Open sluongng opened 3 years ago
@nkubala I think you maintain both this project and https://github.com/GoogleContainerTools/container-diff, could you please take a look?
hey @sluongng, thanks for the issue. our team isn't currently working on this project anymore, and we're not really submitting bug fixes ourselves. if you'd like to take a stab at fixing this issue, I'll try and take a look at any opened PRs!
I also encountered the same issue.
IIUC this is not caused by container-structure-test itself; rather it comes from the bazel's sandbox implementation in macOS.
Using container_test()
defined in rules_docker I get the same error as in the PR description above, while directly invoking container-structure-test succeeds as expected.
My understanding:
sandbox-exec
and the sandbox profile used does not contain file-write-setugid
.$TMPDIR
), it fails to add setuid/setgid bit for the files/directories (operation not permitted).Note that one can confirm that changing setuid/setgid of a file fails in a simple sh_test
.
I don't have any idea on how to fix/workaround this issue, but I hope this comment helps someone.
Just FYI my current approach with this is to create 2 targets: 1 with compatible_with
Linux and the other with MacOS. And use Docker driver on MacOS. It's a hack but it allow you to do some basic tests such as verifying the distro of the container OS.
@skirino interesting observation... I think bazel test tmpdir might not allow the operation for a good reason (but it does not make much sense why Linux is ok with it). Perhaps a workaround would be to write to the host's tmpdir directly, bypassing bazel tmpdir but then you will run into problems with tests running concurrently and having leftover artifacts on the host 🤔
I am trying to run some basic fileContentTests and fileExistenceTests on MacOS with tar driver
With this bazel test setup
Which resulted in the following error
I am using bazel rules_docker on latest HEAD https://github.com/bazelbuild/rules_docker/commit/e15c9ebf203b7fa708e69ff5f1cdcf427d7edf6f
This test passed just fine when run on Linux + tar-driver or MacOS + docker-driver. But not MacOS + tar-driver.