Undefined [2849068085] Upstream Reporter: Chris Evich
Upstream issue status: Open
Upstream description:
When building inside a rootless container using buildah's vfs storage driver and chroot isolation (As is very often done to build images in CI environments), specifying read/write bind volumes from other stages results in an error. This behavior does not reproduce using buildah 1.37 or earlier. Also verified this same behavior using a vanilla registry.fedoraproject.org/fedora-minimal images + dnf5 install buildah. That is to say, I think it's a buildah problem, not a buildah image problem.
Reproduction (host) environment:
- Fedora 40
- podman 5.3.1
- Running as a regular user w/ default podman settings
- The quay.io/buildah/upstream:latest container image (buildah version 1.40.0-dev (image-spec 1.1.0, runtime-spec 1.2.0))
- The quay.io/buildah/stable:v1.38 container image
- The quay.io/buildah/stable:v1.37 container image
Steps to reproduce:
- Create the following Containerfile somewhere in the users homedir
FROM registry.fedoraproject.org/fedora-minimal:latest as test RUN mkdir -p /var/tmp/test ADD ./Containerfile /var/tmp/test/ FROM test as final RUN --mount=type=bind,from=test,src=/var/tmp/test,dst=/var/tmp/test,rw set -x && date > /var/tmp/test/Containerfile && cat /var/tmp/test/Containerfile- Run podman run -it --rm -v ./Containerfile:/root/Containerfile:ro,Z quay.io/buildah/stable:v1.38 buildah --storage-driver=vfs build --isolation=chroot /root
- Run the exact same command, but with quay.io/buildah/stable:v1.37 (or any other earlier version)
Unexpected results:
[1/2] STEP 1/3: FROM registry.fedoraproject.org/fedora-minimal:latest AS test Trying to pull registry.fedoraproject.org/fedora-minimal:latest... Getting image source signatures Copying blob 169491f3e4f7 done | Copying config e6917e6306 done | Writing manifest to image destination [1/2] STEP 2/3: RUN mkdir -p /var/tmp/test [1/2] STEP 3/3: ADD ./Containerfile /var/tmp/test/ Getting image source signatures Copying blob cde90dcf8c1f skipped: already exists Copying blob cec21250b843 done | Copying config 9f9e432f21 done | Writing manifest to image destination --> 9f9e432f21cb [2/2] STEP 1/2: FROM 9f9e432f21cbb67c928b93d87af3878f3b903cbc2030cc12594f9368829ccc8c AS final [2/2] STEP 2/2: RUN --mount=type=bind,from=test,src=/var/tmp/test,dst=/var/tmp/test,rw set -x && date > /var/tmp/test/Containerfile && cat /var/tmp/test/Containerfile ERRO[0025] unlinkat /var/tmp/buildah1274147250/mounts4133407440/bind3931917386: device or resource busy Error: building at STEP "RUN --mount=type=bind,from=test,src=/var/tmp/test,dst=/var/tmp/test,rw set -x && date > /var/tmp/test/Containerfile && cat /var/tmp/test/Containerfile": resolving mountpoints for container "bb08d8062b4c17b75108492838e53d3236abce647447c8f5bec72cebfcb8ca1b": setting up overlay of "/var/tmp/buildah1274147250/mounts4133407440/bind3931917386": mount overlay:/var/tmp/buildah1274147250/mounts4133407440/overlay/981784139/merge, data: lowerdir=/var/tmp/buildah1274147250/mounts4133407440/bind3931917386,upperdir=/var/tmp/buildah1274147250/mounts4133407440/overlay/981784139/upper,workdir=/var/tmp/buildah1274147250/mounts4133407440/overlay/981784139/work,userxattr: invalid argumentExpected results (from v1.37):
[1/2] STEP 1/3: FROM registry.fedoraproject.org/fedora-minimal:latest AS test Trying to pull registry.fedoraproject.org/fedora-minimal:latest... Getting image source signatures Copying blob 169491f3e4f7 done | Copying config e6917e6306 done | Writing manifest to image destination [1/2] STEP 2/3: RUN mkdir -p /var/tmp/test [1/2] STEP 3/3: ADD ./Containerfile /var/tmp/test/ Getting image source signatures Copying blob cde90dcf8c1f skipped: already exists Copying blob b50f8aabd929 done | Copying config 71ea00d65f done | Writing manifest to image destination --> 71ea00d65f89 [2/2] STEP 1/2: FROM 71ea00d65f8949486c4441a13b231fd4992b2be2c4170e97a0b9baae11244f71 AS final [2/2] STEP 2/2: RUN --mount=type=bind,from=test,src=/var/tmp/test,dst=/var/tmp/test,rw set -x && date > /var/tmp/test/Containerfile && cat /var/tmp/test/Containerfile WARN[0000] couldn't find "/var/lib/containers/storage/vfs/dir/7d684fe50918fe44941621b1721c8ee345f7884e2887f8cae36608bacb38e0e8/tmp/test" on host to bind mount into container + date + cat /var/tmp/test/Containerfile Wed Feb 12 18:17:34 UTC 2025 [2/2] COMMIT Getting image source signatures Copying blob cde90dcf8c1f skipped: already exists Copying blob b50f8aabd929 skipped: already exists Copying blob 11db3e39f474 done | Copying config 83de1e9298 done | Writing manifest to image destination --> 83de1e9298fe 83de1e9298feac0ce7e01e89b840e42ecd3901a4a67d1b998b3bdbe176fd3a69Debug output from v1.38 is below (v1.40.0-dev output is substantially similar):
Note: Also attempted with the following Containerfile with similar results:
FROM registry.fedoraproject.org/fedora-minimal:latest as test ADD ./Containerfile /test/ RUN chmod 777 /test/Containerfile ##### FROM test as final RUN --mount=type=bind,from=test,src=/test,dst=/test,rw set -x && date > /test/Containerfile && cat /test/Containerfile
Upstream URL: https://github.com/containers/buildah/issues/5988
- links to
