Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BuildKit: denied { write } (scontext=system_u:system_r:container_t:s0:c23,c164 tcontext=unconfined_u:object_r:container_ro_file_t:s0) #190

Closed
AkihiroSuda opened this issue Oct 19, 2022 · 0 comments · Fixed by #193
Closed

BuildKit: denied { write } (scontext=system_u:system_r:container_t:s0:c23,c164 tcontext=unconfined_u:object_r:container_ro_file_t:s0) #190

AkihiroSuda opened this issue Oct 19, 2022 · 0 comments · Fixed by #193

Comments

@AkihiroSuda
Copy link
Contributor

AkihiroSuda commented Oct 19, 2022
edited
Loading

RUN ls works, but RUN apk add neofetch does not 😞

# buildctl build --frontend dockerfile.v0 --local dockerfile=. --local context=.
[+] Building 3.3s (5/5) FINISHED                                                                                                           
 => [internal] load .dockerignore                                                                                                     0.1s
 => => transferring context: 2B                                                                                                       0.0s
 => [internal] load build definition from Dockerfile                                                                                  0.1s
 => => transferring dockerfile: 130B                                                                                                  0.0s
 => [internal] load metadata for docker.io/library/alpine:latest                                                                      2.7s
 => CACHED [1/2] FROM docker.io/library/alpine@sha256:bc41182d7ef5ffc53a40b044e725193bc10142a1243f395ee852a8d9730fc2ad                0.1s
 => => resolve docker.io/library/alpine@sha256:bc41182d7ef5ffc53a40b044e725193bc10142a1243f395ee852a8d9730fc2ad                       0.1s
 => ERROR [2/2] RUN apk add neofetch                                                                                                  0.3s
------
 > [2/2] RUN apk add neofetch:
#0 0.260 ERROR: Unable to lock database: Permission denied
#0 0.263 ERROR: Failed to open apk database: Permission denied
------
Dockerfile:2
--------------------
   1 |     FROM alpine
   2 | >>> RUN apk add neofetch
   3 |     
--------------------
error: failed to solve: process "/bin/sh -c apk add neofetch" did not complete successfully: exit code: 99
# ausearch -m avc
time->Wed Oct 19 15:31:03 2022
type=AVC msg=audit(1666193463.724:567): avc:  denied  { write } for  pid=2031 comm="apk" name="lock" dev="overlay" ino=94946 scontext=system_u:system_r:container_t:s0:c23,c164 tcontext=unconfined_u:object_r:container_ro_file_t:s0 tclass=file permissive=0

Originally posted by @AkihiroSuda in #189 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support BuildKit (cont.) AkihiroSuda/container-selinux
1 participant
@AkihiroSuda