We’ve noticed that Docker image builds have slowed down a lot since our IT team installed Sophos antivirus for Linux. A build which took 5 minutes previously now takes 25 minutes. Disabling the antivirus allows the build to complete in the shorter time again. I’m looking for a way to avoid this.
The systemd service that runs the antivirus is named
sav-protect and the processes that are busy during the docker build are
savscand. These are related to real-time scanning of modified files, not scheduled scans. The slowest part of the build is where Docker copies a directory from one intermediate stage of the build to another. I don’t know where these files are stored since it’s all internal to Docker at that point. My guess is that the large number of small files being copied overwhelms the antivirus and causes the slowdown.
The antivirus is set to run with a niceness of 19 (to avoid slowing down CPU-heavy processes) and IT tell me that our Docker data-root (
/var/lib/docker) where I would expect all Docker file activity to be taking place is excluded from real-time and scheduled scans.
Can someone confirm that files produced during a Docker build are stored in the data-root? Or is there some other path that I need to add to the antivirus exclusion list?
I’m seeking help from Sophos too but it would help to know exactly which paths are used on the host by Docker for intermediate stages during a build.