search

alpinelinux / docker-alpine

Official Alpine Linux Docker image. Win at minimalism!
MIT License
1.08k stars 262 forks source link

make on edge[20210212] has no access to system commands #146

Open gherrink opened 3 years ago

gherrink commented 3 years ago

I hope this belongs here.

I'm have created an image base on alpine:3.13 where I'm using make to create some dependencies. To test some new features I upgraded to alpine:edge to test some stuff. When I run make I'm getting make: make: Operation not permitted.

To test if this is my fault or is because of the update to edge I've created a small test Dockerfile + Makefile

Dockerfile:

FROM alpine:edge

RUN apk update && apk add make

COPY Makefile Makefile

RUN make

Makefile:

default:        build

clean:
        rm -rf Makefile objs

build:
        $(MAKE) -f objs/Makefile

This is the output

Sending build context to Docker daemon  99.33kB
Step 1/4 : FROM alpine:edge
 ---> 34dac7805320
Step 2/4 : RUN apk update && apk add make
 ---> Running in f4064dcf212d
fetch https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
v20210212-524-gbe08be886b [https://dl-cdn.alpinelinux.org/alpine/edge/main]
v20210212-529-g22817087ea [https://dl-cdn.alpinelinux.org/alpine/edge/community]
OK: 14110 distinct packages available
(1/1) Installing make (4.3-r0)
Executing busybox-1.33.0-r2.trigger
OK: 6 MiB in 15 packages
Removing intermediate container f4064dcf212d
 ---> c7e09905475a
Step 3/4 : COPY Makefile Makefile
 ---> d6f2aa7a498c
Step 4/4 : RUN make
 ---> Running in ee4dff032f39
make -f objs/Makefile
make: make: Operation not permitted
make: *** [Makefile:7: build] Error 127
The command '/bin/sh -c make' returned a non-zero code: 2

If've tryped several system commands like e.g. rm Makefile, with the same output make: rm: Operation not permitted.

Please let me know if you need more information.

CurtTilmes commented 3 years ago

Try running docker with the --security-opt seccomp=unconfined option.

gherrink commented 3 years ago

--security-opt seccomp=unconfined

Works with docker run but is not allowed for build Error response from daemon: The daemon on this platform does not support setting security options on build.

So when I remove RUN make from Dockerfile use docker run -it --security-opt seccomp=unconfined [container] make it works.

indigo423 commented 3 years ago

It seems like still an issue in Alpine 3.14.0 right? Here is what I've tested running Alpine in Docker with a simple Makefile:

.PHONY: test

test:
    @echo "Hello World"

When I run it with

make test

I get the following error message:

make: /bin/sh: Operation not permitted
make: *** [Makefile:4: test] Error 127
cat /etc/alpine-release
3.14.0
sathishsms commented 3 years ago 
 make: /bin/sh: Operation not permitted
  make: *** [Makefile:514: all-recursive] Error 127

Facing the same issue

ipsitabgit commented 3 years ago

Facing same issue with 3.14.0.

make: /bin/sh: Operation not permitted make: *** [Makefile:372: build_crypto] Error 127

cat /etc/alpine-release 3.14.0

indigo423 commented 3 years ago

It seems like still an issue in Alpine 3.14.0 right? Here is what I've tested running Alpine in Docker with a simple Makefile:

.PHONY: test

test:
  @echo "Hello World"

When I run it with

make test

I get the following error message:

make: /bin/sh: Operation not permitted
make: *** [Makefile:4: test] Error 127
cat /etc/alpine-release
3.14.0

Just FYI: The only way to get it working in our cloud-hosted CI/CD was downgrading to alpine:3.12.

denisvmedia commented 3 years ago

I don't face this issue on 3.13, but I do on 3.14.

sidz commented 3 years ago

for those who faced with this issue on Alpine 3.14:

please check https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2 and ensure that your docker is 20.10.0 or higher.

ghevge commented 2 years ago

I'm seeing a similar error when trying to build the redislite wheel on an alpine python:3.9.6-alpine3.14 in my CICD pipeline docker:20.10.12-dind

Any idea how I can workaround this without downgrading alpine image ?

Thanks

Building wheel for redislite (setup.py): started
  Building wheel for redislite (setup.py): finished with status 'error'
  ERROR: Command errored out with exit status 1:
   command: /usr/local/bin/python -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-aqvlzuog/redislite_da841dbccf9645d2926d1d3e10c09489/setup.py'"'"'; __file__='"'"'/tmp/pip-install-aqvlzuog/redislite_da841dbccf9645d2926d1d3e10c09489/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-ou9erqj7
       cwd: /tmp/pip-install-aqvlzuog/redislite_da841dbccf9645d2926d1d3e10c09489/
  Complete output (39 lines):
  running bdist_wheel
  running build
  running build_py
  creating build
  creating build/lib.linux-x86_64-3.9
  creating build/lib.linux-x86_64-3.9/redislite
  copying redislite/__init__.py -> build/lib.linux-x86_64-3.9/redislite
  copying redislite/client.py -> build/lib.linux-x86_64-3.9/redislite
  copying redislite/configuration.py -> build/lib.linux-x86_64-3.9/redislite
  copying redislite/debug.py -> build/lib.linux-x86_64-3.9/redislite
  copying redislite/patch.py -> build/lib.linux-x86_64-3.9/redislite
  running egg_info
  writing redislite.egg-info/PKG-INFO
  writing dependency_links to redislite.egg-info/dependency_links.txt
  writing requirements to redislite.egg-info/requires.txt
  writing top-level names to redislite.egg-info/top_level.txt
  reading manifest file 'redislite.egg-info/SOURCES.txt'
  reading manifest template 'MANIFEST.in'
  warning: no files found matching 'README.rst'
  warning: no files found matching '*' under directory 'redislite/bin'
  warning: no previously-included files found matching '*dummy.o'
  adding license file 'LICENSE.txt'
  writing manifest file 'redislite.egg-info/SOURCES.txt'
  copying redislite/package_metadata.json -> build/lib.linux-x86_64-3.9/redislite
  running build_ext
  building 'dummy' extension
  creating build/temp.linux-x86_64-3.9
  creating build/temp.linux-x86_64-3.9/src
  gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/local/include/python3.9 -c src/dummy.c -o build/temp.linux-x86_64-3.9/src/dummy.o
  gcc -shared -Wl,--strip-all build/temp.linux-x86_64-3.9/src/dummy.o -L/usr/local/lib -o build/lib.linux-x86_64-3.9/dummy.cpython-39-x86_64-linux-gnu.so
  compiling redis
  ********************************************************************************
  /tmp/pip-install-aqvlzuog/redislite_da841dbccf9645d2926d1d3e10c09489
  cd src && make install
  make: /bin/sh: Operation not permitted
  make: *** [Makefile:9: install] Error 127
  ********************************************************************************
  creating build/scripts-3.9
  error: can't copy '/tmp/pip-install-aqvlzuog/redislite_da841dbccf9645d2926d1d3e10c09489/redis.submodule/bin/redis-server': doesn't exist or not a regular file
  ----------------------------------------
  ERROR: Failed building wheel for redislite
sashsvamir commented 2 years ago

I'm fix this by updating containerd.io and docker-ce packages, as follow (ubuntu 18.04):

curl -O https://download.docker.com/linux/debian/dists/buster/pool/stable/amd64/containerd.io_1.4.3-2_amd64.deb
sudo apt install ./containerd.io_1.4.3-2_amd64.deb
sudo apt-get install docker-ce