Comments (12)
We need to wait for opencontainers/runc#1693 or use ptrace hack.
Please refer to README for further info
from img.
Ah! I asssumed that r.j3ss.co/img already had a hacked runc in there to work around the setgroup issue.
from img.
from img.
We actually not with that one with the other one... I'll do them all tho later
from img.
@jessfraz
you can use this branch
https://github.com/AkihiroSuda/runc/commits/demo-rootless
from img.
or this tag: https://github.com/AkihiroSuda/runc/tree/demo-rootless.20180116-0
(commits are same; using tag rather than branch would be more deterministic)
from img.
We actually not with that one with the other one... I'll do them all tho later
I'm not sure which one you are talking about... but I just tried with your new image and I'm seeing the same behavior. I'm a bit confused still about what patches y'all are talking about and the necessary setup for those to work. But I'll let y'all figure this out. @jessfraz if this is being tracked in a different place feel free to close this issue.
from img.
I'm going to make some k8s examples and carry the patches on my flight this afternoon, sorry was doing saturday things :)
from img.
then we can work out all the rough edges, I also hope that then we can help with them testing this upstream (re comment here: moby/moby#32925 (comment)) I know the last time the builder in docker was replaced we had to test a lot to find the weird bashisms that broke and odd bugs in the old builder that were being used as features, etc
from img.
seems closable now?
from img.
I'm having a similar issue (Operation not permitted), but only when trying to use a different state directory (need build cache with PVC):
apiVersion: batch/v1
kind: Job
metadata:
name: img-build
namespace: amze-2029
spec:
template:
metadata:
annotations:
container.apparmor.security.beta.kubernetes.io/build: unconfined
container.seccomp.security.alpha.kubernetes.io/build: unconfined
spec:
initContainers:
- name: git-clone
image: r.j3ss.co/img:v0.5.7
command:
- /bin/sh
args:
- -c
- git clone https://github.com/amazeeio/drupal-example.git
workingDir: /home/user/src
volumeMounts:
- mountPath: /home/user/src
name: src
containers:
- name: build
image: r.j3ss.co/img:v0.5.7
command:
- /bin/sh
args:
- -c
- >
id &&
echo "RUN apk add --no-cache tcpdump" >> drupal-example/lagoon/php.dockerfile &&
img build -s /tmp -t registry.ch-gva-2.exo.appuio.ch/amze-2029/drupal-example:latest -f drupal-example/lagoon/php.dockerfile
--build-arg CLI_IMAGE=registry.ch-gva-2.exo.appuio.ch/amze-2029/drupal-example:cli drupal-example &&
img push -s /tmp registry.ch-gva-2.exo.appuio.ch/amze-2029/drupal-example:latest
securityContext:
# privileged: true
#runAsUser: 1000
#runAsGroup: 0
procMount: Unmasked
workingDir: /home/user/src
volumeMounts:
- mountPath: /home/user/src
name: src
- mountPath: /tmp
name: cache
- mountPath: /home/user/.docker/config.json
subPath: config.json
name: registries
restartPolicy: Never
volumes:
- name: src
emptyDir: {}
- name: cache
persistentVolumeClaim:
claimName: img-cache
- name: registries
secret:
secretName: regcred
items:
- key: .dockerconfigjson
path: config.json
backoffLimit: 0
log excerpt:
#7 sha256:831a6d750410aeacea063fbe7db0e87c626b3019ae8f56be0c9aefd3d6b8af76 14.71MB / 14.71MB done
#7 unpacking registry.ch-gva-2.exo.appuio.ch/amze-2029/drupal-example:cli@sha256:14630f6378aa48eb2e32bcdffafc5c6eec8d49dca50d4b50f89cd61db8c40195
time="2020-03-12T18:35:32Z" level=info msg="apply failure, attempting cleanup" error="failed to extract layer sha256:77cae8ab23bf486355d1b3191259705374f4a11d483b24964d2f729dd8c076a0: mount callback failed on /run/user/1000/containerd-mount827883887: lchown /run/user/1000/containerd-mount827883887/etc/shadow: operation not permitted" key="extract-844920920-8DtT sha256:77cae8ab23bf486355d1b3191259705374f4a11d483b24964d2f729dd8c076a0"
time="2020-03-12T18:35:32Z" level=info msg="apply failure, attempting cleanup" error="failed to extract layer sha256:77cae8ab23bf486355d1b3191259705374f4a11d483b24964d2f729dd8c076a0: mount callback failed on /run/user/1000/containerd-mount475060601: context canceled" key="extract-88219689-NE5W sha256:77cae8ab23bf486355d1b3191259705374f4a11d483b24964d2f729dd8c076a0"
#6 ...
I started trying different parameters (was using /cache
before /tmp
) and also played with the securityContext user/group ids, but to no avail.
Kubernetes is v1.14.9-eks-502bfb
from img.
some issue here.
from img.
Related Issues (20)
- prune support (clean up build cache)
- nsenter: failed to sync with parent: SYNC_USERMAP_ACK: got 255: Invalid argument HOT 1
- spec: failed to generate spec: no command specified HOT 2
- setting up img Dockerfile HOT 2
- Deadlock during COPY
- q: how can I load tar archive using Img?
- Maintaned? HOT 7
- Failing on some whiteout files
- nsenter: Permission denied on K8s containerd w/ Gitlab Runners HOT 2
- Is there any solutions for `docker load` ? HOT 1
- img on kubernetes with allowPrivilegeEscalation: false HOT 1
- Error: mount callback failed on
- Not able to login to in-secured private registry
- [feature] built-in retry mechanism on push
- failed to load cache key: pull access denied, repository does not exist or may require authorization
- img fails to build images based on Ubuntu 22.04
- img build stucks with 100% memory consumption
- cannot reuse body, request must be retried
- img not working on AWS ECS
- 05.11 fails silently building no errors
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from img.