Comments (6)
Dear Almet,
Thank you very much for your response! So at least I know, that this is not a "local problem" on my Mac. ;-)
I tried to reproduce the steps you mentioned, but it looks different on my machine:
lasse@mac:/Users/lasse ▶ /Applications/Dangerzone.app/Contents/MacOS/dangerzone-cli ~/Downloads/bloomsbury.pdf
╭──────────────────────────╮
│ ▄██▄ │
│ ██████ │
│ ███▀▀▀██ │
│ ███ ████ │
│ ███ ██████ │
│ ███ ▀▀▀▀████ │
│ ███████ ▄██████ │
│ ███████ ▄█████████ │
│ ████████████████████ │
│ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ │
│ │
│ Dangerzone v0.7.0 │
│ https://dangerzone.rocks │
╰──────────────────────────╯
Assigning ID 'srb-PA' to doc '/Users/lasse/Downloads/bloomsbury.pdf'
Converting document to safe PDF
> /opt/homebrew/bin/docker run --security-opt=no-new-privileges:true --security-opt seccomp=/Applications/Dangerzone.app/Contents/Resources/share/seccomp.gvisor.json --cap-drop all --cap-add SYS_CHROOT --network=none -u dangerzone --rm -i --name dangerzone-doc-to-pixels-srb-PA dangerzone.rocks/dangerzone /usr/bin/python3 -m dangerzone.conversion.doc_to_pixels
ERROR [doc srb-PA] 0% Unspecified error
Failed to convert document(s)
/Users/lasse/Downloads/bloomsbury.pdf /0,5s
lasse@mac:/Users/lasse ▶ /opt/homebrew/bin/docker run --security-opt=no-new-privileges:true --security-opt seccomp=/Applications/Dangerzone.app/Contents/Resources/share/seccomp.gvisor.json --cap-drop all --cap-add SYS_CHROOT --network=none -u dangerzone --rm -i --name dangerzone-doc-to-pixels-srb-PA dangerzone.rocks/dangerzone /usr/bin/python3 -m dangerzone.conversion.doc_to_pixels
running container: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF /0,2s
lasse@mac:/Users/lasse ▶ colima version
colima version 0.6.9
git commit: c3a31ed05f5fab8b2cdbae835198e8fb1717fd0f
runtime: docker
arch: aarch64
client: v27.0.3
server: v24.0.9 /0,1s
from dangerzone.
Hi @sudwhiwdh. Uhm, this is actually not expected, so could you perhaps start a new issue and share some logs there? Unlike Colima, Podman in Fedora 40 is a supported configuration, and I'd like to learn more.
from dangerzone.
Hi Lasse, thanks for opening this issue.
Colima is unfortunately currently not supported and we do not test Dangerzone with it at the moment.
We are aware of the licensing problems tied with the use of Docker Desktop tough, and have a specific issue for discussing its replacement #118, and colima is one of the options!
That being said, I reproduced locally your error, in order to better understand what is going on. On an Apple silicon M1 machine with the following commands, I reproduced the issue.
Let me detail the steps here, because getting the actual error is currently not straightforward.
Versions
Just putting here the colima version in case it is not the same.
$ colima version
colima version 0.6.9
git commit: c3a31ed05f5fab8b2cdbae835198e8fb1717fd0f
runtime: docker
arch: aarch64
client: v26.1.3
server: v26.1.1
Especially important to check that the architecture is aarch64
, since colima can also run with rosetta enabled (which we don't want in our case).
Reproducing the issue
Here is how I start colima
$ colima start --cpu 4 --memory 8 --arch arm64
Starting Dangerzone 0.7.0
and doing a conversion resulted in an error, so I ran it via the cli:
/Applications/Dangerzone.app/Contents/MacOS/dangerzone-cli ~/Downloads/picture.jpg
, which outputs an unspecified error
and the docker command used:
/opt/homebrew/bin/docker run --security-opt=no-new-privileges:true --cap-drop all --cap-add SYS_CHROOT --network=none -u dangerzone --rm -i --name dangerzone-doc-to-pixels-NjuD3m dangerzone.rocks/dangerzone /usr/bin/python3 -m dangerzone.conversion.doc_to_pixels
Running this manually got me the actual error:
Error executing inside namespace: re-executing self: fork/exec /proc/self/exe: operation not permitted
The issue
This seems related to the use of gVisor (introduced in the latest release), and the change in seccomp policies that went with it.
This has bitten us before in the past, see #846 for a similar case, and the way we detect if we have to specify a seccomp file ourselves is by looking at the docker version
number.
Specifying the path to the seccomp policy, like we do for older versions of Docker Desktop, by adding this to the docker run
invocation:
--security-opt seccomp=/Applications/Dangerzone.app//Contents/Resources/share/seccomp.gvisor.json
Which unfortunately brings us another error message:
running container: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF
I'm not sure why the gVisor container doesn't run in this setup.
from dangerzone.
