Alpine 3.14.0 - make: /bin/sh: Operation not permitted

[chrislowth]

"make" reports "/bin/sh: Operation not permitted".

To reproduce ...

$ docker run -ti --rm alpine:3.14.0
/ # cd
~ # apk add make
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/x86_64/APKINDEX.tar.gz
(1/1) Installing make (4.3-r0)
Executing busybox-1.33.1-r2.trigger
OK: 6 MiB in 15 packages
~ # echo -e "one:\n\tdate > one" > Makefile
~ # cat Makefile 
one:
    date > one
~ # make
date > one
make: /bin/sh: Operation not permitted
make: *** [Makefile:2: one] Error 127
~ # 

This works with alpine 3.13.4 ...

$ docker run -ti --rm alpine:3.13.4
/ # cd
~ # apk add make
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
(1/1) Installing make (4.3-r0)
Executing busybox-1.32.1-r5.trigger
OK: 6 MiB in 15 packages
~ # echo -e "one:\n\tdate > one" > Makefile
~ # cat Makefile 
one:
    date > one
~ # make
date > one
~ # 

[vetali]

As per Alpine 3.14.0 Release Notes, the easiest way to fix this is to upgrade Docker to version 20.10.0 or later.

[dathan]

Looks like this was introduced in the last 15 days. The builds from 3 months ago seem to work

[qifengzhang007]

I encountered the same error as you when compiling nginx.

Then I switched to version alpine:3.12 、alpine:3.13,Found that both are OK!

// Omit irrelevant code

RUN  \
                addgroup  -S www  &&  adduser www  -D -S -s /bin/sh -G www  \
                && wget -P /home/soft  https://github.com/vozlt/nginx-module-vts/archive/v0.1.18.tar.gz  \
                && wget -P /home/soft  http://nginx.org/download/nginx-1.21.1.tar.gz   \
                && wget -P /home/soft  https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz    \
                &&  cd /home/soft  && tar -zxf nginx-1.21.1.tar.gz  &&  tar  -zxf  v0.1.18.tar.gz   && tar  -zxf  pcre-8.44.tar.gz  \
                &&  cd /home/soft/nginx-1.21.1  \
                &&  ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module  --with-http_v2_module --with-http_gzip_static_module --with-stream --with-http_sub_module  --with-pcre=/home/soft/pcre-8.44   --add-module=/home/soft/nginx-module-vts-0.1.18  \
                &&  make && make install  \

// Omit irrelevant code

The error is as follows:

make -f objs/Makefile
make: make: Operation not permitted
make: *** [Makefile:10: build] Error 127

[jufemaiz]

Confirming that this is failing.

Docker 20.10.5 Compose 1.28.5

Gist: https://gist.github.com/jufemaiz/a5512eb7f87a0f33f512b806dec49e5a

Related: https://github.com/docker-library/golang/issues/378

[jufemaiz]

Now for the fun part.

Docker 20.10.6 and 20.10.7 both work.

[andypost]

As release notes said update of docker required https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2

[jufemaiz]

As release notes said update of docker required https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2

Sure, but it also says:

Docker 20.10.0 (which contains moby commit a181391) or greater

Which is incorrect. Docker 20.10.5 is incompatible.

[Hello71]

As release notes said update of docker required https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2

Sure, but it also says:

Docker 20.10.0 (which contains moby commit a181391) or greater

Which is incorrect. Docker 20.10.5 is incompatible.

you cannot stop reading nine words in. AND is the very next word, in all caps. for those unfortunately living with dyslexia, i have now set the already all-caps AND in additional bold and italic font.

[jufemaiz]

Suggest toning down the antagonism and the use of medical conditions as slurs @Hello71.

Looks like I failed to add I'm using the Docker for Mac solution. Ergo any attempt to validate the libseccomp version and compatibility of the host is destined for failure as far as I can tell for non-linux solutions. As point two notes, the existence of Docker for Mac or Windows as a solution is known, so surely there's a reasonable expectation that the version of Docker Desktop recommended would have been validated.

Cheers for the contribution to the release notes.

[Hello71]

Suggest toning down the antagonism and the use of medical conditions as slurs @Hello71.

it is not i who started any "antagonism".

