #2894

Closed
martinetd opened this issue May 23, 2024 · 1 comment · Fixed by #2918
Closed

syft does not find anything in archives if /tmp is a tmpfs #2894

martinetd opened this issue May 23, 2024 · 1 comment · Fixed by #2918
Assignees
@wagoodman @willmurphyscode
Labels
bug Something isn't working

Comments

@martinetd
Copy link

What happened:

Running syft scan someimage.tar doesn't find anything on my system with /tmp mounted as tmpfs

What you expected to happen:

It should work as expected

Steps to reproduce the issue:

# if not already a tmpfs
sudo mount -t tmpfs tmpfs /tmp
# get any random archive
curl -O https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/x86_64/alpine-minirootfs-3.20.0-x86_64.tar.gz
# run syft
syft alpine-minirootfs-3.20.0-x86_64.tar.gz
 ✔ Indexed file system                                          /tmp/syft-archive-contents-1080653417
 ✔ Cataloged contents                f7dc00a9fa83e70f0940486a37761faa850ed8d67ebc24a3fb6e93c832dca43d
   ├── ✔ Packages                        [0 packages]  
   └── ✔ Executables                     [0 executables]  
No packages discovered

Anything else we need to know?:

Patching the exclusion for tmpfs obviously works:

diff --git a/syft/internal/fileresolver/directory_indexer.go b/syft/internal/fileresolver/directory_indexer.go
index 92495ab77a36..bf0c1354303e 100644
--- a/syft/internal/fileresolver/directory_indexer.go
+++ b/syft/internal/fileresolver/directory_indexer.go
@@ -485,7 +485,7 @@ func keepUnixSystemMountPaths(infos []*mountinfo.Info) []string {
 		//     - tmpfs - used for /dev in special instances (within a container)
 
 		switch info.FSType {
-		case "proc", "procfs", "sysfs", "devfs", "devtmpfs", "udev", "tmpfs":
+		case "proc", "procfs", "sysfs", "devfs", "devtmpfs", "udev":
 			log.WithFields("mountpoint", info.Mountpoint).Debug("ignoring system mountpoint")
 
 			mountPaths = append(mountPaths, info.Mountpoint)

I guess these would make sense when running syft on a live container, but perhaps we should make sure we're not ignoring the filesystem that contains the scan target?
In the archive case, it's extracting the archive to /tmp/syft-archive-contents-foobar so I'd assume we get that /tmp path somewhere as "scan target", and that should always be allowed.
Anything below (e.g. if /tmp/syft-archive-contents-foobar/tmp) can be ignored as currently done.

Not sure how to do that properly so opening issue first; this can be worked around by running syft in a container so it doesn't see that /tmp is a tmpfs so there is no urgence.

Environment:

  • Output of syft version: master
  • OS (e.g: cat /etc/os-release or similar): linux
@martinetd martinetd added the bug Something isn't working label May 23, 2024
This was referenced May 23, 2024
Closed
Closed
@willmurphyscode willmurphyscode self-assigned this May 28, 2024
@willmurphyscode willmurphyscode mentioned this issue May 31, 2024
Merged
@wagoodman wagoodman self-assigned this Jun 3, 2024
@martinetd
Copy link
Author

Thanks!

@BrewTestBot BrewTestBot mentioned this issue Jun 10, 2024
Merged
@popey popey mentioned this issue Aug 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wagoodman wagoodman

@willmurphyscode willmurphyscode

Labels
bug Something isn't working
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: skip tmpfs mounts only for select paths anchore/syft
3 participants
@wagoodman @martinetd @willmurphyscode