"bwrap: capset failed: Operation not permitted" when cleaning large pptx files
I'm experiencing some issues when I try to clean large .pptx files.
I get the following error:
web_1 | bwrap: capset failed: Operation not permitted
web_1 | Traceback (most recent call last):
web_1 | File "/usr/local/lib/python3.7/dist-packages/libmat2/exiftool.py", line 29, in get_meta
web_1 | check=True, stdout=subprocess.PIPE).stdout
web_1 | File "/usr/local/lib/python3.7/dist-packages/libmat2/bubblewrap.py", line 106, in run
web_1 | completed_process = subprocess.run(prefix_args + args, **kwargs)
web_1 | File "/usr/lib/python3.7/subprocess.py", line 487, in run
web_1 | output=stdout, stderr=stderr)
web_1 | subprocess.CalledProcessError: Command '['/usr/bin/bwrap', '--ro-bind', '/usr', '/usr', '--ro-bind', '/lib', '/lib', '--ro-bind', '/lib64', '/lib64', '--ro-bind', '/bin', '/bin', '--ro-bind', '/sbin', '/sbin', '--ro-bind', '/etc/alternatives', '/etc/alternatives', '--ro-bind', '/var/www/mat2-web', '/var/www/mat2-web', '--ro-bind', '/etc/ld.so.cache', '/etc/ld.so.cache', '--dev', '/dev', '--proc', '/proc', '--chdir', '/var/www/mat2-web', '--unshare-user-try', '--unshare-ipc', '--unshare-pid', '--unshare-net', '--unshare-uts', '--unshare-cgroup-try', '--new-session', '--cap-drop', 'all', '--ro-bind', '/tmp/tmpo25dkbhr/docProps/thumbnail.jpeg', '/tmp/tmpo25dkbhr/docProps/thumbnail.jpeg', '/usr/bin/exiftool', '-json', '/tmp/tmpo25dkbhr/docProps/thumbnail.jpeg']' returned non-zero exit status 1.
web_1 |
web_1 | During handling of the above exception, another exception occurred:
web_1 |
web_1 | Traceback (most recent call last):
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 2464, in __call__
web_1 | return self.wsgi_app(environ, start_response)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 2450, in wsgi_app
web_1 | response = self.handle_exception(e)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask_cors/extension.py", line 165, in wrapped_function
web_1 | return cors_after_request(app.make_response(f(*args, **kwargs)))
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask_restful/__init__.py", line 272, in error_router
web_1 | return original_handler(e)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 1867, in handle_exception
web_1 | reraise(exc_type, exc_value, tb)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/_compat.py", line 38, in reraise
web_1 | raise value.with_traceback(tb)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 2447, in wsgi_app
web_1 | response = self.full_dispatch_request()
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 1952, in full_dispatch_request
web_1 | rv = self.handle_user_exception(e)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask_cors/extension.py", line 165, in wrapped_function
web_1 | return cors_after_request(app.make_response(f(*args, **kwargs)))
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask_restful/__init__.py", line 272, in error_router
web_1 | return original_handler(e)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 1821, in handle_user_exception
web_1 | reraise(exc_type, exc_value, tb)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/_compat.py", line 38, in reraise
web_1 | raise value.with_traceback(tb)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 1950, in full_dispatch_request
web_1 | rv = self.dispatch_request()
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 1936, in dispatch_request
web_1 | return self.view_functions[rule.endpoint](**req.view_args)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask_restful/__init__.py", line 468, in wrapper
web_1 | resp = resource(*args, **kwargs)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/views.py", line 89, in view
web_1 | return self.dispatch_request(*args, **kwargs)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask_restful/__init__.py", line 583, in dispatch_request
web_1 | resp = meth(*args, **kwargs)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flasgger/utils.py", line 248, in wrapper
web_1 | return function(*args, **kwargs)
web_1 | File "./matweb/rest_api.py", line 120, in post
web_1 | _, _, _, output_filename = utils.cleanup(parser, filepath, current_app.config['UPLOAD_FOLDER'])
web_1 | File "./matweb/utils.py", line 86, in cleanup
web_1 | meta_after = parser.get_meta()
web_1 | File "/usr/local/lib/python3.7/dist-packages/libmat2/archive.py", line 146, in get_meta
web_1 | local_meta = {**local_meta, **member_parser.get_meta()}
web_1 | File "/usr/local/lib/python3.7/dist-packages/libmat2/exiftool.py", line 35, in get_meta
web_1 | raise ValueError
web_1 | ValueError
Cleaning the same file with mat2 is working absolutely fine.
I've tried to disable all bubblewrap calls in mat2, but afterwards I'm getting the following error:
web_1 | b'[{\n "SourceFile": "/tmp/tmphv8su1ih/ppt/media/image10.svg",\n "ExifToolVersion": 11.16,\n "FileName": "image10.svg",\n "Directory": "/tmp/tmphv8su1ih/ppt/media",\n "FileSize": "12 kB",\n "FileModifyDate": "2022:01:05 10:59:26+00:00",\n "FileAccessDate": "2022:01:05 10:59:26+00:00",\n "FileInodeChangeDate": "2022:01:05 10:59:26+00:00",\n "FilePermissions": "r--------",\n "Error": "File format error"\n}]\n'
web_1 | Traceback (most recent call last):
web_1 | File "/usr/local/lib/python3.7/dist-packages/libmat2/exiftool.py", line 27, in get_meta
web_1 | check=True, stdout=subprocess.PIPE).stdout
web_1 | File "/usr/lib/python3.7/subprocess.py", line 487, in run
web_1 | output=stdout, stderr=stderr)
web_1 | subprocess.CalledProcessError: Command '['/usr/bin/exiftool', '-json', '/tmp/tmphv8su1ih/ppt/media/image10.svg']' returned non-zero exit status 1.
web_1 |
web_1 | During handling of the above exception, another exception occurred:
web_1 |
web_1 | Traceback (most recent call last):
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 2464, in __call__
web_1 | return self.wsgi_app(environ, start_response)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 2450, in wsgi_app
web_1 | response = self.handle_exception(e)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask_cors/extension.py", line 165, in wrapped_function
web_1 | return cors_after_request(app.make_response(f(*args, **kwargs)))
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask_restful/__init__.py", line 272, in error_router
web_1 | return original_handler(e)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 1867, in handle_exception
web_1 | reraise(exc_type, exc_value, tb)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/_compat.py", line 38, in reraise
web_1 | raise value.with_traceback(tb)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 2447, in wsgi_app
web_1 | response = self.full_dispatch_request()
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 1952, in full_dispatch_request
web_1 | rv = self.handle_user_exception(e)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask_cors/extension.py", line 165, in wrapped_function
web_1 | return cors_after_request(app.make_response(f(*args, **kwargs)))
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask_restful/__init__.py", line 272, in error_router
web_1 | return original_handler(e)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 1821, in handle_user_exception
web_1 | reraise(exc_type, exc_value, tb)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/_compat.py", line 38, in reraise
web_1 | raise value.with_traceback(tb)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 1950, in full_dispatch_request
web_1 | rv = self.dispatch_request()
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/app.py", line 1936, in dispatch_request
web_1 | return self.view_functions[rule.endpoint](**req.view_args)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask_restful/__init__.py", line 468, in wrapper
web_1 | resp = resource(*args, **kwargs)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask/views.py", line 89, in view
web_1 | return self.dispatch_request(*args, **kwargs)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flask_restful/__init__.py", line 583, in dispatch_request
web_1 | resp = meth(*args, **kwargs)
web_1 | File "/usr/local/lib/python3.7/dist-packages/flasgger/utils.py", line 248, in wrapper
web_1 | return function(*args, **kwargs)
web_1 | File "./matweb/rest_api.py", line 120, in post
web_1 | _, _, _, output_filename = utils.cleanup(parser, filepath, current_app.config['UPLOAD_FOLDER'])
web_1 | File "./matweb/utils.py", line 86, in cleanup
web_1 | meta_after = parser.get_meta()
web_1 | File "/usr/local/lib/python3.7/dist-packages/libmat2/archive.py", line 146, in get_meta
web_1 | local_meta = {**local_meta, **member_parser.get_meta()}
web_1 | File "/usr/local/lib/python3.7/dist-packages/libmat2/images.py", line 40, in get_meta
web_1 | meta = super().get_meta()
web_1 | File "/usr/local/lib/python3.7/dist-packages/libmat2/exiftool.py", line 30, in get_meta
web_1 | raise ValueError
web_1 | ValueError
I'm not quite sure if this error is really produced by mat2-web. But since mat2 is working fine with this file, this seems like the correct place.
BTW: Is it possible that bubblewrap is missing in the production dockerfile? Before adding apt install bubblewrap mat2-web is giving me an error, that bwrap was not found.
Edited by jvoisin