Docker 20.10.0 (which contains moby commit a181391) or greater

Which is incorrect. Docker 20.10.5 is incompatible.

i generously assumed that you accidentally misread the documentation instead of gratuitously insulting the release notes that i spent several hours writing and revising to be comprehensive and clear.

i suggest you spend 2.5 minutes (244 words times 100 wpm for "remedial students" on advanced material) reading it; in all likelihood, that is less time than you've spent cherry-picking fragments of it and unnecessarily downgrading and upgrading Docker.

with that in mind, you have apparently still not read the release notes, since you say:

As point two notes, the existence of Docker for Mac or Windows as a solution is known, so surely there's a reasonable expectation that the version of Docker Desktop recommended would have been validated.

it was validated; stop insulting my work. the Alpine Linux 3.14 release notes say:

if using Docker Desktop for Windows or Mac, this is part of Docker Desktop 3.3.0

when using Docker Desktop, you cannot cite only the Docker Engine version number. you also cannot stop reading fourteen words in and shrug "well i'm using docker desktop so wHy iSNt iT WorKInG". as explained in both the Alpine and Docker Desktop release notes, newer versions of Docker Desktop contain newer Docker Engine, but also newer runc:

Docker Desktop 3.2.1: Docker Engine 20.10.5 Docker Desktop 3.3.0: runc v1.0.0-rc93 Docker Desktop 3.3.2: Docker Engine 20.10.6

and here, we return to the Alpine Linux 3.14 release notes, which says that Docker Desktop 3.3.0 contains runc v1.0.0-rc93, which satisfies the faccessat2 requirement for Alpine Linux 3.14.

this was already pointed out to you at https://github.com/docker-library/golang/issues/378 (quote in full, emphasis added):

Yep, as noted in docker-library/php#1177, this is something related to the containerization combined with newer musl. If you're not on the latest release of Docker, libseccomp, and runc, I'd suggest starting with an update to all of those.

---

if, after fully reading the Alpine release notes, anybody is still experiencing this issue, please post:

1. docker version (not docker --version) and docker info. if you don't have access to the Docker host, then your provider name and relevant information (e.g. advertised VM configuration).
2. if you are using Docker Desktop, then the Docker Desktop version
3. full docker invocation, input (e.g. Dockerfile or stdin), and output

to avoid cluttering the issue, please use <details> element for big output, e.g. https://gist.github.com/ericclemmons/b146fe5da72ca1f706b2ef72a20ac39d.

i appreciate any information that can help improve the usability and reliability of Alpine Linux, and am willing to assist (for free!) in resolving issues. i do not appreciate wasting volunteer support time and propagating misinformation instead of spending two minutes to properly read the documentation. if you don't want to read the documentation, that's fine (although your loss), but don't subsequently go around complaining that nothing works properly and you have no idea why.

[mmachatschek]

@Hello71 I run into this problem too. Here is my configuration to reproduce the issue.

As far as I can tell, my system meets the minimum requirements mentioned in the Alpine 3.14 release notes.

1. Docker version >= 20.10.0
2. runc >= 1.0.0-rc93
3. libseccomp >= 2.4.4

The command scmp_sys_resolver faccessat2 returns 439 both on the host and within the container.

Docker version:

```console docker version ``` ``` Client: Docker Engine - Community Version: 20.10.8 API version: 1.41 Go version: go1.16.6 Git commit: 3967b7d Built: Fri Jul 30 19:54:27 2021 OS/Arch: linux/amd64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 20.10.8 API version: 1.41 (minimum version 1.12) Go version: go1.16.6 Git commit: 75249d8 Built: Fri Jul 30 19:52:33 2021 OS/Arch: linux/amd64 Experimental: true containerd: Version: 1.4.9 GitCommit: e25210fe30a0a703442421b0f60afac609f950a3 runc: Version: 1.0.1 GitCommit: v1.0.1-0-g4144b63 docker-init: Version: 0.19.0 GitCommit: de40ad0 ```

Docker info:

```console docker info ``` ``` Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.6.1-docker) scan: Docker Scan (Docker Inc., v0.8.0) Server: Containers: 72 Running: 3 Paused: 0 Stopped: 69 Images: 226 Server Version: 20.10.8 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: e25210fe30a0a703442421b0f60afac609f950a3 runc version: v1.0.1-0-g4144b63 init version: de40ad0 Security Options: apparmor seccomp Profile: default Kernel Version: 5.11.0-27-generic Operating System: Ubuntu 20.04.3 LTS OSType: linux Architecture: x86_64 CPUs: 6 Total Memory: 31.25GiB Name: pc ID: DJIM:XOB3:EFYW:YAJ6:GVTD:XQI5:5R5Z:PUD4:CMRE:AJKW:5OCF:562V Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: true Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false ```