Adding the SC_DEBUG=1
environment variable to the docker run invocation with -e SC_DEBUG=1
got me some more logs:
Details
$ /opt/homebrew/bin/docker run -e RUNSC_DEBUG=1 --security-opt=no-new-privileges:true --security-opt seccomp=/Users/alexis/Desktop/seccomp.gvisor.json --cap-drop all --cap-add SYS_CHROOT --network=none -u dangerzone --rm -i --name dangerzone-doc-to-pixels-NjuD3m dangerzone.rocks/dangerzone /usr/bin/python3 -m dangerzone.conversion.doc_to_pixels
Invoked with command: /usr/bin/python3 -m dangerzone.conversion.doc_to_pixels
Command inside gVisor sandbox: ['/usr/bin/python3', '-m', 'dangerzone.conversion.doc_to_pixels']
OCI config:
{
"hostname": "dangerzone",
"linux": {
"namespaces": [
{
"type": "pid"
},
{
"type": "network"
},
{
"type": "ipc"
},
{
"type": "uts"
},
{
"type": "mount"
}
]
},
"mounts": [
{
"destination": "/proc",
"source": "proc",
"type": "proc"
},
{
"destination": "/dev",
"options": [
"nosuid",
"noexec",
"nodev"
],
"source": "tmpfs",
"type": "tmpfs"
},
{
"destination": "/sys",
"options": [
"nosuid",
"noexec",
"nodev",
"ro"
],
"source": "tmpfs",
"type": "tmpfs"
},
{
"destination": "/tmp",
"options": [
"nosuid",
"noexec",
"nodev"
],
"source": "tmpfs",
"type": "tmpfs"
},
{
"destination": "/home/dangerzone",
"options": [
"nosuid",
"noexec",
"nodev"
],
"source": "tmpfs",
"type": "tmpfs"
},
{
"destination": "/usr/lib/libreoffice/share/extensions/",
"options": [
"nosuid",
"noexec",
"nodev"
],
"source": "tmpfs",
"type": "tmpfs"
}
],
"ociVersion": "1.0.0",
"process": {
"args": [
"/usr/bin/python3",
"-m",
"dangerzone.conversion.doc_to_pixels"
],
"capabilities": {
"bounding": [],
"effective": [],
"inheritable": [],
"permitted": []
},
"cwd": "/",
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"PYTHONPATH=/opt/dangerzone",
"TERM=xterm"
],
"rlimits": [
{
"hard": 4096,
"soft": 4096,
"type": "RLIMIT_NOFILE"
}
],
"user": {
"gid": 1000,
"uid": 1000
}
},
"root": {
"path": "rootfs",
"readonly": true
}
}
Running gVisor with command line: /usr/bin/runsc --rootless=true --network=none --root=/home/dangerzone/.containers --debug=true --alsologtostderr=true run --bundle=/home/dangerzone/dangerzone-image dangerzone
I0711 12:29:49.279379 7 main.go:192] **************** gVisor ****************
I0711 12:29:49.279421 7 main.go:193] Version release-20240624.0, go1.22.0 X:nocoverageredesign, arm64, 4 CPUs, linux, PID 7, PPID 1, UID 1000, GID 1000
D0711 12:29:49.279435 7 main.go:194] Page size: 0x1000 (4096 bytes)
I0711 12:29:49.279445 7 main.go:195] Args: [/usr/bin/runsc --rootless=true --network=none --root=/home/dangerzone/.containers --debug=true --alsologtostderr=true run --bundle=/home/dangerzone/dangerzone-image dangerzone]
I0711 12:29:49.279461 7 config.go:410] Platform: systrap
I0711 12:29:49.279476 7 config.go:411] RootDir: /home/dangerzone/.containers
I0711 12:29:49.279481 7 config.go:412] FileAccess: exclusive / Directfs: true / Overlay: root:self
I0711 12:29:49.279497 7 config.go:413] Network: none
I0711 12:29:49.279507 7 config.go:415] Debug: true. Strace: false, max size: 1024, syscalls:
D0711 12:29:49.279515 7 config.go:433] Config.RootDir (--root): /home/dangerzone/.containers
D0711 12:29:49.279530 7 config.go:433] Config.Traceback (--traceback): system
D0711 12:29:49.279537 7 config.go:433] Config.Debug (--debug): true
D0711 12:29:49.279543 7 config.go:433] Config.LogFilename (--log): (empty)
D0711 12:29:49.279551 7 config.go:433] Config.LogFormat (--log-format): text
D0711 12:29:49.279555 7 config.go:433] Config.DebugLog (--debug-log): (empty)
D0711 12:29:49.279559 7 config.go:433] Config.DebugToUserLog (--debug-to-user-log): false
D0711 12:29:49.279567 7 config.go:433] Config.DebugCommand (--debug-command): (empty)
D0711 12:29:49.279570 7 config.go:433] Config.PanicLog (--panic-log): (empty)
D0711 12:29:49.279574 7 config.go:433] Config.CoverageReport (--coverage-report): (empty)
D0711 12:29:49.279587 7 config.go:433] Config.DebugLogFormat (--debug-log-format): text
D0711 12:29:49.279591 7 config.go:433] Config.FileAccess (--file-access): exclusive
D0711 12:29:49.279595 7 config.go:433] Config.FileAccessMounts (--file-access-mounts): shared
D0711 12:29:49.279600 7 config.go:433] Config.Overlay (--overlay): false
D0711 12:29:49.279604 7 config.go:433] Config.Overlay2 (--overlay2): root:self
D0711 12:29:49.279609 7 config.go:433] Config.FSGoferHostUDS (--fsgofer-host-uds): false
D0711 12:29:49.279612 7 config.go:433] Config.HostUDS (--host-uds): none
D0711 12:29:49.279620 7 config.go:433] Config.HostFifo (--host-fifo): none
D0711 12:29:49.279626 7 config.go:433] Config.Network (--network): none
D0711 12:29:49.279630 7 config.go:433] Config.EnableRaw (--net-raw): false
D0711 12:29:49.279634 7 config.go:433] Config.AllowPacketEndpointWrite (--TESTONLY-allow-packet-endpoint-write): false
D0711 12:29:49.279639 7 config.go:433] Config.HostGSO (--gso): true
D0711 12:29:49.279643 7 config.go:433] Config.GVisorGSO (--software-gso): true
D0711 12:29:49.279651 7 config.go:433] Config.GVisorGRO (--gvisor-gro): false
D0711 12:29:49.279655 7 config.go:433] Config.TXChecksumOffload (--tx-checksum-offload): false
D0711 12:29:49.279659 7 config.go:433] Config.RXChecksumOffload (--rx-checksum-offload): true
D0711 12:29:49.279663 7 config.go:433] Config.QDisc (--qdisc): fifo
D0711 12:29:49.279672 7 config.go:433] Config.LogPackets (--log-packets): false
D0711 12:29:49.279679 7 config.go:433] Config.PCAP (--pcap-log): (empty)
D0711 12:29:49.279690 7 config.go:433] Config.Platform (--platform): systrap
D0711 12:29:49.279694 7 config.go:433] Config.PlatformDevicePath (--platform_device_path): (empty)
D0711 12:29:49.279697 7 config.go:433] Config.MetricServer (--metric-server): (empty)
D0711 12:29:49.279701 7 config.go:433] Config.ProfilingMetrics (--profiling-metrics): (empty)
D0711 12:29:49.279712 7 config.go:433] Config.ProfilingMetricsLog (--profiling-metrics-log): (empty)
D0711 12:29:49.279718 7 config.go:433] Config.ProfilingMetricsRate (--profiling-metrics-rate-us): 1000
D0711 12:29:49.279722 7 config.go:433] Config.Strace (--strace): false
D0711 12:29:49.279725 7 config.go:433] Config.StraceSyscalls (--strace-syscalls): (empty)
D0711 12:29:49.279729 7 config.go:433] Config.StraceLogSize (--strace-log-size): 1024
D0711 12:29:49.279737 7 config.go:433] Config.StraceEvent (--strace-event): false
D0711 12:29:49.279747 7 config.go:435] Config.DisableSeccomp: false
D0711 12:29:49.279756 7 config.go:433] Config.EnableCoreTags (--enable-core-tags): false
D0711 12:29:49.279764 7 config.go:433] Config.WatchdogAction (--watchdog-action): logWarning
D0711 12:29:49.279772 7 config.go:433] Config.PanicSignal (--panic-signal): -1
D0711 12:29:49.279782 7 config.go:433] Config.ProfileEnable (--profile): false
D0711 12:29:49.279786 7 config.go:433] Config.ProfileBlock (--profile-block): (empty)
D0711 12:29:49.279789 7 config.go:433] Config.ProfileCPU (--profile-cpu): (empty)
D0711 12:29:49.279802 7 config.go:433] Config.ProfileHeap (--profile-heap): (empty)
D0711 12:29:49.279806 7 config.go:433] Config.ProfileMutex (--profile-mutex): (empty)
D0711 12:29:49.279809 7 config.go:433] Config.TraceFile (--trace): (empty)
D0711 12:29:49.279817 7 config.go:433] Config.NumNetworkChannels (--num-network-channels): 1
D0711 12:29:49.279821 7 config.go:433] Config.NetworkProcessorsPerChannel (--network-processors-per-channel): 0
D0711 12:29:49.279876 7 config.go:433] Config.Rootless (--rootless): true
D0711 12:29:49.279884 7 config.go:433] Config.AlsoLogToStderr (--alsologtostderr): true
D0711 12:29:49.279889 7 config.go:433] Config.ReferenceLeak (--ref-leak-mode): disabled
D0711 12:29:49.279894 7 config.go:433] Config.CPUNumFromQuota (--cpu-num-from-quota): false
D0711 12:29:49.279898 7 config.go:433] Config.AllowFlagOverride (--allow-flag-override): false
D0711 12:29:49.279918 7 config.go:433] Config.OCISeccomp (--oci-seccomp): false
D0711 12:29:49.279936 7 config.go:433] Config.IgnoreCgroups (--ignore-cgroups): false
D0711 12:29:49.279940 7 config.go:433] Config.SystemdCgroup (--systemd-cgroup): false
D0711 12:29:49.279944 7 config.go:433] Config.PodInitConfig (--pod-init-config): (empty)
D0711 12:29:49.279948 7 config.go:433] Config.BufferPooling (--buffer-pooling): true
D0711 12:29:49.279951 7 config.go:433] Config.XDP (--EXPERIMENTAL-xdp): {0 }
D0711 12:29:49.279961 7 config.go:433] Config.AFXDPUseNeedWakeup (--EXPERIMENTAL-xdp-need-wakeup): true
D0711 12:29:49.279965 7 config.go:433] Config.FDLimit (--fdlimit): -1
D0711 12:29:49.280061 7 config.go:433] Config.DCache (--dcache): -1
D0711 12:29:49.280065 7 config.go:433] Config.IOUring (--iouring): false
D0711 12:29:49.280085 7 config.go:433] Config.DirectFS (--directfs): true
D0711 12:29:49.280100 7 config.go:433] Config.NVProxy (--nvproxy): false
D0711 12:29:49.280104 7 config.go:433] Config.NVProxyDocker (--nvproxy-docker): false
D0711 12:29:49.280108 7 config.go:433] Config.NVProxyDriverVersion (--nvproxy-driver-version): (empty)
D0711 12:29:49.280112 7 config.go:433] Config.TPUProxy (--tpuproxy): false
D0711 12:29:49.280115 7 config.go:433] Config.TestOnlyAllowRunAsCurrentUserWithoutChroot (--TESTONLY-unsafe-nonroot): false
D0711 12:29:49.280119 7 config.go:433] Config.TestOnlyTestNameEnv (--TESTONLY-test-name-env): (empty)
D0711 12:29:49.280123 7 config.go:433] Config.TestOnlyAFSSyscallPanic (--TESTONLY-afs-syscall-panic): false
D0711 12:29:49.280136 7 config.go:435] Config.explicitlySet: <map[string]struct {} Value> (unexported)
D0711 12:29:49.280145 7 config.go:433] Config.ReproduceNAT (--reproduce-nat): false
D0711 12:29:49.280161 7 config.go:433] Config.ReproduceNftables (--reproduce-nftables): false
D0711 12:29:49.280166 7 config.go:433] Config.NetDisconnectOk (--net-disconnect-ok): false
D0711 12:29:49.280170 7 config.go:433] Config.TestOnlyAutosaveImagePath (--TESTONLY-autosave-image-path): (empty)
D0711 12:29:49.280174 7 config.go:433] Config.TestOnlyAutosaveResume (--TESTONLY-autosave-resume): false
I0711 12:29:49.280178 7 main.go:197] **************** gVisor ****************
I0711 12:29:49.280258 7 namespace.go:251] *** Re-running as root in new user namespace ***
I0711 12:29:49.291997 12 main.go:192] **************** gVisor ****************
I0711 12:29:49.292030 12 main.go:193] Version release-20240624.0, go1.22.0 X:nocoverageredesign, arm64, 4 CPUs, linux, PID 12, PPID 7, UID 0, GID 0
D0711 12:29:49.292041 12 main.go:194] Page size: 0x1000 (4096 bytes)
I0711 12:29:49.292049 12 main.go:195] Args: [/proc/self/exe --rootless=true --network=none --root=/home/dangerzone/.containers --debug=true --alsologtostderr=true run --bundle=/home/dangerzone/dangerzone-image dangerzone]
I0711 12:29:49.292062 12 config.go:410] Platform: systrap
I0711 12:29:49.292075 12 config.go:411] RootDir: /home/dangerzone/.containers
I0711 12:29:49.292080 12 config.go:412] FileAccess: exclusive / Directfs: true / Overlay: root:self
I0711 12:29:49.292090 12 config.go:413] Network: none
I0711 12:29:49.292097 12 config.go:415] Debug: true. Strace: false, max size: 1024, syscalls:
D0711 12:29:49.292103 12 config.go:433] Config.RootDir (--root): /home/dangerzone/.containers
D0711 12:29:49.292140 12 config.go:433] Config.Traceback (--traceback): system
D0711 12:29:49.292151 12 config.go:433] Config.Debug (--debug): true
D0711 12:29:49.292155 12 config.go:433] Config.LogFilename (--log): (empty)
D0711 12:29:49.292160 12 config.go:433] Config.LogFormat (--log-format): text
D0711 12:29:49.292163 12 config.go:433] Config.DebugLog (--debug-log): (empty)
D0711 12:29:49.292167 12 config.go:433] Config.DebugToUserLog (--debug-to-user-log): false
D0711 12:29:49.292171 12 config.go:433] Config.DebugCommand (--debug-command): (empty)
D0711 12:29:49.292174 12 config.go:433] Config.PanicLog (--panic-log): (empty)
D0711 12:29:49.292178 12 config.go:433] Config.CoverageReport (--coverage-report): (empty)
D0711 12:29:49.292190 12 config.go:433] Config.DebugLogFormat (--debug-log-format): text
D0711 12:29:49.292211 12 config.go:433] Config.FileAccess (--file-access): exclusive
D0711 12:29:49.292219 12 config.go:433] Config.FileAccessMounts (--file-access-mounts): shared
D0711 12:29:49.292223 12 config.go:433] Config.Overlay (--overlay): false
D0711 12:29:49.292227 12 config.go:433] Config.Overlay2 (--overlay2): root:self
D0711 12:29:49.292231 12 config.go:433] Config.FSGoferHostUDS (--fsgofer-host-uds): false
D0711 12:29:49.292235 12 config.go:433] Config.HostUDS (--host-uds): none
D0711 12:29:49.292243 12 config.go:433] Config.HostFifo (--host-fifo): none
D0711 12:29:49.292247 12 config.go:433] Config.Network (--network): none
D0711 12:29:49.292252 12 config.go:433] Config.EnableRaw (--net-raw): false
D0711 12:29:49.292255 12 config.go:433] Config.AllowPacketEndpointWrite (--TESTONLY-allow-packet-endpoint-write): false
D0711 12:29:49.292259 12 config.go:433] Config.HostGSO (--gso): true
D0711 12:29:49.292263 12 config.go:433] Config.GVisorGSO (--software-gso): true
D0711 12:29:49.292266 12 config.go:433] Config.GVisorGRO (--gvisor-gro): false
D0711 12:29:49.292270 12 config.go:433] Config.TXChecksumOffload (--tx-checksum-offload): false
D0711 12:29:49.292274 12 config.go:433] Config.RXChecksumOffload (--rx-checksum-offload): true
D0711 12:29:49.292277 12 config.go:433] Config.QDisc (--qdisc): fifo
D0711 12:29:49.292282 12 config.go:433] Config.LogPackets (--log-packets): false
D0711 12:29:49.292289 12 config.go:433] Config.PCAP (--pcap-log): (empty)
D0711 12:29:49.292292 12 config.go:433] Config.Platform (--platform): systrap
D0711 12:29:49.292296 12 config.go:433] Config.PlatformDevicePath (--platform_device_path): (empty)
D0711 12:29:49.292299 12 config.go:433] Config.MetricServer (--metric-server): (empty)
D0711 12:29:49.292303 12 config.go:433] Config.ProfilingMetrics (--profiling-metrics): (empty)
D0711 12:29:49.292307 12 config.go:433] Config.ProfilingMetricsLog (--profiling-metrics-log): (empty)
D0711 12:29:49.292314 12 config.go:433] Config.ProfilingMetricsRate (--profiling-metrics-rate-us): 1000
D0711 12:29:49.292320 12 config.go:433] Config.Strace (--strace): false
D0711 12:29:49.292323 12 config.go:433] Config.StraceSyscalls (--strace-syscalls): (empty)
D0711 12:29:49.292327 12 config.go:433] Config.StraceLogSize (--strace-log-size): 1024
D0711 12:29:49.292331 12 config.go:433] Config.StraceEvent (--strace-event): false
D0711 12:29:49.292334 12 config.go:435] Config.DisableSeccomp: false
D0711 12:29:49.292341 12 config.go:433] Config.EnableCoreTags (--enable-core-tags): false
D0711 12:29:49.292346 12 config.go:433] Config.WatchdogAction (--watchdog-action): logWarning
D0711 12:29:49.292351 12 config.go:433] Config.PanicSignal (--panic-signal): -1
D0711 12:29:49.292355 12 config.go:433] Config.ProfileEnable (--profile): false
D0711 12:29:49.292359 12 config.go:433] Config.ProfileBlock (--profile-block): (empty)
D0711 12:29:49.292362 12 config.go:433] Config.ProfileCPU (--profile-cpu): (empty)
D0711 12:29:49.292473 12 config.go:433] Config.ProfileHeap (--profile-heap): (empty)
D0711 12:29:49.292487 12 config.go:433] Config.ProfileMutex (--profile-mutex): (empty)
D0711 12:29:49.292491 12 config.go:433] Config.TraceFile (--trace): (empty)
D0711 12:29:49.292495 12 config.go:433] Config.NumNetworkChannels (--num-network-channels): 1
D0711 12:29:49.292499 12 config.go:433] Config.NetworkProcessorsPerChannel (--network-processors-per-channel): 0
D0711 12:29:49.292503 12 config.go:433] Config.Rootless (--rootless): true
D0711 12:29:49.292506 12 config.go:433] Config.AlsoLogToStderr (--alsologtostderr): true
D0711 12:29:49.292512 12 config.go:433] Config.ReferenceLeak (--ref-leak-mode): disabled
D0711 12:29:49.292518 12 config.go:433] Config.CPUNumFromQuota (--cpu-num-from-quota): false
D0711 12:29:49.292521 12 config.go:433] Config.AllowFlagOverride (--allow-flag-override): false
D0711 12:29:49.292571 12 config.go:433] Config.OCISeccomp (--oci-seccomp): false
D0711 12:29:49.292589 12 config.go:433] Config.IgnoreCgroups (--ignore-cgroups): false
D0711 12:29:49.292613 12 config.go:433] Config.SystemdCgroup (--systemd-cgroup): false
D0711 12:29:49.292625 12 config.go:433] Config.PodInitConfig (--pod-init-config): (empty)
D0711 12:29:49.292637 12 config.go:433] Config.BufferPooling (--buffer-pooling): true
D0711 12:29:49.292715 12 config.go:433] Config.XDP (--EXPERIMENTAL-xdp): {0 }
D0711 12:29:49.292739 12 config.go:433] Config.AFXDPUseNeedWakeup (--EXPERIMENTAL-xdp-need-wakeup): true
D0711 12:29:49.292754 12 config.go:433] Config.FDLimit (--fdlimit): -1
D0711 12:29:49.292772 12 config.go:433] Config.DCache (--dcache): -1
D0711 12:29:49.292806 12 config.go:433] Config.IOUring (--iouring): false
D0711 12:29:49.292819 12 config.go:433] Config.DirectFS (--directfs): true
D0711 12:29:49.292832 12 config.go:433] Config.NVProxy (--nvproxy): false
D0711 12:29:49.292937 12 config.go:433] Config.NVProxyDocker (--nvproxy-docker): false
D0711 12:29:49.293018 12 config.go:433] Config.NVProxyDriverVersion (--nvproxy-driver-version): (empty)
D0711 12:29:49.293045 12 config.go:433] Config.TPUProxy (--tpuproxy): false
D0711 12:29:49.293057 12 config.go:433] Config.TestOnlyAllowRunAsCurrentUserWithoutChroot (--TESTONLY-unsafe-nonroot): false
D0711 12:29:49.293068 12 config.go:433] Config.TestOnlyTestNameEnv (--TESTONLY-test-name-env): (empty)
D0711 12:29:49.293081 12 config.go:433] Config.TestOnlyAFSSyscallPanic (--TESTONLY-afs-syscall-panic): false
D0711 12:29:49.293108 12 config.go:435] Config.explicitlySet: <map[string]struct {} Value> (unexported)
D0711 12:29:49.293160 12 config.go:433] Config.ReproduceNAT (--reproduce-nat): false
D0711 12:29:49.293216 12 config.go:433] Config.ReproduceNftables (--reproduce-nftables): false
D0711 12:29:49.293255 12 config.go:433] Config.NetDisconnectOk (--net-disconnect-ok): false
D0711 12:29:49.293268 12 config.go:433] Config.TestOnlyAutosaveImagePath (--TESTONLY-autosave-image-path): (empty)
D0711 12:29:49.293296 12 config.go:433] Config.TestOnlyAutosaveResume (--TESTONLY-autosave-resume): false
I0711 12:29:49.293337 12 main.go:197] **************** gVisor ****************
W0711 12:29:49.294105 12 specutils.go:129] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
D0711 12:29:49.294271 12 specutils.go:91] Spec:
{
"ociVersion": "1.0.0",
"process": {
"user": {
"uid": 1000,
"gid": 1000
},
"args": [
"/usr/bin/python3",
"-m",
"dangerzone.conversion.doc_to_pixels"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"PYTHONPATH=/opt/dangerzone",
"TERM=xterm"
],
"cwd": "/",
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 4096,
"soft": 4096
}
]
},
"root": {
"path": "/home/dangerzone/dangerzone-image/rootfs",
"readonly": true
},
"hostname": "dangerzone",
"mounts": [
{
"destination": "/proc",
"type": "proc",
"source": "/home/dangerzone/dangerzone-image/proc"
},
{
"destination": "/dev",
"type": "tmpfs",
"source": "/home/dangerzone/dangerzone-image/tmpfs",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys",
"type": "tmpfs",
"source": "/home/dangerzone/dangerzone-image/tmpfs",
"options": [
"nosuid",
"noexec",
"nodev",
"ro"
]
},
{
"destination": "/tmp",
"type": "tmpfs",
"source": "/home/dangerzone/dangerzone-image/tmpfs",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/home/dangerzone",
"type": "tmpfs",
"source": "/home/dangerzone/dangerzone-image/tmpfs",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/usr/lib/libreoffice/share/extensions/",
"type": "tmpfs",
"source": "/home/dangerzone/dangerzone-image/tmpfs",
"options": [
"nosuid",
"noexec",
"nodev"
]
}
],
"linux": {
"namespaces": [
{
"type": "pid"
},
{
"type": "network"
},
{
"type": "ipc"
},
{
"type": "uts"
},
{
"type": "mount"
}
]
}
}
D0711 12:29:49.294534 12 container.go:542] Run container, cid: dangerzone, rootDir: "/home/dangerzone/.containers"
D0711 12:29:49.294582 12 container.go:198] Create container, cid: dangerzone, rootDir: "/home/dangerzone/.containers"
D0711 12:29:49.294688 12 container.go:1771] Configuring container with a new userns with identity user mappings into current userns
D0711 12:29:49.294763 12 container.go:1827] UID Mappings:
D0711 12:29:49.294807 12 container.go:1829] Container ID: 0, Host ID: 0, Range Length: 1
D0711 12:29:49.294847 12 container.go:1827] GID Mappings:
D0711 12:29:49.294862 12 container.go:1829] Container ID: 0, Host ID: 0, Range Length: 1
D0711 12:29:49.295067 12 container.go:260] Creating new sandbox for container, cid: dangerzone
D0711 12:29:49.295143 12 cgroup.go:428] New cgroup for pid: self, *cgroup.cgroupV2: &{Mountpoint:/sys/fs/cgroup Path:/dangerzone Controllers:[cpuset cpu io memory hugetlb pids rdma misc] Own:[]}
