Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error removing bin to make way for new symlink: unlinkat //bin/sh: permission denied #3135

Open
willzhang opened this issue Apr 24, 2024 · 0 comments
Open

error removing bin to make way for new symlink: unlinkat //bin/sh: permission denied #3135

willzhang opened this issue Apr 24, 2024 · 0 comments

Comments

@willzhang
Copy link

willzhang commented Apr 24, 2024
edited

Actual behavior
build failed in jenkins docker pipeline

Expected behavior
build success in jenkins docker pipeline

To Reproduce
1、create jenkinsfile

pipeline {
    agent any

    environment {
        GIT_URL = 'http://192.168.72.16:3001/root/demo1.git'
        GIT_CREDENTIALSID = 'gitea-account'
        GIT_BRANCH = 'main'
        BUILDER_IMAGE = '192.168.72.16/library/kaniko_executor:debug'
        CONTAINER_REGISTRY_URL = '192.168.72.16/library'
        CONTAINER_IMAGE_NAME = 'demo'
        CONFIG = credentials('kaniko-auth')
    }

    stages {
        stage('Clone') {
            steps {
                git branch: "${env.GIT_BRANCH}", credentialsId: "${env.GIT_CREDENTIALSID}", url: "${env.GIT_URL}"
            }
        }

        stage('Build_source') {
            agent {
                docker {
                    image 'docker.io/library/maven:latest'
                    args "-v $HOME/.m2:/root/.m2"
                }
            }
            steps {
                sh "mvn -v"
            }
        }
        
        stage('build_push_image') {
            agent {
                docker {
                    image "${env.BUILDER_IMAGE}"
                    args "--entrypoint="
                    reuseNode true
                }
            }
            steps {
                script {
                    withCredentials([file(credentialsId: 'kaniko-auth1', variable: 'DOCKER_CONFIG1')]) {
                        sh """
                            export DOCKER_CONFIG=/kaniko/docker/
                            mkdir -p /kaniko/docker/
                            cp $DOCKER_CONFIG1 /kaniko/docker/config.json
                            /kaniko/executor --context=dir://. --dockerfile=./Dockerfile --destination=${env.CONTAINER_REGISTRY_URL}/${env.CONTAINER_IMAGE_NAME}:${env.BUILD_NUMBER} --insecure
                        """
                    }
                }
            }
        }
    }
}

2、Dockerfile

FROM ubuntu
RUN apt update -y

3、jenkins console logs

main error

error building image: error building stage: failed to get filesystem from image: error removing bin to make way for new symlink: unlinkat //bin/sh: permission denied

