I'm trying to build a container image (privileged) with HEAD from today, which results in the following error:
$ docker run --privileged --rm -it -v $(pwd)/:/app -w /app foo.bar/tools/img:4555214 build .
Building :latest
Setting up the rootfs... this may take a bit.
INFO[0000] resolving docker.io/tonistiigi/copy@sha256:476e0a67a1e4650c6adaf213269a2913deb7c52cbc77f954026f769d51e1a14e
INFO[0000] resolving foo.bar/base/openjre:stable@sha256:82c9b96a039c57e5c9ac22b842de2ab91325d74b8f579c2724ad9e83372d9765
INFO[0000] resolving foo.bar/build/gradle:v2.14.1-8u151-jdk-alpine3.7@sha256:5f24ce66c3995c18ed1b91f3eba5344ab489ad1bd676b8a44580d9a8a123d379
INFO[0002] unpacking docker.io/tonistiigi/copy@sha256:476e0a67a1e4650c6adaf213269a2913deb7c52cbc77f954026f769d51e1a14e
solving failed: failed to prepare extraction snapshot "extract-755639425-kXql sha256:c4151b5a5de5b7e272b2b6a3a4518c980d6e7f580f39c85370330a1bff5821f1": copying of parent failed: failed to copy xattrs: failed to set xattr "security.selinux" on /tmp/img/runc/naive/snapshots/snapshots/new-590228964/bin/copy: operation not supported
core@ip-10-43-129-95 ~ $ docker info
Containers: 26
Running: 25
Paused: 0
Stopped: 1
Images: 12
Server Version: 17.09.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0
runc version: 3f2f8b84a77f73d38244dd690525642a72156c64
init version: v0.13.2 (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
seccomp
Profile: default
selinux
Kernel Version: 4.14.16-coreos
Operating System: Container Linux by CoreOS 1632.2.1 (Ladybug)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.792GiB
Name: ip-10-43-129-95.eu-central-1.compute.internal
ID: KQRT:YD45:RZMK:2UAQ:SKEM:6OIZ:RLCT:Q64P:KQNQ:M5XQ:BNL7:U7B3
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
core@ip-10-43-129-95 ~ $ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mcs
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
If I don't mount the directory, but clone from within the img-container, the error is somewhat different:
$ docker run --privileged --rm -it --entrypoint sh foo.bar/tools/img:4555214
/ # git clone https://foo.bar/demo.git
Cloning into 'demo'...
remote: Counting objects: 1476, done.
remote: Compressing objects: 100% (592/592), done.
remote: Total 1476 (delta 487), reused 1334 (delta 375)
Receiving objects: 100% (1476/1476), 216.86 KiB | 9.43 MiB/s, done.
Resolving deltas: 100% (487/487), done.
/ # cd demo/
/demo # img build .
Building :latest
Setting up the rootfs... this may take a bit.
INFO[0000] resolving docker.io/tonistiigi/copy@sha256:476e0a67a1e4650c6adaf213269a2913deb7c52cbc77f954026f769d51e1a14e
INFO[0000] resolving foo.bar/base/openjre:stable@sha256:82c9b96a039c57e5c9ac22b842de2ab91325d74b8f579c2724ad9e83372d9765
INFO[0000] resolving foo.bar/build/gradle:v2.14.1-8u151-jdk-alpine3.7@sha256:5f24ce66c3995c18ed1b91f3eba5344ab489ad1bd676b8a44580d9a8a123d379
INFO[0002] unpacking foo.bar/base/openjre:stable@sha256:82c9b96a039c57e5c9ac22b842de2ab91325d74b8f579c2724ad9e83372d9765
INFO[0002] unpacking docker.io/tonistiigi/copy@sha256:476e0a67a1e4650c6adaf213269a2913deb7c52cbc77f954026f769d51e1a14e
INFO[0002] Apply failure, attempting cleanup error="mount callback failed on /tmp/containerd-mount849212772: context canceled" key="extract-434175501-XUXU sha256:cd7100a72410606589a54b932cabd804a17f9ae5b42a1882bd56d263e02b6215"
WARN[0003] Extraction snapshot "extract-434175501-XUXU sha256:cd7100a72410606589a54b932cabd804a17f9ae5b42a1882bd56d263e02b6215" removal failed error="context canceled"
solving failed: failed to prepare extraction snapshot "extract-576675886-sWxZ sha256:c4151b5a5de5b7e272b2b6a3a4518c980d6e7f580f39c85370330a1bff5821f1": copying of parent failed: failed to copy xattrs: failed to set xattr "security.selinux" on /tmp/img/runc/naive/snapshots/snapshots/new-452528669/bin/copy: operation not supported