D0711 12:29:49.295215 12 cgroup_v2.go:132] Installing cgroup path "/sys/fs/cgroup/dangerzone"
D0711 12:29:49.295276 12 cgroup_v2.go:177] Deleting cgroup "/sys/fs/cgroup/dangerzone"
W0711 12:29:49.295314 12 container.go:1741] Skipping cgroup configuration in rootless mode: open /sys/fs/cgroup/cgroup.subtree_control: read-only file system
I0711 12:29:49.295528 12 namespace.go:202] Mapping host uid 0 to container uid 0 (size=1)
I0711 12:29:49.295556 12 namespace.go:210] Mapping host gid 0 to container gid 0 (size=1)
D0711 12:29:49.295576 12 donation.go:31] Donating FD 3: "/home/dangerzone/dangerzone-image/config.json"
D0711 12:29:49.297315 12 donation.go:31] Donating FD 4: "|1"
D0711 12:29:49.297340 12 donation.go:31] Donating FD 5: "gofer IO FD"
D0711 12:29:49.297353 12 container.go:1339] Starting gofer: /proc/self/exe [runsc-gofer --rootless=true --alsologtostderr=true --root=/home/dangerzone/.containers --debug=true --network=none gofer --bundle /home/dangerzone/dangerzone-image --gofer-mount-confs=lisafs:none --spec-fd=3 --mounts-fd=4 --io-fds=5]
I0711 12:29:49.298407 12 container.go:1343] Gofer started, PID: 23
I0711 12:29:49.298519 12 sandbox.go:745] Failed to set RLIMIT_MEMLOCK: operation not permitted
D0711 12:29:49.298700 12 sandbox.go:87] Attempting to create socket file "/home/dangerzone/.containers/runsc-dangerzone.sock"
D0711 12:29:49.298779 12 sandbox.go:90] Using socket file "/home/dangerzone/.containers/runsc-dangerzone.sock"
I0711 12:29:49.298798 12 sandbox.go:845] Control socket path: "/home/dangerzone/.containers/runsc-dangerzone.sock"
I0711 12:29:49.298849 12 sandbox.go:892] Sandbox will be started in new mount, IPC and UTS namespaces
I0711 12:29:49.298869 12 sandbox.go:902] Sandbox will be started in the current PID namespace
I0711 12:29:49.298887 12 sandbox.go:926] Sandbox will be started in new network namespace
I0711 12:29:49.298937 12 sandbox.go:943] Sandbox will be started in container's user namespace: {Type:user Path:}
I0711 12:29:49.298972 12 namespace.go:202] Mapping host uid 0 to container uid 0 (size=1)
I0711 12:29:49.298986 12 namespace.go:210] Mapping host gid 0 to container gid 0 (size=1)
I0711 12:29:49.299055 12 sandbox.go:973] Sandbox will be started in minimal chroot
D0711 12:29:49.299196 12 donation.go:31] Donating FD 3: "sandbox IO FD"
D0711 12:29:49.299218 12 donation.go:31] Donating FD 4: "|0"
D0711 12:29:49.299229 12 donation.go:31] Donating FD 5: "|1"
D0711 12:29:49.299240 12 donation.go:31] Donating FD 6: "control_server_socket"
D0711 12:29:49.299260 12 donation.go:31] Donating FD 7: "/home/dangerzone/dangerzone-image/config.json"
D0711 12:29:49.299272 12 donation.go:31] Donating FD 8: "/dev/stdin"
D0711 12:29:49.299283 12 donation.go:31] Donating FD 9: "/dev/stdout"
D0711 12:29:49.299323 12 donation.go:31] Donating FD 10: "/dev/stderr"
D0711 12:29:49.299334 12 sandbox.go:1167] Starting sandbox: /proc/self/exe [runsc-sandbox --debug=true --network=none --rootless=true --alsologtostderr=true --root=/home/dangerzone/.containers boot --bundle=/home/dangerzone/dangerzone-image --gofer-mount-confs=lisafs:none --apply-caps=true --setup-root --total-host-memory 8308547584 --total-memory 8308547584 --attached --io-fds=3 --dev-io-fd=-1 --mounts-fd=4 --start-sync-fd=5 --controller-fd=6 --spec-fd=7 --stdio-fds=8 --stdio-fds=9 --stdio-fds=10 dangerzone]
D0711 12:29:49.299366 12 sandbox.go:1168] SysProcAttr: &{Chroot: Credential:0x4000374120 Ptrace:false Setsid:true Setpgid:false Setctty:false Noctty:false Ctty:0 Foreground:false Pgid:0 Pdeathsig:killed Cloneflags:0 Unshareflags:0 UidMappings:[{ContainerID:0 HostID:0 Size:1}] GidMappings:[{ContainerID:0 HostID:0 Size:1}] GidMappingsEnableSetgroups:false AmbientCaps:[] UseCgroupFD:false CgroupFD:0 PidFD:<nil>}
I0711 12:29:49.300290 12 sandbox.go:1196] Sandbox started, PID: 28
I0711 12:29:49.308992 28 main.go:192] **************** gVisor ****************
I0711 12:29:49.309018 28 main.go:193] Version release-20240624.0, go1.22.0 X:nocoverageredesign, arm64, 4 CPUs, linux, PID 28, PPID 12, UID 0, GID 0
D0711 12:29:49.309027 28 main.go:194] Page size: 0x1000 (4096 bytes)
I0711 12:29:49.309035 28 main.go:195] Args: [runsc-sandbox --debug=true --network=none --rootless=true --alsologtostderr=true --root=/home/dangerzone/.containers boot --bundle=/home/dangerzone/dangerzone-image --gofer-mount-confs=lisafs:none --apply-caps=true --setup-root --total-host-memory 8308547584 --total-memory 8308547584 --attached --io-fds=3 --dev-io-fd=-1 --mounts-fd=4 --start-sync-fd=5 --controller-fd=6 --spec-fd=7 --stdio-fds=8 --stdio-fds=9 --stdio-fds=10 dangerzone]
I0711 12:29:49.309057 28 config.go:410] Platform: systrap
I0711 12:29:49.309075 28 config.go:411] RootDir: /home/dangerzone/.containers
I0711 12:29:49.309080 28 config.go:412] FileAccess: exclusive / Directfs: true / Overlay: root:self
I0711 12:29:49.309087 28 config.go:413] Network: none
I0711 12:29:49.309094 28 config.go:415] Debug: true. Strace: false, max size: 1024, syscalls:
D0711 12:29:49.309100 28 config.go:433] Config.RootDir (--root): /home/dangerzone/.containers
D0711 12:29:49.309109 28 config.go:433] Config.Traceback (--traceback): system