Dockerfile:

```Dockerfile FROM php:8.0.10-fpm-alpine3.14 RUN set -ex \ && apk update \ && apk add --no-cache --update $PHPIZE_DEPS imagemagick libgomp imagemagick-dev \ && pecl install imagick-3.5.1 \ && docker-php-ext-enable imagick ```

Docker build output:

Invokation: ```console docker build -f Dockerfile . ``` ``` [+] Building 20.7s (5/5) FINISHED => [internal] load build definition from Dockerfile 0.1s => => transferring dockerfile: 37B 0.0s => [internal] load .dockerignore 0.1s => => transferring context: 35B 0.0s => [internal] load metadata for docker.io/library/php:8.0.10-fpm-alpine3.14 1.6s => CACHED [1/2] FROM docker.io/library/php:8.0.10-fpm-alpine3.14@sha256:72801f7e6f8495775dd05a9973980e4aaa106983fb58a13d3ce2aa3602b56e6a 0.0s => => resolve docker.io/library/php:8.0.10-fpm-alpine3.14@sha256:72801f7e6f8495775dd05a9973980e4aaa106983fb58a13d3ce2aa3602b56e6a 0.0s => ERROR [2/2] RUN set -ex && apk update && apk add --no-cache --update autoconf dpkg-dev dpkg file g++ gcc libc-dev make pkgconf re2c imagemagick libgomp imagemagick-dev && 19.1s ------ [2/2] RUN set -ex && apk update && apk add --no-cache --update autoconf dpkg-dev dpkg file g++ gcc libc-dev make pkgconf re2c imagemagick libgomp imagemagick-dev && pecl install imagick-3.5.1 && docker-php-ext-enable imagick: #5 0.161 + apk update #5 0.165 fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz #5 0.530 fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/x86_64/APKINDEX.tar.gz #5 0.852 v3.14.1-91-gdd3221bd34 [https://dl-cdn.alpinelinux.org/alpine/v3.14/main] #5 0.852 v3.14.1-93-ga8c38d09be [https://dl-cdn.alpinelinux.org/alpine/v3.14/community] #5 0.852 OK: 14935 distinct packages available #5 0.874 + apk add --no-cache --update autoconf dpkg-dev dpkg file g++ gcc libc-dev make pkgconf re2c imagemagick libgomp imagemagick-dev #5 0.878 fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz #5 1.091 fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/x86_64/APKINDEX.tar.gz #5 1.347 (1/79) Installing m4 (1.4.18-r2) #5 1.370 (2/79) Installing libbz2 (1.0.8-r1) #5 1.391 (3/79) Installing perl (5.32.1-r0) #5 2.026 (4/79) Installing autoconf (2.71-r0) #5 2.073 (5/79) Installing dpkg (1.20.9-r0) #5 2.111 (6/79) Installing pkgconf (1.7.4-r0) #5 2.135 (7/79) Installing dpkg-dev (1.20.9-r0) #5 2.171 (8/79) Installing libmagic (5.40-r1) #5 2.243 (9/79) Installing file (5.40-r1) #5 2.259 (10/79) Installing libgcc (10.3.1_git20210424-r2) #5 2.282 (11/79) Installing libstdc++ (10.3.1_git20210424-r2) #5 2.340 (12/79) Installing binutils (2.35.2-r2) #5 2.464 (13/79) Installing libgomp (10.3.1_git20210424-r2) #5 2.493 (14/79) Installing libatomic (10.3.1_git20210424-r2) #5 2.514 (15/79) Installing libgphobos (10.3.1_git20210424-r2) #5 2.619 (16/79) Installing gmp (6.2.1-r0) #5 2.650 (17/79) Installing isl22 (0.22-r0) #5 2.717 (18/79) Installing mpfr4 (4.1.0-r0) #5 2.823 (19/79) Installing mpc1 (1.2.1-r0) #5 2.849 (20/79) Installing gcc (10.3.1_git20210424-r2) #5 4.096 (21/79) Installing musl-dev (1.2.2-r3) #5 4.241 (22/79) Installing libc-dev (0.7.2-r3) #5 4.257 (23/79) Installing g++ (10.3.1_git20210424-r2) #5 5.028 (24/79) Installing libxau (1.0.9-r0) #5 5.062 (25/79) Installing libmd (1.0.3-r0) #5 5.092 (26/79) Installing libbsd (0.11.3-r0) #5 5.117 (27/79) Installing libxdmcp (1.1.3-r0) #5 5.142 (28/79) Installing libxcb (1.14-r2) #5 5.203 (29/79) Installing libx11 (1.7.2-r0) #5 5.268 (30/79) Installing libxext (1.3.4-r0) #5 5.295 (31/79) Installing expat (2.4.1-r0) #5 5.322 (32/79) Installing libpng (1.6.37-r1) #5 5.353 (33/79) Installing freetype (2.10.4-r1) #5 5.403 (34/79) Installing libuuid (2.37-r0) #5 5.422 (35/79) Installing fontconfig (2.13.1-r4) #5 5.469 (36/79) Installing lcms2 (2.12-r1) #5 5.494 (37/79) Installing libltdl (2.4.6-r7) #5 5.523 (38/79) Installing imagemagick-libs (7.0.11.13-r0) #5 5.600 (39/79) Installing libxrender (0.9.10-r3) #5 5.617 (40/79) Installing pixman (0.40.0-r2) #5 5.668 (41/79) Installing cairo (1.16.0-r3) #5 5.723 (42/79) Installing libffi (3.3-r2) #5 5.741 (43/79) Installing libintl (0.21-r0) #5 5.762 (44/79) Installing libblkid (2.37-r0) #5 5.796 (45/79) Installing libmount (2.37-r0) #5 5.829 (46/79) Installing pcre (8.44-r0) #5 5.869 (47/79) Installing glib (2.68.3-r0) #5 5.953 (48/79) Installing dbus-libs (1.12.20-r2) #5 5.981 (49/79) Installing avahi-libs (0.8-r5) #5 6.006 (50/79) Installing nettle (3.7.2-r0) #5 6.055 (51/79) Installing p11-kit (0.23.22-r0) #5 6.087 (52/79) Installing libtasn1 (4.17.0-r0) #5 6.111 (53/79) Installing libunistring (0.9.10-r1) #5 6.155 (54/79) Installing gnutls (3.7.1-r0) #5 6.212 (55/79) Installing cups-libs (2.3.3-r2) #5 6.255 (56/79) Installing jbig2dec (0.19-r0) #5 6.284 (57/79) Installing libjpeg-turbo (2.1.0-r0) #5 6.339 (58/79) Installing libwebp (1.2.0-r2) #5 6.381 (59/79) Installing zstd-libs (1.4.9-r1) #5 6.424 (60/79) Installing tiff (4.2.0-r1) #5 6.460 (61/79) Installing ghostscript (9.54.0-r0) #5 7.184 (62/79) Installing aom-libs (1.0.0-r3) #5 7.266 (63/79) Installing libde265 (1.0.8-r1) #5 7.313 (64/79) Installing x265-libs (3.4-r0) #5 7.377 (65/79) Installing libheif (1.12.0-r0) #5 7.412 (66/79) Installing cairo-gobject (1.16.0-r3) #5 7.436 (67/79) Installing shared-mime-info (2.1-r0) #5 7.495 (68/79) Installing gdk-pixbuf (2.42.6-r0) #5 7.523 (69/79) Installing libxft (2.3.3-r0) #5 7.546 (70/79) Installing fribidi (1.0.10-r0) #5 7.570 (71/79) Installing graphite2 (1.3.14-r0) #5 7.595 (72/79) Installing harfbuzz (2.8.1-r0) #5 7.658 (73/79) Installing pango (1.48.5-r0) #5 7.699 (74/79) Installing librsvg (2.50.4-r1) #5 7.855 (75/79) Installing imagemagick (7.0.11.13-r0) #5 7.935 (76/79) Installing imagemagick-c++ (7.0.11.13-r0) #5 7.964 (77/79) Installing imagemagick-dev (7.0.11.13-r0) #5 8.006 (78/79) Installing make (4.3-r0) #5 8.037 (79/79) Installing re2c (2.1.1-r0) #5 8.096 Executing busybox-1.33.1-r3.trigger #5 8.101 Executing fontconfig-2.13.1-r4.trigger #5 10.11 Executing shared-mime-info-2.1-r0.trigger #5 11.86 Executing gdk-pixbuf-2.42.6-r0.trigger #5 11.88 OK: 360 MiB in 111 packages #5 11.91 + pecl install imagick-3.5.1 #5 14.67 downloading imagick-3.5.1.tgz ... #5 14.67 Starting to download imagick-3.5.1.tgz (301,411 bytes) #5 14.78 .............................................................done: 301,411 bytes #5 16.46 33 source files, building #5 16.46 running: phpize #5 16.47 Configuring for: #5 16.47 PHP Api Version: 20200930 #5 16.47 Zend Module Api No: 20200930 #5 16.47 Zend Extension Api No: 420200930 #5 16.79 configure.ac:18: warning: $as_echo is obsolete; use AS_ECHO(["message"]) instead #5 16.79 build/php.m4:2072: PHP_CONFIG_NICE is expanded from... #5 16.79 configure.ac:18: the top level #5 16.79 configure.ac:161: warning: The macro `AC_LANG_C' is obsolete. #5 16.79 configure.ac:161: You should run autoupdate. #5 16.79 ./lib/autoconf/c.m4:72: AC_LANG_C is expanded from... #5 16.79 build/libtool.m4:2728: _LT_AC_LANG_C_CONFIG is expanded from... #5 16.79 build/libtool.m4:2727: AC_LIBTOOL_LANG_C_CONFIG is expanded from... #5 16.79 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.79 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.79 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.79 configure.ac:161: the top level #5 16.79 configure.ac:161: warning: The macro `AC_LANG_C' is obsolete. #5 16.79 configure.ac:161: You should run autoupdate. #5 16.79 ./lib/autoconf/c.m4:72: AC_LANG_C is expanded from... #5 16.79 lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from... #5 16.79 lib/m4sugar/m4sh.m4:699: AS_IF is expanded from... #5 16.79 ./lib/autoconf/general.m4:2249: AC_CACHE_VAL is expanded from... #5 16.79 ./lib/autoconf/general.m4:2270: AC_CACHE_CHECK is expanded from... #5 16.79 build/libtool.m4:561: _LT_AC_LOCK is expanded from... #5 16.79 build/libtool.m4:1185: AC_LIBTOOL_SYS_HARD_LINK_LOCKS is expanded from... #5 16.79 build/libtool.m4:2728: _LT_AC_LANG_C_CONFIG is expanded from... #5 16.79 build/libtool.m4:2727: AC_LIBTOOL_LANG_C_CONFIG is expanded from... #5 16.79 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.79 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.79 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.79 configure.ac:161: the top level #5 16.79 configure.ac:161: warning: The macro `AC_TRY_LINK' is obsolete. #5 16.79 configure.ac:161: You should run autoupdate. #5 16.80 ./lib/autoconf/general.m4:2920: AC_TRY_LINK is expanded from... #5 16.80 lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from... #5 16.80 lib/m4sugar/m4sh.m4:699: AS_IF is expanded from... #5 16.80 ./lib/autoconf/general.m4:2249: AC_CACHE_VAL is expanded from... #5 16.80 ./lib/autoconf/general.m4:2270: AC_CACHE_CHECK is expanded from... #5 16.80 build/libtool.m4:561: _LT_AC_LOCK is expanded from... #5 16.80 build/libtool.m4:1185: AC_LIBTOOL_SYS_HARD_LINK_LOCKS is expanded from... #5 16.80 build/libtool.m4:2728: _LT_AC_LANG_C_CONFIG is expanded from... #5 16.80 build/libtool.m4:2727: AC_LIBTOOL_LANG_C_CONFIG is expanded from... #5 16.80 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.80 