PoC using proot
on Heroku
I maintain the opensource Heroku R buildpack. The process of deploying and running R on Heroku is fairly complex, especially since Heroku doesn't permit apt-get
or anything requiring root
for obvious reasons and runs a very tighly locked down Ubuntu. This has presented some unique challenges, especially since the deploy phase needs to compile packages, so need a full build environment, with further dependencies on for example gfortran, the JDK, Python etc.
Under the cedar-14
stack I managed to work around it but with severe functional restrictions. Under the heroku-16
stack, I managed to hack a fakechroot
to get it working.
Now under the heroku-18
stack Heroku have further locked down the environment so fakechroot
, fakeroot
and chroot
no longer work.
I've been investigating alternatives including udocker
which lead me to proot
which proved promising in my local prototype testing, using the Heroku supplied heroku/heroku:18
and heroku/heroku:18-build
docker images. However when testing on the actual Heroku environment it fails.
Ultimately to execute apt-get install
.
proot error: ptrace(TRACEME): Permission denied
proot error: execve("/bin/sh"): Permission denied
virtualstaticvoid/heroku-proot-poc contains a working project to replicate the issue.
Steps as follows:
- You'll need a Heroku account
git clone https://github.com/virtualstaticvoid/heroku-proot-poc
cd heroku-proot-poc
heroku create --stack heroku-18 --buildpack https://github.com/niteoweb/heroku-buildpack-shell.git
git push heroku master
- Proot/Care version:
5.1.0 - built-in accelerators: process_vm = yes, seccomp_filter = no
- Kernel version:
Linux 4.4.0-1062-aws #66-Ubuntu
- Host distribution: Heroku
heroku-18
stack. See stack packages. - Guest distribution:
ubuntu-18.04-minimal-cloudimg-amd64-root
-----> Running .heroku/run.sh
++ export PATH=./bin:/usr/local/bin:/usr/bin:/bin:/tmp/codon/vendor/bin
++ PATH=./bin:/usr/local/bin:/usr/bin:/bin:/tmp/codon/vendor/bin
++ export LD_LIBRARY_PATH=./lib:
++ LD_LIBRARY_PATH=./lib:
++ export LANG=C.UTF-8
++ LANG=C.UTF-8
++ export TZ=UTC
++ TZ=UTC
++ uname --all
Linux 4a5aec0c-8d8f-43a5-948d-b995adc04e59 4.4.0-1062-aws #66-Ubuntu SMP Thu Jan 30 13:49:40 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
++ proot --version
proot --version
_____ _____ ___
| __ \ __ \_____ _____| |_
| __/ / _ \/ _ \ _|
|__| |__|__\_____/\_____/\____| 5.1.0
built-in accelerators: process_vm = yes, seccomp_filter = no
Visit http://proot.me for help, bug reports, suggestions, patchs, ...
Copyright (C) 2014 STMicroelectronics, licensed under GPL v2 or later.
++ '[' '!' -f ubuntu-18.04-minimal-cloudimg-amd64-root.tar.xz ']'
++ curl -sLO https://cloud-images.ubuntu.com/minimal/releases/bionic/release/ubuntu-18.04-minimal-cloudimg-amd64-root.tar.xz
++ mkdir -p .root-fs
++ cd .root-fs
++ tar -xf ../ubuntu-18.04-minimal-cloudimg-amd64-root.tar.xz --exclude=dev
++ cd ..
++ with_proot /bin/bash -c 'DEBIAN_FRONTEND=noninteractive apt-get update -q'
+++ pwd
++ proot -S .root-fs -b /tmp/build_47d2521fad59fa4369c7b2a640161de1:/app -w /app /bin/bash -c 'DEBIAN_FRONTEND=noninteractive apt-get update -q'
proot error: ptrace(TRACEME): Permission denied
proot error: execve("/bin/bash"): Permission denied
proot info: possible causes:
* the program is a script but its interpreter (eg. /bin/sh) was not found;
* the program is an ELF but its interpreter (eg. ld-linux.so) was not found;
* the program is a foreign binary but qemu was not specified;
* qemu does not work correctly (if specified);
* the loader was not found or doesn't work.
fatal error: see `proot --help`.
proot error: can't chmod '/tmp/proot-96-kaGksX': No such file or directory
MIT License. Copyright (c) 2020 Chris Stefano. See LICENSE for details.