Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

can't compile go using podman #3402

Closed
csantanapr opened this issue Jun 21, 2019 · 9 comments
Closed

can't compile go using podman #3402

csantanapr opened this issue Jun 21, 2019 · 9 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@csantanapr
Copy link

/kind bug

Description

Trying to use podman to build a container using golang

Describe the results you received:
error building

STEP 4: RUN CGO_ENABLED=0 GOOS=linux go build -v -o helloworld
error running container: error creating new mount namespace for [/bin/sh -c CGO_ENABLED=0 GOOS=linux go build -v -o helloworld]: operation not permitted
Error: error building at STEP "RUN CGO_ENABLED=0 GOOS=linux go build -v -o helloworld": error while running runtime: exit status 1

Describe the results you expected:
Build to work

Steps to reproduce the issue:

  1. Using podman from ubuntu using a container
    Created the container using this Dockerfile
FROM ubuntu:16.04

RUN apt-get update -qq \
    && apt-get install -qq -y software-properties-common uidmap \
    && add-apt-repository -y ppa:projectatomic/ppa \
    && apt-get update -qq \
    && apt-get -qq -y install podman \
    && apt-get install -y iptables

# Change default storage driver to vfs
RUN sed -i "s/overlay/vfs/g" /etc/containers/storage.conf

# Add docker.io as a search registry
RUN sed -i '0,/\[\]/s/\[\]/["docker.io"]/' /etc/containers/registries.conf
  1. Create app Dockerfile
FROM golang:1.12
WORKDIR /go/src/github.com/knative/docs/helloworld
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -v -o helloworld
  1. Run podman build with the following Dockerfile
docker run --rm -it -v $PWD:/tmp/app csantanapr/podman "podman" "build" "/tmp/app"
STEP 1: FROM golang:1.12 AS builder
Getting image source signatures
Copying blob 7596bb83081b done
Copying blob fc2529ce2b56 done
Copying blob 372744b62d49 done
Copying blob 494c27a8a6b8 done
Copying blob 6f2f362378c5 done
Copying blob 0658c6765517 done
Copying blob c9a1ca7e4a49 done
Copying config 9fe4cdc1f1 done
Writing manifest to image destination
Storing signatures
STEP 2: WORKDIR /go/src/github.com/knative/docs/helloworld
--> 9fbaa6d130d4aab9275f837b4853692be5bc93df5b509ca109b3a9ee3e948e4f
STEP 3: COPY . .
--> 11675926e9305a710ae333e23f5cfd8efd2cb6d79d39a294a2a3bbda6e328d09
STEP 4: RUN CGO_ENABLED=0 GOOS=linux go build -v -o helloworld
error running container: error creating new mount namespace for [/bin/sh -c CGO_ENABLED=0 GOOS=linux go build -v -o helloworld]: operation not permitted
Error: error building at STEP "RUN CGO_ENABLED=0 GOOS=linux go build -v -o helloworld": error while running runtime: exit status 1

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

docker run --rm -it -v $PWD:/tmp/app csantanapr/podman "podman" "version"         
Version:            1.4.0
RemoteAPI Version:  1
Go Version:         go1.10.4
OS/Arch:            linux/amd64

(paste your output here)
Output of podman info --debug:

docker run --rm -it -v $PWD:/tmp/app csantanapr/podman "podman" "info" "--debug"
debug:
  compiler: gc
  git commit: ""
  go version: go1.10.4
  podman version: 1.4.0
host:
  BuildahVersion: 1.8.3
  Conmon:
    package: 'conmon: /usr/libexec/crio/conmon'
    path: /usr/libexec/crio/conmon
    version: 'conmon version , commit: '
  Distribution:
    distribution: ubuntu
    version: "16.04"
  MemFree: 4171636736
  MemTotal: 6246756352
  OCIRuntime:
    package: 'cri-o-runc: /usr/lib/cri-o-runc/sbin/runc'
    path: /usr/lib/cri-o-runc/sbin/runc
    version: 'runc version spec: 1.0.1-dev'
  SwapFree: 992301056
  SwapTotal: 1073737728
  arch: amd64
  cpus: 4
  hostname: 133ed48a7277
  kernel: 4.9.125-linuxkit
  os: linux
  rootless: false
  uptime: 28h 29m 1.31s (Approximately 1.17 days)
registries:
  blocked: null
  insecure: null
  search:
  - docker.io
store:
  ConfigFile: /etc/containers/storage.conf
  ContainerStore:
    number: 0
  GraphDriverName: vfs
  GraphOptions: null
  GraphRoot: /var/lib/containers/storage
  GraphStatus: {}
  ImageStore:
    number: 0
  RunRoot: /var/run/containers/storage
  VolumePath: /var/lib/containers/storage/volumes

(paste your output here)
Additional environment details (AWS, VirtualBox, physical, etc.):
Running on OSX using docker for mac
@openshift-ci-robot openshift-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Jun 21, 2019
@mheon
Copy link
Member

mheon commented Jun 21, 2019

Is go build attempting to make a fresh mount namespace?

Regardless, bug is in build, tagging the Buildah folks
@nalind @TomSweeneyRedHat PTAL

@mheon mheon added the Buildah label Jun 21, 2019
@csantanapr
Copy link
Author

Thanks @mheon for looking and tagging.

Do you have a Dockerfile sample that would allow to compile a go program?
There might be I need to adjust the Dockerfile to be compatible with podman

@csantanapr
Copy link
Author

Forgot to add the helloword.go file that is trying to compile

https://github.com/knative/docs/blob/master/docs/serving/samples/hello-world/helloworld-go/helloworld.go

@TomSweeneyRedHat
Copy link
Member

TomSweeneyRedHat commented Jun 21, 2019
edited
Loading

@giuseppe could this error be due to using overlay instead of Fuse? @csantanapr any objections to using Fedora instead of Ubuntu within your first image?

@csantanapr
Copy link
Author

@TomSweeneyRedHat sure I can try Fedora

Do you have Dockerfile that I can try to build and use a container image on Mac?

@TomSweeneyRedHat
Copy link
Member

@csantanapr, still a bit of a WIP, but you can try the Dockerfiles here

@giuseppe
Copy link
Member

@giuseppe could this error be due to using overlay instead of Fuse? @csantanapr any objections to using Fedora instead of Ubuntu within your first image?

from the error message, it seems that it is attempting to create a new namespace. You need at least to provide "--cap-add SYS_ADMIN" and see if it improves anything. You would probably also like to --security-opt seccomp=unconfined

@baude
Copy link
Member

baude commented Aug 2, 2019

can we close this

@rhatdan
Copy link
Member

rhatdan commented Aug 4, 2019

Reopen if @giuseppe fix did not solve this.

@rhatdan rhatdan closed this as completed Aug 4, 2019
@tvvignesh tvvignesh mentioned this issue Oct 9, 2020
Closed
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 24, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 24, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@giuseppe @csantanapr @rhatdan @mheon @baude @TomSweeneyRedHat @openshift-ci-robot