Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-1278

Unable to use fuse-overlayfs storage driver with buildah on sandboxed containers

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Medium Medium
    • None
    • 4.10-1.2.0
    • kata-containers
    • 1
    • False
    • False
    • Hide
      Older releases of the `buildah` tool fail in openshift sandboxed containers with the following error:

      process exited with error: fork/exec /bin/sh: no such file or directorysubprocess exited with status 1
      It is recommended to use an image based on buildah version 1.26.2 or newer. Such an image is
      already available at quay.io/buildah/stable:latest.
      Show
      Older releases of the `buildah` tool fail in openshift sandboxed containers with the following error: process exited with error: fork/exec /bin/sh: no such file or directorysubprocess exited with status 1 It is recommended to use an image based on buildah version 1.26.2 or newer. Such an image is already available at quay.io/buildah/stable:latest.
    • Known Issue
    • Done
    • 0
    • 0.0

      Description

      Building container image inside sandboxed (kata) containers using buildah

      Steps to reproduce

      cat >build.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: buildah
  namespace: sandboxed-builds
spec:
  runtimeClassName: kata
  containers:
    - name: buildah
      image: quay.io/buildah/stable:v1.23.0
      command: ["sleep", "infinity"]
      securityContext:
        privileged: true
EOF

oc create ns sandboxed-builds
oc apply -f build.yaml
oc exec -it buildah bash
mknod /dev/fuse -m 0666 c 10 229
mkdir /build && cd /build

cat >Dockerfile <<EOF
FROM quay.io/fedora/fedora:33
RUN date
EOF

buildah bud  -f Dockerfile .

       

      Expected result

      Successful container image build

      Actual result

      process exited with error: fork/exec /bin/sh: no such file or directorysubprocess exited with status 1

      Impact

      The use-case of isolated builds and build pipeline using sandboxed containers becomes weak.

      Env

      kata-containers-2.3.0

      Additional helpful info

      The issue is not there for runc containers.

      Also I have not check with upstream kata and initrd. 

            rhgkurz Greg Kurz
            bpradipt Pradipta Banerjee
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: