Description
When building a container that uses rootlesskit, if the build occurs in a rootless container, the build fails
Reproduce
234 | # This will install docker under $HOME/bin according to the content of the script
235 | >>> RUN export SKIP_IPTABLES=1 \
236 | >>> && curl -fsSL https://raw.githubusercontent.com/lavaerius/docker-install/master/rootless-install.sh | sh - \
237 | >>> && /home/runner/bin/docker -v
238 |
Expected behavior
rootlesskit installs
docker version
Docker info
/usr/local/bin/docker version
Client: Docker Engine - Community
Version: 25.0.3
API version: 1.44
Go version: go1.21.6
Git commit: 4debf41
Built: Tue Feb 6 21:13:09 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 25.0.3
API version: 1.44 (minimum version 1.24)
Go version: go1.21.6
Git commit: f417435
Built: Tue Feb 6 21:13:09 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.28
GitCommit: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
rootlesskit:
Version: 2.0.1
ApiVersion: 1.1.1
NetworkDriver: slirp4netns
PortDriver: builtin
StateDir: /run/user/1000/dockerd-rootless
slirp4netns:
Version: 1.0.1
GitCommit: 6a7b16babc95b6a3056b33fb45b74a6f62262dd4
docker info
Client: Docker Engine - Community
Version: 25.0.3
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.12.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.24.6
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 25.0.3
Storage Driver: fuse-overlayfs
Logging Driver: json-file
Cgroup Driver: none
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
runc version: v1.1.12-0-g51d5e94
init version: de40ad0
Security Options:
seccomp
Profile: builtin
rootless
cgroupns
Kernel Version: 5.15.0-1068-azure
Operating System: Ubuntu 22.04.3 LTS (containerized)
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 62.79GiB
Name: arc-runner-dind-rootless-enterprise-mzkfj-wqdw6
ID: 6e666fbf-f047-4c12-a9ac-ae4694dc1fc3
Docker Root Dir: /home/runner/.local/share/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Additional Info
the runner is in a k8s cluster, as a github action runner, running rootless, with rootless dind
the builds had succeeded until the rootlesskit check was implemented, and unfortunately the movement of the check from
#48216 didn't help
I can get the build to succeed if I create an out of band install script that removes that check completely, but that's not sustainable.
Description
When building a container that uses rootlesskit, if the build occurs in a rootless container, the build fails
Reproduce
Expected behavior
rootlesskit installs
docker version
Docker info
docker info
Additional Info
the runner is in a k8s cluster, as a github action runner, running rootless, with rootless dind
the builds had succeeded until the rootlesskit check was implemented, and unfortunately the movement of the check from
#48216 didn't help
I can get the build to succeed if I create an out of band install script that removes that check completely, but that's not sustainable.