D0711 12:29:49.309115 28 config.go:433] Config.Debug (--debug): true
D0711 12:29:49.309119 28 config.go:433] Config.LogFilename (--log): (empty)
D0711 12:29:49.309123 28 config.go:433] Config.LogFormat (--log-format): text
D0711 12:29:49.309127 28 config.go:433] Config.DebugLog (--debug-log): (empty)
D0711 12:29:49.309130 28 config.go:433] Config.DebugToUserLog (--debug-to-user-log): false
D0711 12:29:49.309134 28 config.go:433] Config.DebugCommand (--debug-command): (empty)
D0711 12:29:49.309137 28 config.go:433] Config.PanicLog (--panic-log): (empty)
D0711 12:29:49.309141 28 config.go:433] Config.CoverageReport (--coverage-report): (empty)
D0711 12:29:49.309149 28 config.go:433] Config.DebugLogFormat (--debug-log-format): text
D0711 12:29:49.309154 28 config.go:433] Config.FileAccess (--file-access): exclusive
D0711 12:29:49.309159 28 config.go:433] Config.FileAccessMounts (--file-access-mounts): shared
D0711 12:29:49.309163 28 config.go:433] Config.Overlay (--overlay): false
D0711 12:29:49.309167 28 config.go:433] Config.Overlay2 (--overlay2): root:self
D0711 12:29:49.309171 28 config.go:433] Config.FSGoferHostUDS (--fsgofer-host-uds): false
D0711 12:29:49.309176 28 config.go:433] Config.HostUDS (--host-uds): none
D0711 12:29:49.309182 28 config.go:433] Config.HostFifo (--host-fifo): none
D0711 12:29:49.309187 28 config.go:433] Config.Network (--network): none
D0711 12:29:49.309191 28 config.go:433] Config.EnableRaw (--net-raw): false
D0711 12:29:49.309195 28 config.go:433] Config.AllowPacketEndpointWrite (--TESTONLY-allow-packet-endpoint-write): false
D0711 12:29:49.309198 28 config.go:433] Config.HostGSO (--gso): true
D0711 12:29:49.309202 28 config.go:433] Config.GVisorGSO (--software-gso): true
D0711 12:29:49.309206 28 config.go:433] Config.GVisorGRO (--gvisor-gro): false
D0711 12:29:49.309209 28 config.go:433] Config.TXChecksumOffload (--tx-checksum-offload): false
D0711 12:29:49.309213 28 config.go:433] Config.RXChecksumOffload (--rx-checksum-offload): true
D0711 12:29:49.309216 28 config.go:433] Config.QDisc (--qdisc): fifo
D0711 12:29:49.309221 28 config.go:433] Config.LogPackets (--log-packets): false
D0711 12:29:49.309227 28 config.go:433] Config.PCAP (--pcap-log): (empty)
D0711 12:29:49.309231 28 config.go:433] Config.Platform (--platform): systrap
D0711 12:29:49.309234 28 config.go:433] Config.PlatformDevicePath (--platform_device_path): (empty)
D0711 12:29:49.309238 28 config.go:433] Config.MetricServer (--metric-server): (empty)
D0711 12:29:49.309241 28 config.go:433] Config.ProfilingMetrics (--profiling-metrics): (empty)
D0711 12:29:49.309245 28 config.go:433] Config.ProfilingMetricsLog (--profiling-metrics-log): (empty)
D0711 12:29:49.309249 28 config.go:433] Config.ProfilingMetricsRate (--profiling-metrics-rate-us): 1000
D0711 12:29:49.309271 28 config.go:433] Config.Strace (--strace): false
D0711 12:29:49.309281 28 config.go:433] Config.StraceSyscalls (--strace-syscalls): (empty)
D0711 12:29:49.309285 28 config.go:433] Config.StraceLogSize (--strace-log-size): 1024
D0711 12:29:49.309289 28 config.go:433] Config.StraceEvent (--strace-event): false
D0711 12:29:49.309293 28 config.go:435] Config.DisableSeccomp: false
D0711 12:29:49.309299 28 config.go:433] Config.EnableCoreTags (--enable-core-tags): false
D0711 12:29:49.309306 28 config.go:433] Config.WatchdogAction (--watchdog-action): logWarning
D0711 12:29:49.309311 28 config.go:433] Config.PanicSignal (--panic-signal): -1
D0711 12:29:49.309314 28 config.go:433] Config.ProfileEnable (--profile): false
D0711 12:29:49.309318 28 config.go:433] Config.ProfileBlock (--profile-block): (empty)
D0711 12:29:49.309322 28 config.go:433] Config.ProfileCPU (--profile-cpu): (empty)
D0711 12:29:49.309328 28 config.go:433] Config.ProfileHeap (--profile-heap): (empty)
D0711 12:29:49.309332 28 config.go:433] Config.ProfileMutex (--profile-mutex): (empty)
D0711 12:29:49.309336 28 config.go:433] Config.TraceFile (--trace): (empty)
D0711 12:29:49.309339 28 config.go:433] Config.NumNetworkChannels (--num-network-channels): 1
D0711 12:29:49.309346 28 config.go:433] Config.NetworkProcessorsPerChannel (--network-processors-per-channel): 0
D0711 12:29:49.309350 28 config.go:433] Config.Rootless (--rootless): true
D0711 12:29:49.309354 28 config.go:433] Config.AlsoLogToStderr (--alsologtostderr): true
D0711 12:29:49.309358 28 config.go:433] Config.ReferenceLeak (--ref-leak-mode): disabled
D0711 12:29:49.309362 28 config.go:433] Config.CPUNumFromQuota (--cpu-num-from-quota): false
D0711 12:29:49.309370 28 config.go:433] Config.AllowFlagOverride (--allow-flag-override): false
D0711 12:29:49.309373 28 config.go:433] Config.OCISeccomp (--oci-seccomp): false
D0711 12:29:49.309377 28 config.go:433] Config.IgnoreCgroups (--ignore-cgroups): false
D0711 12:29:49.309380 28 config.go:433] Config.SystemdCgroup (--systemd-cgroup): false
D0711 12:29:49.309384 28 config.go:433] Config.PodInitConfig (--pod-init-config): (empty)
D0711 12:29:49.309388 28 config.go:433] Config.BufferPooling (--buffer-pooling): true
D0711 12:29:49.309392 28 config.go:433] Config.XDP (--EXPERIMENTAL-xdp): {0 }
