This command is awkward 'docket exec -t vaultwarden sh' , let's just have docker sh vaultwarden already !
from interdimensionalmeme@lemmy.ml to linux@lemmy.ml on 23 Dec 2024 05:00
https://lemmy.ml/post/23913638

I thought this would be hard, but turns out the following oneliner does it, with maybe no sideeffects ?

echo ‘docker() { [ “$1” = “sh” ] && docker exec -it “$2” sh || command docker “$@”; }’ >> ~/.bashrc && source ~/.bashrc

This creates a bash alias for “docker ps” , every other command should run as normal

Now I just need to remember to run this one liner on every single computer I use in the future…

#linux

threaded - newest

biribiri11@lemmy.ml on 23 Dec 2024 05:33 next collapse

Not all docker containers contain a shell binary.. You can still propose an issue to moby, the upstream of docker, though.

interdimensionalmeme@lemmy.ml on 23 Dec 2024 06:16 collapse

How do you go inside those containers and poke around then ?

bjornsno@lemm.ee on 23 Dec 2024 08:09 next collapse

<img alt="That’s the neat thing, you don’t" src="https://lemm.ee/pictrs/image/b3aa4c37-ff2b-4827-8f30-ce74f7d4c567.jpeg">

Jokes aside, you create a custom Dockerfile and copy a statically compiled shell binary.

vinnymac@lemmy.world on 23 Dec 2024 08:58 collapse

Always wondered why this wasn’t automated, from an ergonomics perspective, a command that lets me open a shell could detect that no shell exists, and then do as you said, without me having to lift a finger. It’s not very unix-y, but it could be a sort of plug-in for Docker CLIs.

nous@programming.dev on 23 Dec 2024 10:20 collapse

It does exist with docker debug.

interdimensionalmeme@lemmy.ml on 23 Dec 2024 11:58 collapse

Note

Docker Debug requires a Pro, Team, or Business subcription.

I don’t know if that applies to me but big yikes!

nous@programming.dev on 23 Dec 2024 13:39 collapse

Oh, misses that bit… Seems there is a third party plugin that does something similar.

vinnymac@lemmy.world on 24 Dec 2024 13:50 collapse

Now that is more what I had in mind! I’ll definitely be using this, thanks

nous@programming.dev on 23 Dec 2024 10:14 collapse

Generally speaking you shouldn’t be poking around running containers. It is rare that I have ever needed to do that. If you want to inspect the contents of an image then tools like dive are helpful. If the container produces some useful output that you might need then put that into a volume, you can then mount that volume to a debug/inspect container to read the files without messing around with the rest of the container.

Shell-less containers are a great security feature - it is extremely hard to get a reverse shell on something that does not have any shell. And if you must have a shell to debug something docker already has a feature for that docker debug which works for shell-less containers as well.

NegativeLookBehind@lemmy.world on 23 Dec 2024 05:38 next collapse

dit="docker exec -it $@"

Seems more flexible to me. Also, you shouldn’t give functions or variables the same names as binaries.

gamma@programming.dev on 24 Dec 2024 02:53 collapse

The “$@” doesn’t do that you think it does in an alias. It gets expanded on alias creation.

NegativeLookBehind@lemmy.world on 26 Dec 2024 18:21 collapse

Actually it works exactly as I intended it to

ryannathans@aussie.zone on 23 Dec 2024 06:03 next collapse

Oof freebsd has spoilt me, the equivalent would be appjail login vaultwarden

danielquinn@lemmy.ca on 23 Dec 2024 07:51 next collapse

This is an excellent idea. Fortunately you’re not the first to have it ;-)

You should look into alias.

propter_hog@hexbear.net on 24 Dec 2024 19:26 collapse

Side note: how do you like running vaultwarden? Was thinking about using it.

interdimensionalmeme@lemmy.ml on 24 Dec 2024 20:03 collapse

Seems fine used it a few times so far. It works. Very easy to setup. I want to try keepass before I choose. Keepass has a more “foss flavour”

propter_hog@hexbear.net on 24 Dec 2024 21:09 collapse

Yeah, that’s the same crossroads I’m at. Currently using Proton Pass, and I like it, but it’s inherently closed. Security by obscurity is part of their m.o.

interdimensionalmeme@lemmy.ml on 24 Dec 2024 21:35 collapse

Anything that stops working when I shut off the internet is a hardpass for me