Giter Site home page Giter Site logo

Comments (12)

AkihiroSuda avatar AkihiroSuda commented on August 19, 2024

We need to wait for opencontainers/runc#1693 or use ptrace hack.

Please refer to README for further info

from img.

jbeda avatar jbeda commented on August 19, 2024

Ah! I asssumed that r.j3ss.co/img already had a hacked runc in there to work around the setgroup issue.

from img.

jessfraz avatar jessfraz commented on August 19, 2024

from img.

jessfraz avatar jessfraz commented on August 19, 2024

We actually not with that one with the other one... I'll do them all tho later

from img.

AkihiroSuda avatar AkihiroSuda commented on August 19, 2024

@jessfraz
you can use this branch
https://github.com/AkihiroSuda/runc/commits/demo-rootless

from img.

AkihiroSuda avatar AkihiroSuda commented on August 19, 2024

or this tag: https://github.com/AkihiroSuda/runc/tree/demo-rootless.20180116-0
(commits are same; using tag rather than branch would be more deterministic)

from img.

jbeda avatar jbeda commented on August 19, 2024

We actually not with that one with the other one... I'll do them all tho later

I'm not sure which one you are talking about... but I just tried with your new image and I'm seeing the same behavior. I'm a bit confused still about what patches y'all are talking about and the necessary setup for those to work. But I'll let y'all figure this out. @jessfraz if this is being tracked in a different place feel free to close this issue.

from img.

jessfraz avatar jessfraz commented on August 19, 2024

I'm going to make some k8s examples and carry the patches on my flight this afternoon, sorry was doing saturday things :)

from img.

jessfraz avatar jessfraz commented on August 19, 2024

then we can work out all the rough edges, I also hope that then we can help with them testing this upstream (re comment here: moby/moby#32925 (comment)) I know the last time the builder in docker was replaced we had to test a lot to find the weird bashisms that broke and odd bugs in the old builder that were being used as features, etc

from img.

AkihiroSuda avatar AkihiroSuda commented on August 19, 2024

seems closable now?

from img.

ccremer avatar ccremer commented on August 19, 2024

I'm having a similar issue (Operation not permitted), but only when trying to use a different state directory (need build cache with PVC):

apiVersion: batch/v1
kind: Job
metadata:
  name: img-build
  namespace: amze-2029
spec:
  template:
    metadata:
      annotations:
        container.apparmor.security.beta.kubernetes.io/build: unconfined
        container.seccomp.security.alpha.kubernetes.io/build: unconfined
    spec:
      initContainers:
      - name: git-clone
        image: r.j3ss.co/img:v0.5.7
        command:
        - /bin/sh
        args:
        - -c
        - git clone https://github.com/amazeeio/drupal-example.git
        workingDir: /home/user/src
        volumeMounts:
        - mountPath: /home/user/src
          name: src
      containers:
      - name: build
        image: r.j3ss.co/img:v0.5.7
        command:
        - /bin/sh
        args:
        - -c
        - >
          id &&
          echo "RUN apk add --no-cache tcpdump" >> drupal-example/lagoon/php.dockerfile &&
          img build -s /tmp -t registry.ch-gva-2.exo.appuio.ch/amze-2029/drupal-example:latest -f drupal-example/lagoon/php.dockerfile
          --build-arg CLI_IMAGE=registry.ch-gva-2.exo.appuio.ch/amze-2029/drupal-example:cli drupal-example &&
          img push -s /tmp registry.ch-gva-2.exo.appuio.ch/amze-2029/drupal-example:latest
        securityContext:
        #   privileged: true
          #runAsUser: 1000
          #runAsGroup: 0
          procMount: Unmasked
        workingDir: /home/user/src
        volumeMounts:
        - mountPath: /home/user/src
          name: src
        - mountPath: /tmp
          name: cache
        - mountPath: /home/user/.docker/config.json
          subPath: config.json
          name: registries
      restartPolicy: Never
      volumes:
      - name: src
        emptyDir: {}
      - name: cache
        persistentVolumeClaim:
          claimName: img-cache
      - name: registries
        secret:
          secretName: regcred
          items:
          - key: .dockerconfigjson
            path: config.json
  backoffLimit: 0

log excerpt:

#7 sha256:831a6d750410aeacea063fbe7db0e87c626b3019ae8f56be0c9aefd3d6b8af76 14.71MB / 14.71MB done

#7 unpacking registry.ch-gva-2.exo.appuio.ch/amze-2029/drupal-example:cli@sha256:14630f6378aa48eb2e32bcdffafc5c6eec8d49dca50d4b50f89cd61db8c40195

time="2020-03-12T18:35:32Z" level=info msg="apply failure, attempting cleanup" error="failed to extract layer sha256:77cae8ab23bf486355d1b3191259705374f4a11d483b24964d2f729dd8c076a0: mount callback failed on /run/user/1000/containerd-mount827883887: lchown /run/user/1000/containerd-mount827883887/etc/shadow: operation not permitted" key="extract-844920920-8DtT sha256:77cae8ab23bf486355d1b3191259705374f4a11d483b24964d2f729dd8c076a0"

time="2020-03-12T18:35:32Z" level=info msg="apply failure, attempting cleanup" error="failed to extract layer sha256:77cae8ab23bf486355d1b3191259705374f4a11d483b24964d2f729dd8c076a0: mount callback failed on /run/user/1000/containerd-mount475060601: context canceled" key="extract-88219689-NE5W sha256:77cae8ab23bf486355d1b3191259705374f4a11d483b24964d2f729dd8c076a0"

#6 ...

I started trying different parameters (was using /cache before /tmp) and also played with the securityContext user/group ids, but to no avail.
Kubernetes is v1.14.9-eks-502bfb

from img.

exherb avatar exherb commented on August 19, 2024

some issue here.

from img.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.