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.80 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.80 configure.ac:161: the top level #5 16.80 configure.ac:161: warning: back quotes and double quotes must not be escaped in: $as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe #5 16.80 build/libtool.m4:1185: AC_LIBTOOL_SYS_HARD_LINK_LOCKS is expanded from... #5 16.80 build/libtool.m4:2728: _LT_AC_LANG_C_CONFIG is expanded from... #5 16.80 build/libtool.m4:2727: AC_LIBTOOL_LANG_C_CONFIG is expanded from... #5 16.80 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.80 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.80 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.80 configure.ac:161: the top level #5 16.80 configure.ac:161: warning: back quotes and double quotes must not be escaped in: $as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe #5 16.80 build/libtool.m4:1185: AC_LIBTOOL_SYS_HARD_LINK_LOCKS is expanded from... #5 16.80 build/libtool.m4:2728: _LT_AC_LANG_C_CONFIG is expanded from... #5 16.80 build/libtool.m4:2727: AC_LIBTOOL_LANG_C_CONFIG is expanded from... #5 16.80 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.80 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.80 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.80 configure.ac:161: the top level #5 16.80 configure.ac:161: warning: back quotes and double quotes must not be escaped in: $as_me:${as_lineno-$LINENO}: WARNING: output file \`$ofile' does not exist #5 16.80 build/libtool.m4:1918: _LT_AC_TAGCONFIG is expanded from... #5 16.80 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.80 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.80 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.80 configure.ac:161: the top level #5 16.80 configure.ac:161: warning: back quotes and double quotes must not be escaped in: $as_me: WARNING: output file \`$ofile' does not exist #5 16.80 build/libtool.m4:1918: _LT_AC_TAGCONFIG is expanded from... #5 16.80 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.80 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.80 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.80 configure.ac:161: the top level #5 16.80 configure.ac:161: warning: back quotes and double quotes must not be escaped in: $as_me:${as_lineno-$LINENO}: WARNING: output file \`$ofile' does not look like a libtool script #5 16.80 build/libtool.m4:1918: _LT_AC_TAGCONFIG is expanded from... #5 16.80 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.80 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.80 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.80 configure.ac:161: the top level #5 16.80 configure.ac:161: warning: back quotes and double quotes must not be escaped in: $as_me: WARNING: output file \`$ofile' does not look like a libtool script #5 16.80 build/libtool.m4:1918: _LT_AC_TAGCONFIG is expanded from... #5 16.80 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.80 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.80 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.80 configure.ac:161: the top level #5 16.80 configure.ac:161: warning: back quotes and double quotes must not be escaped in: $as_me:${as_lineno-$LINENO}: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile' #5 16.80 build/libtool.m4:1918: _LT_AC_TAGCONFIG is expanded from... #5 16.80 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.80 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.80 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.80 configure.ac:161: the top level #5 16.80 configure.ac:161: warning: back quotes and double quotes must not be escaped in: $as_me: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile' #5 16.80 build/libtool.m4:1918: _LT_AC_TAGCONFIG is expanded from... #5 16.80 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.80 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.80 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.80 configure.ac:161: the top level #5 16.80 configure.ac:161: warning: back quotes and double quotes must not be escaped in: tag name \"$tagname\" already exists #5 16.80 build/libtool.m4:1918: _LT_AC_TAGCONFIG is expanded from... #5 16.80 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.80 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.80 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.80 configure.ac:161: the top level #5 16.80 configure.ac:161: warning: The macro `AC_LANG_CPLUSPLUS' is obsolete. #5 16.80 configure.ac:161: You should run autoupdate. #5 16.80 ./lib/autoconf/c.m4:262: AC_LANG_CPLUSPLUS is expanded from... #5 16.80 build/libtool.m4:2810: _LT_AC_LANG_CXX_CONFIG is expanded from... #5 16.80 build/libtool.m4:2809: AC_LIBTOOL_LANG_CXX_CONFIG is expanded from... #5 16.80 build/libtool.m4:1918: _LT_AC_TAGCONFIG is expanded from... #5 16.80 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.80 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.80 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.80 configure.ac:161: the top level #5 16.80 configure.ac:161: warning: back quotes and double quotes must not be escaped in: $as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe #5 16.80 build/libtool.m4:1185: AC_LIBTOOL_SYS_HARD_LINK_LOCKS is expanded from... #5 16.80 build/libtool.m4:2810: _LT_AC_LANG_CXX_CONFIG is expanded from... #5 16.80 build/libtool.m4:2809: AC_LIBTOOL_LANG_CXX_CONFIG is expanded from... #5 16.80 build/libtool.m4:1918: _LT_AC_TAGCONFIG is expanded from... #5 16.80 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.80 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.80 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.80 configure.ac:161: the top level #5 16.80 configure.ac:161: warning: back quotes and double quotes must not be escaped in: $as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe #5 16.80 build/libtool.m4:1185: AC_LIBTOOL_SYS_HARD_LINK_LOCKS is expanded from... #5 16.80 build/libtool.m4:2810: _LT_AC_LANG_CXX_CONFIG is expanded from... #5 16.80 build/libtool.m4:2809: AC_LIBTOOL_LANG_CXX_CONFIG is expanded from... #5 16.80 build/libtool.m4:1918: _LT_AC_TAGCONFIG is expanded from... #5 16.80 build/libtool.m4:70: AC_LIBTOOL_SETUP is expanded from... #5 16.80 build/libtool.m4:52: _AC_PROG_LIBTOOL is expanded from... #5 16.80 build/libtool.m4:39: AC_PROG_LIBTOOL is expanded from... #5 16.80 configure.ac:161: the top level #5 17.27 Please provide the prefix of ImageMagick installation [autodetect] : building in /tmp/pear/temp/pear-build-defaultuserFJdAoC/imagick-3.5.1 #5 17.27 running: /tmp/pear/temp/imagick/configure --with-php-config=/usr/local/bin/php-config --with-imagick #5 17.36 checking for grep that handles long lines and -e... /bin/grep #5 17.36 checking for egrep... /bin/grep -E #5 17.36 checking for a sed that does not truncate output... /bin/sed #5 17.37 checking for pkg-config... /usr/bin/pkg-config #5 17.37 checking pkg-config is at least version 0.9.0... yes #5 17.37 checking for cc... cc #5 17.44 checking whether the C compiler works... yes #5 17.44 checking for C compiler default output file name... a.out #5 17.48 checking for suffix of executables... #5 17.51 checking whether we are cross compiling... no #5 17.53 checking for suffix of object files... o #5 17.55 checking whether the compiler supports GNU C... yes #5 17.58 checking whether cc accepts -g... yes #5 17.64 checking for cc option to enable C11 features... none needed #5 17.66 checking how to run the C preprocessor... cc -E #5 17.70 checking for icc... no #5 17.71 checking for suncc... no #5 17.71 checking for system library directory... lib #5 17.72 checking if compiler supports -R... no #5 17.75 checking if compiler supports -Wl,-rpath,... yes #5 17.80 checking build system type... x86_64-pc-linux-musl #5 17.80 checking host system type... x86_64-pc-linux-musl #5 17.80 checking target system type... x86_64-pc-linux-musl #5 17.88 checking for PHP prefix... /usr/local #5 17.88 checking for PHP includes... -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/ date/lib #5 17.88 checking for PHP extension directory... /usr/local/lib/php/extensions/no-debug-non-zts-20200930 #5 17.88 checking for PHP installed headers prefix... /usr/local/include/php #5 17.89 checking if debug is enabled... no #5 17.91 checking if zts is enabled... no #5 17.91 checking for gawk... no #5 17.91 checking for nawk... no #5 17.91 checking for awk... awk #5 17.91 checking if awk is broken... no #5 17.91 checking whether to enable the imagick extension... yes, shared #5 17.91 checking for pkg-config... /usr/bin/pkg-config #5 17.91 checking ImageMagick MagickWand API configuration program... checking Testing /usr/local/bin/MagickWand-config... Doesn't exist #5 17.91 checking Testing /usr/bin/MagickWand-config... It exists #5 17.91 found in /usr/bin/MagickWand-config #5 17.91 checking if ImageMagick version is at least 6.2.4... found version 7.0.11-13 Q16 HDRI #5 17.92 checking for MagickWand.h or magick-wand.h header... user location /usr/include/ImageMagick-7/MagickWand/MagickWand.h #5 17.92 checking PHP version