Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mount /var/lib/containers/storage/overlay:/var/lib/containers/storage/overlay, flags: 0x1000: permission denied #2328

Closed
Yannik opened this issue Apr 27, 2020 · 6 comments
Closed

mount /var/lib/containers/storage/overlay:/var/lib/containers/storage/overlay, flags: 0x1000: permission denied #2328

Yannik opened this issue Apr 27, 2020 · 6 comments
Labels
locked - please file new issue/PR

Comments

@Yannik
Copy link

Yannik commented Apr 27, 2020
edited
Loading

Description
Building a container using quay.io/buildah/stable doesn't work on docker on debian buster.

  1. echo 1 > /proc/sys/kernel/unprivileged_userns_clone
  2. docker run --device /dev/fuse -v /tmp/test:/var/lib/containers/storage:Z --security-opt seccomp=/root/seccomp.json --rm -it quay.io/buildah/stable sh
  3. buildah images

leads to the following error:

mount /var/lib/containers/storage/overlay:/var/lib/containers/storage/overlay, flags: 0x1000: permission denied
ERRO exit status 1

/root/seccomp.json is the seccomp file from containers-common - without this, I'd get Error during unshare(CLONE_NEWUSER): Operation not permitted
Running it with --security-opt seccomp=unconfined leads to the same error, so this doesn't seem like a seccomp issue.
Omitting -v /tmp/test:/var/lib/containers/storage:Z also results in the same error.

uname -a: I've tried both Linux sonorus 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1 (2020-01-26) x86_64 GNU/Linux (buster stable) and Linux sonorus 5.4.0-0.bpo.4-amd64 #1 SMP Debian 5.4.19-1~bpo10+1 (2020-03-09) x86_64 GNU/Linux (buster-backports) kernels.

dpkg -l |grep docker:

ii  docker-ce                           5:19.03.8~3-0~debian-buster                                    amd64        Docker: the open-source application container engine
ii  docker-ce-cli                       5:19.03.8~3-0~debian-buster                                    amd64        Docker CLI: the open-source application container engine
ii  golang-docker-credential-helpers    0.6.1-2                                                        amd64        native stores to safeguard Docker credentials
ii  python-docker                       3.4.1-4                                                        all          Python wrapper to access docker.io's control socket
ii  python-dockerpycreds                0.3.0-1                                                        all          Python bindings for the docker credentials store API

Update:
I installed podman on debian as described on https://podman.io/getting-started/installation.html, but I'm getting the same error with podman:

root@xxx:~#  podman run --device /dev/fuse -v /tmp/test:/var/lib/containers/storage:Z --rm -it quay.io/buildah/stable sh
sh-5.0# buildah images
mount /var/lib/containers/storage/overlay:/var/lib/containers/storage/overlay, flags: 0x1000: permission denied
ERRO exit status 1         

root@xxx:~#  podman run --device /dev/fuse --rm -it quay.io/buildah/stable sh
sh-5.0# buildah images
mount /var/lib/containers/storage/overlay:/var/lib/containers/storage/overlay, flags: 0x1000: permission denied
ERRO exit status 1                

root@xxx:~#  podman run  --rm -it quay.io/buildah/stable sh
sh-5.0# buildah images
mount /var/lib/containers/storage/overlay:/var/lib/containers/storage/overlay, flags: 0x1000: permission denied
ERRO exit status 1
@rhatdan
Copy link
Member

rhatdan commented Apr 27, 2020

Does this work?
podman run --device /dev/fuse -v /tmp/test:/var/lib/containers/storage:Z --user build --rm -it quay.io/buildah/stable sh

Adding --user build should allow you to then run a rootless container as the user.

@Yannik
Copy link
Author

Yannik commented Apr 27, 2020
edited
Loading

Does this work?
podman run --device /dev/fuse -v /tmp/test:/var/lib/containers/storage:Z --user build --rm -it quay.io/buildah/stable sh

Adding --user build should allow you to then run a rootless container as the user.

No, that didn't work for me.

sh-5.0$ buildah images
ERRO[0000] failed to setup From and Bud flags: failed to get container config: error reading system config "/etc/containers/containers.conf": unable to decode configuration /etc/containers/containers.conf: open /etc/containers/containers.conf: permission denied

Same error with docker.

@rhatdan
Copy link
Member

rhatdan commented Apr 27, 2020

Sadly I broke this.
#2332

@rhatdan
Copy link
Member

rhatdan commented Aug 5, 2020

Should be fixed in master now.

@rhatdan rhatdan closed this as completed Aug 5, 2020
@ozeta
Copy link

ozeta commented Nov 12, 2020

Hi @rhatdan , i pulled podman from quay.io, but i receive the same errors of OP.

@rhatdan
Copy link
Member

rhatdan commented Nov 12, 2020

Please open a fresh new issue, with all of your data. What command you ran specific versions.

@twolffpiggott twolffpiggott mentioned this issue Jan 11, 2021
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
locked - please file new issue/PR
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Yannik @rhatdan @ozeta