search

cloudfoundry / cf-for-k8s

The open source deployment manifest for Cloud Foundry on Kubernetes
Apache License 2.0
301 stars 115 forks source link

starting container process caused: exec: /cnb/lifecycle/detector: stat /cnb/lifecycle/detector: permission denied #685

Open lomori opened 2 years ago

lomori commented 2 years ago

Describe the bug

I'm following the KPack tutorial but getting the error in the title. I'm trying to build an image from my own Java code.

Error starting container process caused: exec: /cnb/lifecycle/detector: stat /cnb/lifecycle/detector: permission denied

To Reproduce

Follow steps from tutorial: https://github.com/pivotal/kpack/blob/main/docs/tutorial.md

Expected behavior

docker image successfully built.

Additional context

This is similar to issue #666, however I don't have anything special configured in my cluster. PSP is disabled.

In fact, I tried to debug the issue and found that the init detector is configured to run as user 1000 but the directory /cnb/lifecycle belongs to root and only root can traverse it so user cnb/1000 will never be able to run anything under that subdirectory.

cf-for-k8s SHA

Release 0.3.1

Cluster information

Rancher 2.5.8 / Kubernetes 1.20.6 / Network: Weave / PSP Support: disabled

cf-gitbot commented 2 years ago

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/179437266

The labels on this github issue will be updated when the story is started.