minikube image build: Operation not permitted

[JulianAssmann]

What Happened?

I tried to build an image with minikube build using the Podman driver with the CRI-O container runtime.

I first initialized a podman machine with enough resources and started it:
podman machine init --cpus=4 --memory=4096 --disk-size=10

Logs

Extracting compressed file Image resized. Machine init complete To start your machine run:

podman machine start

podman machine start

Logs

Extracting compressed file Image resized. Machine init complete To start your machine run:

podman machine start

➜ ~ podman machine start
Starting machine "podman-machine-default"
Waiting for VM ...
Mounting volume... /Users:/Users
Mounting volume... /private:/private
Mounting volume... /var/folders:/var/folders

This machine is currently configured in rootless mode. If your containers
require root permissions (e.g. ports < 1024), or if you run into compatibility
issues with non-podman clients, you can switch using the following command:

podman machine set --rootful

API forwarding listening on: /var/run/docker.sock
Docker API clients default to this address. You do not need to set DOCKER_HOST.

Machine "podman-machine-default" started successfully

I then created the minikube cluster:

minikube start --driver=podman --container-runtime=cri-o

Logs

😄 minikube v1.30.1 on Darwin 13.4 (arm64) ✨ Using the podman (experimental) driver based on user configuration 📌 Using Podman driver with root privileges 👍 Starting control plane node minikube in cluster minikube 🚜 Pulling base image ... E0522 14:02:51.075639 59601 cache.go:188] Error downloading kic artifacts: not yet implemented, see issue #8426 🔥 Creating podman container (CPUs=2, Memory=3849MB) ... 🎁 Preparing Kubernetes v1.26.3 on CRI-O 1.24.4 ... E0522 14:03:25.628998 59601 start.go:131] Unable to get host IP: RoutableHostIPFromInside is currently only implemented for linux ▪ Generating certificates and keys ... ▪ Booting up control plane ... ▪ Configuring RBAC rules ... 🔗 Configuring CNI (Container Networking Interface) ... ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5 🔎 Verifying Kubernetes components... 🌟 Enabled addons: storage-provisioner, default-storageclass ❗ The image 'services/ads' was not found; unable to add it to cache. 🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

Then I wanted to build an image with
minikube build -t <image_name> .

This fails with error
writing blob: adding layer with blob "sha256:e464611cad28e3191fb5458b5b6b9bbcfd879d9863a4aa29debea8bf188cc100": Error processing tar file(exit status 1): operation not permitted:

Logs

I0522 13:40:15.592058 55558 out.go:296] Setting OutFile to fd 1 ... I0522 13:40:15.593352 55558 out.go:348] isatty.IsTerminal(1) = true I0522 13:40:15.593360 55558 out.go:309] Setting ErrFile to fd 2... I0522 13:40:15.593364 55558 out.go:348] isatty.IsTerminal(2) = true I0522 13:40:15.594143 55558 root.go:336] Updating PATH: /Users/julian/.minikube/bin I0522 13:40:15.594342 55558 oci.go:594] shell is pointing to podman inside minikube. will unset to use host I0522 13:40:15.616035 55558 config.go:182] Loaded profile config "minikube": Driver=podman, ContainerRuntime=crio, KubernetesVersion=v1.26.3 I0522 13:40:16.126043 55558 config.go:182] Loaded profile config "minikube": Driver=podman, ContainerRuntime=crio, KubernetesVersion=v1.26.3 I0522 13:40:16.135224 55558 cli_runner.go:164] Run: podman container inspect minikube --format={{.State.Status}} I0522 13:40:16.395571 55558 ssh_runner.go:195] Run: systemctl --version I0522 13:40:16.395819 55558 cli_runner.go:164] Run: podman version --format {{.Version}} I0522 13:40:16.644857 55558 cli_runner.go:164] Run: podman container inspect -f "'{{(index (index .NetworkSettings.Ports "22/tcp") 0).HostPort}}'" minikube I0522 13:40:16.820769 55558 sshutil.go:53] new ssh client: &{IP:127.0.0.1 Port:43671 SSHKeyPath:/Users/julian/.minikube/machines/minikube/id_rsa Username:docker} I0522 13:40:16.943507 55558 build_images.go:151] Building image from path: /var/folders/xy/hznp_xk94pd6s3gvsf3h7xbc0000gn/T/build.3049193688.tar I0522 13:40:16.944294 55558 ssh_runner.go:195] Run: sudo mkdir -p /var/lib/minikube/build I0522 13:40:16.958896 55558 ssh_runner.go:195] Run: stat -c "%s %y" /var/lib/minikube/build/build.3049193688.tar I0522 13:40:16.965055 55558 ssh_runner.go:352] existence check for /var/lib/minikube/build/build.3049193688.tar: stat -c "%s %y" /var/lib/minikube/build/build.3049193688.tar: Process exited with status 1 stdout:

stderr:
stat: cannot stat '/var/lib/minikube/build/build.3049193688.tar': No such file or directory
I0522 13:40:16.965098 55558 ssh_runner.go:362] scp /var/folders/xy/hznp_xk94pd6s3gvsf3h7xbc0000gn/T/build.3049193688.tar --> /var/lib/minikube/build/build.3049193688.tar (306281472 bytes)
I0522 13:40:19.182851 55558 ssh_runner.go:195] Run: sudo mkdir -p /var/lib/minikube/build/build.3049193688
I0522 13:40:19.191107 55558 ssh_runner.go:195] Run: sudo tar -C /var/lib/minikube/build/build.3049193688 -xf /var/lib/minikube/build/build.3049193688.tar
I0522 13:40:19.567247 55558 crio.go:297] Building image: /var/lib/minikube/build/build.3049193688
I0522 13:40:19.567380 55558 ssh_runner.go:195] Run: sudo podman build /var/lib/minikube/build/build.3049193688
[1/2] STEP 1/6: FROM maven:3.8.1-openjdk-17-slim AS builder
[2/2] STEP 1/4: FROM eclipse-temurin:17-jre AS runner
Resolving "maven" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/maven:3.8.1-openjdk-17-slim...
Getting image source signatures
Copying blob sha256:69516cdba4cb7a795b487b7760e1e24f57707aace05220b3b0c3df0dc60c2086
Copying blob sha256:e464611cad28e3191fb5458b5b6b9bbcfd879d9863a4aa29debea8bf188cc100
Copying blob sha256:3456fbefeea00be2de3e7bfd384efeecc2d5aa1be0b37375b92267491213a2c9
Copying blob sha256:c146dbef80dfc6113dc1fe9ec08c82cc60352a8796c2401b439e272cf063f4c5
Copying blob sha256:3d4cb30315853c3a21dd229a0e499065668ad2b20a2e52752d9c7dc82a013960
Copying blob sha256:513c6babab2b9079da61a69300c0e26d1037ca98910376098e9ae87baeb112c0
Copying blob sha256:4332ef1bcb8676adbe0ef517855630e2b7d2c8f2bd6b3c9e6af5fc6132225203
Copying blob sha256:69516cdba4cb7a795b487b7760e1e24f57707aace05220b3b0c3df0dc60c2086
Copying blob sha256:3d4cb30315853c3a21dd229a0e499065668ad2b20a2e52752d9c7dc82a013960
Copying blob sha256:c146dbef80dfc6113dc1fe9ec08c82cc60352a8796c2401b439e272cf063f4c5
Copying blob sha256:e464611cad28e3191fb5458b5b6b9bbcfd879d9863a4aa29debea8bf188cc100
Copying blob sha256:3456fbefeea00be2de3e7bfd384efeecc2d5aa1be0b37375b92267491213a2c9
Copying blob sha256:4332ef1bcb8676adbe0ef517855630e2b7d2c8f2bd6b3c9e6af5fc6132225203
Trying to pull quay.io/maven:3.8.1-openjdk-17-slim...
Resolving "eclipse-temurin" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/eclipse-temurin:17-jre...
Error: error creating build container: 2 errors occurred while pulling:

