Hello,
I couldn't find a note about this in the current documentation or any existing issue so that's why I create one for this, please point me in the right direction if it's already known.
I cannot manage to mount secret with buildKit when userns-remap is enabled.
Docker version : 19.03.3, build a872fc2f86 (ubuntu 18.04)
Given the following Dockerfile :
# syntax = docker/dockerfile:1.0-experimental
FROM ubuntu
RUN --mount=type=secret,id=mySecret,dst=/myFile cat /myFile
and the following build command :
DOCKER_BUILDKIT=1 docker build --secret id=mySecret,src=/path/to/myFile --progress=plain --no-cache -t test-buildkit .
it works just fine when userns-remap is turned off but as soon as "userns-remap": "default" is added in /etc/docker/daemon.json any attempt to build the same Dockerfile with the same command leads to :
#1 [internal] load .dockerignore
#1 transferring context: 2B done
#1 DONE 0.0s
#2 [internal] load build definition from Dockerfile
#2 transferring dockerfile: 163B done
#2 DONE 0.0s
#3 resolve image config for docker.io/docker/dockerfile:1.0-experimental
#3 DONE 1.2s
#4 docker-image://docker.io/docker/dockerfile:1.0-experimental@sha256:cbd64...
#4 CACHED
#5 [internal] load .dockerignore
#5 DONE 0.0s
#6 [internal] load build definition from Dockerfile
#6 transferring dockerfile: 163B done
#6 DONE 0.0s
#7 [internal] load metadata for docker.io/library/ubuntu:latest
#7 DONE 0.6s
#8 [1/2] FROM docker.io/library/ubuntu@sha256:b88f8848e9a1a4e4558ba7cfc4acc...
#8 CACHED
#9 [2/2] RUN --mount=type=secret,id=mySecret,dst=/myFile cat /myFile
#9 0.205 container_linux.go:345: starting container process caused "process_linux.go:424: container init caused \"rootfs_linux.go:58: mounting \\\"/var/lib/docker/362144.362144/tmp/buildkit-secrets120111366
/1kbsq87x16vqkfnjwylp1sibf\\\" to rootfs \\\"/var/lib/docker/362144.362144/buildkit/executor/kn8l27mqrwgwso3j0f6s5p6xx/rootfs\\\" at \\\"/var/lib/docker/362144.362144/buildkit/executor/kn8l27mqrwgwso3j0f6s5
p6xx/rootfs/myFile\\\" caused \\\"operation not permitted\\\"\""
#9 ERROR: executor failed running [/bin/sh -c cat /myFile]: runc did not terminate sucessfully
------
> [2/2] RUN --mount=type=secret,id=mySecret,dst=/myFile cat /myFile:
------
failed to solve with frontend dockerfile.v0: failed to solve with frontend gateway.v0: rpc error: code = Unknown desc = failed to build LLB: executor failed running [/bin/sh -c cat /myFile]: runc did not te
rminate sucessfully
Let me know if you need more information,
thanks
Hello,
I couldn't find a note about this in the current documentation or any existing issue so that's why I create one for this, please point me in the right direction if it's already known.
I cannot manage to mount secret with buildKit when userns-remap is enabled.
Docker version : 19.03.3, build a872fc2f86 (ubuntu 18.04)
Given the following Dockerfile :
and the following build command :
DOCKER_BUILDKIT=1 docker build --secret id=mySecret,src=/path/to/myFile --progress=plain --no-cache -t test-buildkit .it works just fine when userns-remap is turned off but as soon as
"userns-remap": "default"is added in/etc/docker/daemon.jsonany attempt to build the same Dockerfile with the same command leads to :Let me know if you need more information,
thanks