Setup: Docker (Optional)

Your local docker may not be perfect!

Our grading will be performed using the container running on the server. Thus we strongly recommend that you always check your assignments using the container on the server before the submission. This would ensure consistency and avoid any discrepancies during the grading process. ls

This local docker setup would be convenient than connecting to the remote server. No need to suffer from slow connection, no need to compete the computing resources with your classmates. If you want to run the docker on your own computer, you can set up a Docker environment by following the instructions below. Please note that this local Docker setup is optional and you don't have to set this up. All the assignments can be done with the remote server.

1. Install Docker

The very first thing is to install Docker on your local machine. Follow the appropriate installation guide for your operating system:

• Windows: Docker Desktop for Windows
• Mac: Docker Desktop for Mac
• Linux: Docker Engine for Linux

After finising to install Docker on your machine, it's important to verify that Docker is installed correctly. You can do this by checking the Docker version installed on your system. Open a terminal (Command Prompt or PowerShell on Windows, Terminal on Mac/Linux) and run the following command:

$ docker -v

This command should return the version number of Docker installed on your machine. For example:

Docker version 24.0.7, build afdd53b4e3

If the version number is displayed like above (you don't need to have the same version), your Docker is ready to be used. If you encounter any error or the docker -v command is not recognized, please review the installation steps to ensure Docker was installed correctly.

Privilege configuration to run Docker without sudo (Only Mac/Linux)

For Windows Users

This configuration is only required for Mac and Linux users. If your operating system is Windows, you can skip this and move forward to Docker Container

If your operating system is either Mac or Linux, you need to configure docker to run with root privileges. In order to avoid running sudo every time you run the Docker commands, you can configure Docker to be used by a non-root user. Here’s how:

1. Create the Docker Group

   Create a Docker group if it doesn’t already exist:

   $ sudo groupadd docker

2. Add Your User to the Docker Group

   Add your user to the Docker group:

   $ sudo usermod -aG docker $USER

   Replace $USER with your actual username if you are not logged in as the user for whom you want to grant Docker permissions. For example, if your username is compsec (as shown by echo $(whoami)), you can run sudo usermod -aG docker compsec.

3. Activate the Changes to Groups

   Log out and log back in to ensure the group membership is re-evaluated, or you can use the following command:

   $ newgrp docker

4. Verify Docker Without sudo

   To verify that your user can run Docker commands without sudo, run following commands:

   $ docker ps
   $ docker run --rm hello-world
   $ docker rmi hello-world

   If everything is set up correctly, you should see a result similar to the following:

   $ docker ps
   CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
   $ docker run --rm hello-world
   Unable to find image 'hello-world:latest' locally
   latest: Pulling from library/hello-world
   c1ec31eb5944: Pull complete
   Digest: sha256:53cc4d415d839c98be39331c948609b659ed725170ad2ca8eb36951288f81b75
   Status: Downloaded newer image for hello-world:latest
   
   Hello from Docker!
   This message shows that your installation appears to be working correctly.
   
   ... (continued) ...
   
   For more examples and ideas, visit:
    https://docs.docker.com/get-started/
   
   $ docker rmi hello-world
   Untagged: hello-world:latest
   Untagged: hello-world@sha256:53cc4d415d839c98be39331c948609b659ed725170ad2ca8eb36951288f81b75
   Deleted: sha256:d2c94e258dcb3c5ac2798d32e1249e42ef01cba4841c2234249495f87264ac5a
   Deleted: sha256:ac28800ec8bb38d5c35b49d45a6ac4777544941199075dff8c4eb63e093aa81e

2. Create and Run the Docker Container

1. Download the Dockerfile

   First, create a new directory on your local machine where you will store the Dockerfile and any other related files. For example:

   $ mkdir class-compsec
   $ cd class-compsec

   Next, download the Dockerfile into this directory. You can download this by the Dockerfile directly into the class-compsec-2024 folder, or running the curl command as follows.

   $ curl https://compsec.snu.ac.kr/class/systems-programming/files/Dockerfile > Dockerfile

2. Build the Docker Image

   In the same directory which contains the downloaded Dockerfile, run the following command to build the Docker image:

   $ docker build -t class-compsec-image .

   You will need to wait several minutes to build the docker image. Note that your Docker image name is class-compsec-image.

   Once your build is complete, you can check if the image is ready using the command, docker images.