• writing blob: adding layer with blob "sha256:e464611cad28e3191fb5458b5b6b9bbcfd879d9863a4aa29debea8bf188cc100": Error processing tar file(exit status 1): operation not permitted
• initializing source docker://quay.io/maven:3.8.1-openjdk-17-slim: reading manifest 3.8.1-openjdk-17-slim in quay.io/maven: StatusCode: 404, <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final/...
  I0522 13:40:40.996822 55558 ssh_runner.go:235] Completed: sudo podman build /var/lib/minikube/build/build.3049193688: (21.429467917s)
  W0522 13:40:40.996912 55558 build_images.go:115] Failed to build image for profile minikube. make sure the profile is running. CRI-O build /var/lib/minikube/build/build.3049193688.tar: crio build image: sudo podman build /var/lib/minikube/build/build.3049193688: Process exited with status 125
  stdout:
  [1/2] STEP 1/6: FROM maven:3.8.1-openjdk-17-slim AS builder
  [2/2] STEP 1/4: FROM eclipse-temurin:17-jre AS runner

stderr:
Resolving "maven" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/maven:3.8.1-openjdk-17-slim...
Getting image source signatures
Copying blob sha256:69516cdba4cb7a795b487b7760e1e24f57707aace05220b3b0c3df0dc60c2086
Copying blob sha256:e464611cad28e3191fb5458b5b6b9bbcfd879d9863a4aa29debea8bf188cc100
Copying blob sha256:3456fbefeea00be2de3e7bfd384efeecc2d5aa1be0b37375b92267491213a2c9
Copying blob sha256:c146dbef80dfc6113dc1fe9ec08c82cc60352a8796c2401b439e272cf063f4c5
Copying blob sha256:3d4cb30315853c3a21dd229a0e499065668ad2b20a2e52752d9c7dc82a013960
Copying blob sha256:513c6babab2b9079da61a69300c0e26d1037ca98910376098e9ae87baeb112c0
Copying blob sha256:4332ef1bcb8676adbe0ef517855630e2b7d2c8f2bd6b3c9e6af5fc6132225203
Copying blob sha256:69516cdba4cb7a795b487b7760e1e24f57707aace05220b3b0c3df0dc60c2086
Copying blob sha256:3d4cb30315853c3a21dd229a0e499065668ad2b20a2e52752d9c7dc82a013960
Copying blob sha256:c146dbef80dfc6113dc1fe9ec08c82cc60352a8796c2401b439e272cf063f4c5
Copying blob sha256:e464611cad28e3191fb5458b5b6b9bbcfd879d9863a4aa29debea8bf188cc100
Copying blob sha256:3456fbefeea00be2de3e7bfd384efeecc2d5aa1be0b37375b92267491213a2c9
Copying blob sha256:4332ef1bcb8676adbe0ef517855630e2b7d2c8f2bd6b3c9e6af5fc6132225203
Trying to pull quay.io/maven:3.8.1-openjdk-17-slim...
Resolving "eclipse-temurin" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/eclipse-temurin:17-jre...
Error: error creating build container: 2 errors occurred while pulling:

• writing blob: adding layer with blob "sha256:e464611cad28e3191fb5458b5b6b9bbcfd879d9863a4aa29debea8bf188cc100": Error processing tar file(exit status 1): operation not permitted
• initializing source docker://quay.io/maven:3.8.1-openjdk-17-slim: reading manifest 3.8.1-openjdk-17-slim in quay.io/maven: StatusCode: 404, <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final/...
  I0522 13:40:40.997006 55558 build_images.go:123] succeeded building to:
  I0522 13:40:40.997011 55558 build_images.go:124] failed building to: minikube

Attach the log file

logs.txt

Operating System

macOS (Default)

Driver

Podman

[JulianAssmann]

I could fix this issue by running podman with root:

podman system connection default podman-machine-default-root