all logs

Started by user [administrator](http://192.168.72.19:8080/user/admin)
[Pipeline] Start of Pipeline
[Pipeline] node
Running on [Jenkins](http://192.168.72.19:8080/computer/(built-in)/) in /var/lib/jenkins/workspace/docker-demo1
[Pipeline] {
[Pipeline] withCredentials
Masking supported pattern matches of $CONFIG
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Clone)
[Pipeline] git
The recommended git tool is: NONE
using credential gitea-account
 > git rev-parse --resolve-git-dir /var/lib/jenkins/workspace/docker-demo1/.git # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url http://192.168.72.16:3001/root/demo1.git # timeout=10
Fetching upstream changes from http://192.168.72.16:3001/root/demo1.git
 > git --version # timeout=10
 > git --version # 'git version 2.34.1'
using GIT_ASKPASS to set credentials gitea-account
 > git fetch --tags --force --progress -- http://192.168.72.16:3001/root/demo1.git +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git rev-parse refs/remotes/origin/main^{commit} # timeout=10
Checking out Revision f191facd01a657a8edee7e0fc91f89ca1669803e (refs/remotes/origin/main)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f f191facd01a657a8edee7e0fc91f89ca1669803e # timeout=10
 > git branch -a -v --no-abbrev # timeout=10
 > git branch -D main # timeout=10
 > git checkout -b main f191facd01a657a8edee7e0fc91f89ca1669803e # timeout=10
Commit message: "更新 Dockerfile"
 > git rev-list --no-walk f191facd01a657a8edee7e0fc91f89ca1669803e # timeout=10
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Build_source)
[Pipeline] node
Running on [Jenkins](http://192.168.72.19:8080/computer/(built-in)/) in /var/lib/jenkins/workspace/docker-demo1@2
[Pipeline] {
[Pipeline] isUnix
[Pipeline] withEnv
[Pipeline] {
[Pipeline] sh
+ docker inspect -f . docker.io/library/maven:latest
.
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] withDockerContainer
Jenkins does not seem to be running inside a container
$ docker run -t -d -u 115:120 -v /var/lib/jenkins/.m2:/root/.m2 -w /var/lib/jenkins/workspace/docker-demo1@2 -v /var/lib/jenkins/workspace/docker-demo1@2:/var/lib/jenkins/workspace/docker-demo1@2:rw,z -v /var/lib/jenkins/workspace/docker-demo1@2@tmp:/var/lib/jenkins/workspace/docker-demo1@2@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** docker.io/library/maven:latest cat
$ docker top 6e47652297ce0e2c66f4cdbfc605dae06b3cc7262152836b431c8f99bea37e6a -eo pid,comm
[Pipeline] {
[Pipeline] sh
+ mvn -v
Apache Maven 3.9.6 (bc0240f3c744dd6b6ec2920b3cd08dcc295161ae)
Maven home: /usr/share/maven
Java version: 21.0.2, vendor: Eclipse Adoptium, runtime: /opt/java/openjdk
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "5.15.0-105-generic", arch: "amd64", family: "unix"
[Pipeline] }
$ docker stop --time=1 6e47652297ce0e2c66f4cdbfc605dae06b3cc7262152836b431c8f99bea37e6a
$ docker rm -f --volumes 6e47652297ce0e2c66f4cdbfc605dae06b3cc7262152836b431c8f99bea37e6a
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (build_push_image)
[Pipeline] getContext
[Pipeline] isUnix
[Pipeline] withEnv
[Pipeline] {
[Pipeline] sh
+ docker inspect -f . 192.168.72.16/library/kaniko_executor:debug
.
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] withDockerContainer
Jenkins does not seem to be running inside a container
$ docker run -t -d -u 115:120 --entrypoint= -w /var/lib/jenkins/workspace/docker-demo1 -v /var/lib/jenkins/workspace/docker-demo1:/var/lib/jenkins/workspace/docker-demo1:rw,z -v /var/lib/jenkins/workspace/docker-demo1@tmp:/var/lib/jenkins/workspace/docker-demo1@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** 192.168.72.16/library/kaniko_executor:debug cat
$ docker top fb45030f7345d7cac091ca04250320c6a01ae721410b8d3ada6d0c1fe66e2c51 -eo pid,comm
[Pipeline] {
[Pipeline] script
[Pipeline] {
[Pipeline] withCredentials
Masking supported pattern matches of $DOCKER_CONFIG1
[Pipeline] {
[Pipeline] sh
Warning: A secret was passed to "sh" using Groovy String interpolation, which is insecure.
		 Affected argument(s) used the following variable(s): [DOCKER_CONFIG1]
		 See https://jenkins.io/redirect/groovy-string-interpolation for details.
+ export 'DOCKER_CONFIG=/kaniko/docker/'
+ mkdir -p /kaniko/docker/
+ echo /var/lib/jenkins
/var/lib/jenkins
+ pwd
/var/lib/jenkins/workspace/docker-demo1
+ ls
Dockerfile
README.md
+ cp **** /kaniko/docker/config.json
+ /kaniko/executor '--context=dir://.' '--dockerfile=./Dockerfile' '--destination=192.168.72.16/library/demo:59' --insecure
�[36mINFO�[0m[0000] Retrieving image manifest ubuntu             
�[36mINFO�[0m[0000] Retrieving image ubuntu from registry index.docker.io 
�[36mINFO�[0m[0006] Built cross stage deps: map[]                
�[36mINFO�[0m[0006] Retrieving image manifest ubuntu             
�[36mINFO�[0m[0006] Returning cached image manifest              
�[36mINFO�[0m[0006] Executing 0 build triggers                   
�[36mINFO�[0m[0006] Building stage 'ubuntu' [idx: '0', base-idx: '-1'] 
�[36mINFO�[0m[0006] Unpacking rootfs as cmd RUN apt update -y requires it. 
error building image: error building stage: failed to get filesystem from image: error removing bin to make way for new symlink: unlinkat //bin/sh: permission denied
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // script
[Pipeline] }
$ docker stop --time=1 fb45030f7345d7cac091ca04250320c6a01ae721410b8d3ada6d0c1fe66e2c51
$ docker rm -f --volumes fb45030f7345d7cac091ca04250320c6a01ae721410b8d3ada6d0c1fe66e2c51
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE

The debug image i use with image id c7c1f8d3d464 

root@jenkins:/var/lib/jenkins/workspace# docker images |grep debug
192.168.72.16/library/kaniko_executor   debug                c7c1f8d3d464   4 weeks ago    99.1MB
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@willzhang