   $ docker images
   REPOSITORY            TAG       IMAGE ID       CREATED          SIZE
   class-compsec-image   latest    79316392266b   14 minutes ago   795MB
   warning

   Do not forget to append the dot at the end of docker build!

3. Create and Run the Docker Container

   Once the image is built, you can create and run a container. The command below, docker run, runs the container and opens the port 22 for the SSH access.

   $ docker run -d --name class-compsec-container --init --cpus="4" --memory="8g" -p 22222:22 --security-opt seccomp=unconfined --privileged class-compsec-image
   info

   -p 22222:22 in the command above to bind the port 22222 (of your locale machine) to the port 22 (of the docker container).

   Resource limits on Docker

   The docker run command above limits the container to use 4 CPU cores (--cpus="4") and 8 GB memory (--memory="8g"). Note that the storage limit is unnecessary.

   To check that your container is running, run the command docker ps -a.

   $ docker ps -a
   CONTAINER ID   IMAGE                 COMMAND                   CREATED         STATUS         PORTS                   NAMES
   4c93ea1deb49   class-compsec-image   "sudo /usr/sbin/sshd…"   5 seconds ago   Up 4 seconds   0.0.0.0:22222->22/tcp   class-compsec-container

   The output shows that your docker image class-compsec-image is running as the docker container name class-compsec-container. PORTS section further shows that the port 22222 (of your machine) is bound with the port 22 (of the docker container).

4. Access the Container

   To access the shell of your running container, run the following command:

   $ ssh -p 22222 compsec@localhost

   The initial password is compsec. If you get connected, then you can check its id and Ubuntu version information as follows.

   compsec@4c93ea1deb49:~$ id
   uid=1000(compsec) gid=1000(compsec) groups=1000(compsec),27(sudo)
   
   compsec@4c93ea1deb49:~$ lsb_release -a
   No LSB modules are available.
   Distributor ID: Ubuntu
   Description:    Ubuntu 22.04.4 LTS
   Release:        22.04
   Codename:       jammy

5. Stopping and Removing the Container

   To stop the container:

   $ docker stop class-compsec-container

   To remove the container after stopping it:

   $ docker rm class-compsec-container

About Dockerfile

info

You don't need to understand this About Dockerfile section. This section is only for students who want to understand the technical details behind how the docker image is constructed.

As mentioned above, we provide the Dockerfile for you to easily set up your local Docker environment. Specifically, this Dockerfile sets up an Ubuntu 22.04 environment with essential development tools, SSH server, and other utilities required for your assignments.

If you look inside the Dockerfile, its content is as follows.

# Use the official Ubuntu 22.04 as the base image
FROM ubuntu:22.04

# Update the package list and install sudo
RUN apt-get update \
 && apt-get install -y sudo

# Ensure sudo has the correct permissions
RUN chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo

# Create a new user 'compsec' and add it to the sudo group
RUN adduser --disabled-password --gecos '' compsec
RUN echo "compsec:compsec" | chpasswd
RUN adduser compsec sudo
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

# Switch to the 'compsec' user and set the working directory
USER compsec
WORKDIR /home/compsec
ARG DEBIAN_FRONTEND=noninteractive

# Add 32-bit architecture support
RUN sudo dpkg --add-architecture i386

# Update apt sources to use the Daum Kakao mirror
RUN sudo sed -i 's/archive.ubuntu.com/ftp.daumkakao.com/g' /etc/apt/sources.list
RUN sudo sed -i 's/security.ubuntu.com/ftp.daumkakao.com/g' /etc/apt/sources.list

# Update and upgrade the system, and install necessary packages
RUN sudo apt-get update && sudo apt-get upgrade -y
RUN sudo apt-get install openssh-server -y
RUN sudo apt-get install build-essential gcc g++ vim git -y
RUN sudo apt-get install libtool automake bison libglib2.0-dev -y
RUN sudo apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386 -y
RUN sudo apt-get install gdb -y
RUN sudo apt-get install gcc flex bison libncurses-dev libelf-dev libssl-dev qemu -y
RUN sudo apt-get install python-is-python3 git libssl-dev libffi-dev build-essential libcapstone-dev -y
RUN sudo apt-get install net-tools curl netcat -y

# Enable password authentication in SSH
RUN sudo sed -i 's/#PasswordAuthentication/PasswordAuthentication/' /etc/ssh/sshd_config
RUN sudo mkdir /run/sshd

# Start the SSH server
CMD ["sudo", "/usr/sbin/sshd", "-D"]

More to read

• A docker tutorial for beginners