is at least 5.3.2... yes. found 8.0.10 #5 17.92 libs #5 17.92 -lMagickWand-7.Q16HDRI -lMagickCore-7.Q16HDRI #5 17.92 #5 17.92 #5 17.99 checking for MagickGetVersion... yes #5 18.01 checking omp_pause_resource_all usability... yes #5 18.05 checking Which flavour of OpenMP to link... checking for omp_pause_resource_all... no #5 18.08 checking for __omp_pause_resource_all... no #5 18.12 checking for omp_pause_resource_all in -lgomp... yes #5 18.17 GCC flavoured OpenMP #5 18.18 checking for a sed that does not truncate output... /bin/sed #5 18.20 checking for ld used by cc... /usr/x86_64-alpine-linux-musl/bin/ld #5 18.20 checking if the linker (/usr/x86_64-alpine-linux-musl/bin/ld) is GNU ld... yes #5 18.20 checking for /usr/x86_64-alpine-linux-musl/bin/ld option to reload object files... -r #5 18.20 checking for BSD-compatible nm... /usr/bin/nm -B #5 18.20 checking whether ln -s works... yes #5 18.20 checking how to recognize dependent libraries... pass_all #5 18.24 checking for stdio.h... yes #5 18.26 checking for stdlib.h... yes #5 18.28 checking for string.h... yes #5 18.30 checking for inttypes.h... yes #5 18.32 checking for stdint.h... yes #5 18.34 checking for strings.h... yes #5 18.36 checking for sys/stat.h... yes #5 18.39 checking for sys/types.h... yes #5 18.41 checking for unistd.h... yes #5 18.43 checking for dlfcn.h... yes #5 18.43 checking the maximum length of command line arguments... 98304 #5 18.49 checking command to parse /usr/bin/nm -B output from cc object... ok #5 18.49 checking for objdir... .libs #5 18.49 checking for ar... ar #5 18.49 checking for ranlib... ranlib #5 18.49 checking for strip... strip #5 18.59 checking if cc supports -fno-rtti -fno-exceptions... no #5 18.59 checking for cc option to produce PIC... -fPIC #5 18.61 checking if cc PIC flag -fPIC works... yes #5 18.65 checking if cc static flag -static works... yes #5 18.68 checking if cc supports -c -o file.o... yes #5 18.70 checking whether the cc linker (/usr/x86_64-alpine-linux-musl/bin/ld -m elf_x86_64) supports shared libraries... yes #5 18.75 checking whether -lc should be explicitly linked in... no #5 18.76 checking dynamic linker characteristics... GNU/Linux ld.so #5 18.76 checking how to hardcode library paths into programs... immediate #5 18.76 checking whether stripping libraries is possible... yes #5 18.76 checking if libtool supports shared libraries... yes #5 18.76 checking whether to build shared libraries... yes #5 18.76 checking whether to build static libraries... no #5 18.82 #5 18.82 creating libtool #5 18.85 appending configuration tag "CXX" to libtool #5 18.90 configure: patching config.h.in #5 18.91 configure: creating ./config.status #5 18.94 config.status: creating config.h #5 19.03 running: make #5 19.03 /bin/sh /tmp/pear/temp/pear-build-defaultuserFJdAoC/imagick-3.5.1/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -I/tmp/pear/temp/pear-build-defaultuserFJdAoC/imagick-3.5.1/include -I/tmp/pear/t emp/pear-build-defaultuserFJdAoC/imagick-3.5.1/main -I/tmp/pear/temp/imagick -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/includ e/php/ext -I/usr/local/include/php/ext/date/lib -I/usr/include/ImageMagick-7 -DHAVE_CONFIG_H -g -O2 -I/usr/include/ImageMagick-7 -DMAGICKCORE_HDRI_ENABLE=1 -DMAGICKCORE_QUANTUM_DEPTH=16 -c /tmp/pear/temp/im agick/imagick_file.c -o imagick_file.lo #5 19.03 make: /bin/sh: Operation not permitted #5 19.03 make: *** [Makefile:209: imagick_file.lo] Error 127 #5 19.05 ERROR: `make' failed ------ error: failed to solve: executor failed running [/bin/sh -c set -ex && apk update && apk add --no-cache --update $PHPIZE_DEPS imagemagick libgomp imagemagick-dev && pecl install imagick-3.5.1 && docker-php-ext-enable imagick]: buildkit-runc did not terminate successfully ```

[Hello71]

@mmachatschek thank you for providing the information. you're not using any sort of nested Docker/dind? it also seems that you've enabled buildkit somewhere. can you try overriding it with DOCKER_BUILDKIT=0 docker build -f Dockerfile .?

[mmachatschek]

@Hello71 Executing docker build without buildkit didn't work for me so I reinstalled docker. After reinstalling I was able to execute docker build issues.

Before reinstalling I turned of the experimental mode with the same result.

Now I installed docker with rootless mode and it started working with the 3.14 alpine release. The difference in the docker info output is that the apparmour security option is gone (I don't know if apparmour is not installed with rootless mode).

docker info output:

``` Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.6.1-docker) scan: Docker Scan (Docker Inc., v0.8.0) Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 4 Server Version: 20.10.8 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: false userxattr: true Logging Driver: json-file Cgroup Driver: none Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: e25210fe30a0a703442421b0f60afac609f950a3 runc version: v1.0.1-0-g4144b63 init version: de40ad0 Security Options: seccomp Profile: default rootless Kernel Version: 5.11.0-27-generic Operating System: Ubuntu 20.04.3 LTS OSType: linux Architecture: x86_64 CPUs: 6 Total Memory: 31.25GiB Name: pc ID: YQBO:LPZS:SSB4:7KAD:4CKU:AYZC:DCZU:LAAT:MQQ5:LFSH:UUWP:D6H5 Docker Root Dir: /home/owner/.local/share/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false ```

[ncopa]

I wonder if it would make more sense to ask docker community for help fixing this. The bug is in docker and libseccomp and is triggered by any use of faccess2(2) regardless of distro.

I suggest that we close this issue unless there are any specific ideas what we can do to fix it on the Alpine side.

[AndrewSav]

Just on the off chance, someone has a similar situation like me: I also experienced this issue, when Docker (on linux) was latest version, and libseccomp and scmp_sys_resolver faccessat2 returned 439. In my case the issue was that I had a rogue very old runc in /usr/local/bin that was used instead of the correct one in /usr/bin. Once I deleted it, it started working.

On this note, the instructions on that wiki seem inaccurate, it's not "at least one of the following". runc had to be the correct version to work. Even with the up-to-date docker it failed with an older runc.

[jikunbupt]

I use Alpine with version 3.15.4，also met this problem。But when I use docker desktop which docker version is 20.10.14，this problem is not reproduced。so，you can try this method。

[thediveo]

Okay folks, Docker 24.0.2, runc 1.1.7, libseccomp 2.5.4 ... so this should pass, right?

Alpine images: 3.17, 3.18

Except, it doesn't: doas throws up with "doas: Operation not permitted". And yes, the syscall is there. How to deal with this?