Unable to build a simple Dockerfile with buildx where userns-remap and the containerd backend is enabled #47377
Labels
area/builder/buildkit
Issues affecting buildkit
area/builder
area/security/userns
containerd-integration
Issues and PRs related to containerd integration
kind/bug
Bugs are bugs. The cause may or may not be known at triage time so debugging may be needed.
status/0-triage
version/25.0
Description
We are unable to build a simple image using buildx, with the docker buildkit driver, where the docker daemon is running with the following configuration:
The problem can be reproduced relatively easily with a simple image such as:
FROM alpine:latest RUN echo "hello world"
Reproduce
Command:
docker buildx build -f Dockerfile .
Result:
Expected behavior
The container should be built successfully.
docker version
+ docker version Client: Version: 25.0.3 API version: 1.44 Go version: go1.21.6 Git commit: 4debf41 Built: Tue Feb 6 21:13:00 2024 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 25.0.3 API version: 1.44 (minimum version 1.24) Go version: go1.21.6 Git commit: f417435 Built: Tue Feb 6 21:13:08 2024 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.7.13 GitCommit: 7c3aca7a610df76212171d200ca3811ff6096eb8 runc: Version: 1.1.12 GitCommit: v1.1.12-0-g51d5e94 docker-init: Version: 0.19.0 GitCommit: de40ad0
docker info
Additional Info
I've ran an experiment and found if run the following on the daemon, the problem disappears, however my knowledge here is currently lacking and I don't yet understand why this is the case without diving deeper:
We launch our daemon with the following options. There is an auth plugin we have wired up, however than can be disregarded here.
daemon.json:
I was able to find this runc log file:
The text was updated successfully, but these errors were encountered: