With version 19.03.2, enabling user namespace remapping breaks BuildKit-powered builds.
Steps to reproduce the issue:
- Enable user namespace remapping;
- Dockerfile:
FROM alpine as test
RUN id
DOCKER_BUILDKIT=1 docker build . --progress=plain
Describe the results you received:
Build fails.
#2 [internal] load .dockerignore
#2 transferring context: 2B done
#2 DONE 0.0s
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 64B done
#1 DONE 0.0s
#3 [internal] load metadata for docker.io/library/alpine:latest
#3 DONE 0.0s
#4 [1/2] FROM docker.io/library/alpine
#4 CACHED
#5 [2/2] RUN id
#5 0.173 container_linux.go:345: starting container process caused "process_linux.go:430: container init caused \"rootfs_linux.go:58: mounting \\\"/run/runc/1argvey9yo2x2mwmd7nplwwua/notify.sock\\\" to rootfs \\\"/var/lib/docker/231072.231072/buildkit/executor/1argvey9yo2x2mwmd7nplwwua/rootfs\\\" at \\\"/run/systemd/notify\\\" caused \\\"stat /run/runc/1argvey9yo2x2mwmd7nplwwua/notify.sock: permission denied\\\"\""
#5 ERROR: executor failed running [/bin/sh -c id]: exit code: 1
------
> [2/2] RUN id:
------
failed to solve with frontend dockerfile.v0: failed to build LLB: executor failed running [/bin/sh -c id]: exit code: 1
Describe the results you expected:
Should've succeeded.
Additional information you deem important (e.g. issue happens only occasionally):
Works just fine without either BuildKit or user namespace remapping. This is a clean install, i.e. not upgrading from a prior version.
Output of docker version:
Client: Docker Engine - Community
Version: 19.03.2
API version: 1.40
Go version: go1.12.8
Git commit: 6a30dfc
Built: Thu Aug 29 05:29:11 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.2
API version: 1.40 (minimum version 1.12)
Go version: go1.12.8
Git commit: 6a30dfc
Built: Thu Aug 29 05:27:45 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.6
GitCommit: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc:
Version: 1.0.0-rc8
GitCommit: 425e105d5a03fabd737a126ad93d62a9eeede87f
docker-init:
Version: 0.18.0
GitCommit: fec3683
Output of docker info:
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 19.03.2
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
userns
Kernel Version: 4.15.0-60-generic
Operating System: Ubuntu 18.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 985.6MiB
Name: kvm-experiment
ID: WWEW:H7D5:Q7Y3:7CCW:2WON:OR4N:RQMT:6DMC:QVBF:6RME:ENUV:36MN
Docker Root Dir: /var/lib/docker/231072.231072
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
Additional environment details (AWS, VirtualBox, physical, etc.):
With version 19.03.2, enabling user namespace remapping breaks BuildKit-powered builds.
Steps to reproduce the issue:
DOCKER_BUILDKIT=1 docker build . --progress=plainDescribe the results you received:
Build fails.
Describe the results you expected:
Should've succeeded.
Additional information you deem important (e.g. issue happens only occasionally):
Works just fine without either BuildKit or user namespace remapping. This is a clean install, i.e. not upgrading from a prior version.
Output of
docker version:Output of
docker info:Additional environment details (AWS, VirtualBox, physical, etc.):