D0711 12:29:49.309401 28 config.go:433] Config.AFXDPUseNeedWakeup (--EXPERIMENTAL-xdp-need-wakeup): true
D0711 12:29:49.309405 28 config.go:433] Config.FDLimit (--fdlimit): -1
D0711 12:29:49.309425 28 config.go:433] Config.DCache (--dcache): -1
D0711 12:29:49.309443 28 config.go:433] Config.IOUring (--iouring): false
D0711 12:29:49.309454 28 config.go:433] Config.DirectFS (--directfs): true
D0711 12:29:49.309464 28 config.go:433] Config.NVProxy (--nvproxy): false
D0711 12:29:49.309478 28 config.go:433] Config.NVProxyDocker (--nvproxy-docker): false
D0711 12:29:49.309492 28 config.go:433] Config.NVProxyDriverVersion (--nvproxy-driver-version): (empty)
D0711 12:29:49.309502 28 config.go:433] Config.TPUProxy (--tpuproxy): false
D0711 12:29:49.309519 28 config.go:433] Config.TestOnlyAllowRunAsCurrentUserWithoutChroot (--TESTONLY-unsafe-nonroot): false
D0711 12:29:49.309530 28 config.go:433] Config.TestOnlyTestNameEnv (--TESTONLY-test-name-env): (empty)
D0711 12:29:49.309541 28 config.go:433] Config.TestOnlyAFSSyscallPanic (--TESTONLY-afs-syscall-panic): false
D0711 12:29:49.309555 28 config.go:435] Config.explicitlySet: <map[string]struct {} Value> (unexported)
D0711 12:29:49.309573 28 config.go:433] Config.ReproduceNAT (--reproduce-nat): false
D0711 12:29:49.309585 28 config.go:433] Config.ReproduceNftables (--reproduce-nftables): false
D0711 12:29:49.309595 28 config.go:433] Config.NetDisconnectOk (--net-disconnect-ok): false
D0711 12:29:49.309606 28 config.go:433] Config.TestOnlyAutosaveImagePath (--TESTONLY-autosave-image-path): (empty)
D0711 12:29:49.309616 28 config.go:433] Config.TestOnlyAutosaveResume (--TESTONLY-autosave-resume): false
I0711 12:29:49.309628 28 main.go:197] **************** gVisor ****************
I0711 12:29:49.309756 28 boot.go:258] Setting product_name: "Apple Virtualization Generic Platform"
W0711 12:29:49.310324 28 specutils.go:129] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
I0711 12:29:49.310360 28 chroot.go:91] Setting up sandbox chroot in "/tmp"
W0711 12:29:49.310395 28 util.go:64] FATAL ERROR: error setting up chroot: error converting mounts: permission denied
error setting up chroot: error converting mounts: permission denied
D0711 12:29:49.311084 12 sandbox.go:1278] Destroying sandbox "dangerzone"
D0711 12:29:49.311139 12 sandbox.go:1287] Killing sandbox "dangerzone"
D0711 12:29:49.311184 12 container.go:776] Destroy container, cid: dangerzone
D0711 12:29:49.311531 12 container.go:1087] Killing gofer for container, cid: dangerzone, PID: 23
W0711 12:29:49.311585 12 util.go:64] FATAL ERROR: running container: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF
running container: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF
W0711 12:29:49.311644 12 main.go:227] Failure to execute command, err: 1
gVisor quit with exit code: 128
The interesting part being at the very end:
W0711 12:29:49.310324 28 specutils.go:129] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
I0711 12:29:49.310360 28 chroot.go:91] Setting up sandbox chroot in "/tmp"
W0711 12:29:49.310395 28 util.go:64] FATAL ERROR: error setting up chroot: error converting mounts: permission denied
error setting up chroot: error converting mounts: permission denied
from dangerzone.
When converting any documents with Dangerzone 0.7.0 under Fedora 40, I always get the same error message “Unspecified error”. There is probably no connection, even if the error message is the same, right?
from dangerzone.
@LasseKrache can you also run the following command:
/opt/homebrew/bin/docker run -e RUNSC_DEBUG=1 --security-opt seccomp=/Applications/Dangerzone.app/Contents/Resources/share/seccomp.gvisor.json --security-opt=no-new-privileges:true --security-opt seccomp=/Applications/Dangerzone.app/Contents/Resources/share/seccomp.gvisor.json --cap-drop all --cap-add SYS_CHROOT --network=none -u dangerzone --rm -i --name dangerzone-doc-to-pixels-srb-PA dangerzone.rocks/dangerzone /usr/bin/python3 -m dangerzone.conversion.doc_to_pixels
(I've added these arguments: -e RUNSC_DEBUG=1 --security-opt seccomp=/Applications/Dangerzone.app/Contents/Resources/share/seccomp.gvisor.json
)
from dangerzone.
Related Issues (20)
- Confusion on installing dangerzone on whonix-workstation in virtualbox HOT 3
- Dangerzone help message printed when we open the Dangerzone app via the CLI in macOS
- Include Apple Silicon container image in our release assets
- Request: Support for STL files HOT 3
- Make PyMuPDF always log to stderr
- Handle cases when LibreOffice hangs HOT 2
- SELinux in enforcing mode breaks nested gVisor container HOT 4
- If container bootstrapping fails, Dangerzone GUI should inform user HOT 1
- Make `dev_scripts/env.py` more explicit about the artifacts it uses
- GUI v2: Implement the new Dangerzone GUI designs
- GUI v2: Footer
- GUI v2: Welcome page
- GUI v2: Alert popup HOT 2
- GUI v2: Default settings HOT 1
- GUI v2: Document pop-up
- GUI v2: Document row
- GUI v2: Drag-and-drop interface
- GUI v2: Document conversion interface
- GUI v2: MVP
- Ignore CVE-2024-5171 from security scans HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dangerzone.