search

containers / buildah

A tool that facilitates building OCI images.
https://buildah.io
Apache License 2.0
7.28k stars 769 forks source link

`podman build`: "error running container: error from /usr/bin/crun creating container", when no DBUS session #4293

Open kousu opened 1 year ago

kousu commented 1 year ago

Description

podman build depends on having a $DBUS_SESSION_BUS_ADDRESS, perhaps even one pointed at systemd, and if it's missing then builds fail.

But podman run works. I can perform all the steps in my Containerfile manually, translating FROM image:version to podman run --rm -it image:version and RUN XYZ to XYZ and COPY ... to podman cp ..., and a final podman commit. This accomplishes the same thing as podman build would have, but without needing to touch DBUS.

It would be nice if buildah could also be isolated from DBUS.

Steps to reproduce the issue:

  1. Run sudo systemctl mask user@ (motivated by systemd incompatibilities with network homes).

    This will give make the target of $DBUS_SESSION_BUS_ADDRESS unresponsive (if you reboot, too, then it will simply be unset).

    Running startx instead can provoke the same effect.

  2. cd $(mktemp -d)

  3. Create this file:

    cat >Containerfile <<EOF
FROM ubuntu:22.04
RUN ls -la
EOF
  4. podman build -t b0rk .

Describe the results you received:

root@joplin:~# systemctl mask user@
Created symlink /etc/systemd/system/user@.service -> /dev/null.
root@joplin:~# reboot
p115628@joplin:~$ env | grep DBUS
p115628@joplin:~$ cd $(mktemp -d)
p115628@joplin:/tmp/tmp.fMM9dsI55A$ cat >Containerfile <<EOF
FROM ubuntu:22.04
RUN ls -la
EOF
p115628@joplin:/tmp/tmp.fMM9dsI55A$ podman build -t b0rk .
WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available 
WARN[0000] For using systemd, you may need to login using an user session 
WARN[0000] Alternatively, you can enable lingering with: `loginctl enable-linger 37273` (possibly as root) 
WARN[0000] Falling back to --cgroup-manager=cgroupfs    
WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available 
WARN[0000] For using systemd, you may need to login using an user session 
WARN[0000] Alternatively, you can enable lingering with: `loginctl enable-linger 37273` (possibly as root) 
WARN[0000] Falling back to --cgroup-manager=cgroupfs    
STEP 1/2: FROM ubuntu:22.04
STEP 2/2: RUN ls -la
error running container: error from /usr/bin/crun creating container for [/bin/sh -c ls -la]: sd-bus call: Input/output error
: exit status 1
Error: error building at STEP "RUN ls -la": error while running runtime: exit status 1
WARN[0001] Failed to add pause process to systemd sandbox cgroup: Process org.freedesktop.systemd1 exited with status 1

But doing the equivalent steps with podman run/podman exec is fine, except for some warnings, but those don't stop it building a working image.

Workaround using podman exec ``` p115628@joplin:/tmp/tmp.C9om2kPwbS$ CONTAINER=$(podman run --rm -d -it ubuntu:22.04) WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: `loginctl enable-linger 37273` (possibly as root) WARN[0000] Falling back to --cgroup-manager=cgroupfs p115628@joplin:/tmp/tmp.C9om2kPwbS$ podman exec -it $CONTAINER ls -la WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: `loginctl enable-linger 37273` (possibly as root) WARN[0000] Falling back to --cgroup-manager=cgroupfs total 52 dr-xr-xr-x 17 root root 4096 Sep 26 03:01 . lrwxrwxrwx 1 root root 7 Mar 15 2022 bin -> usr/bin drwxr-xr-x 2 root root 4096 Nov 8 2021 boot drwxr-xr-x 5 root root 360 Sep 26 03:01 dev drwxr-xr-x 31 root root 4096 Sep 26 03:01 etc drwxr-xr-x 2 root root 4096 Nov 8 2021 home lrwxrwxrwx 1 root root 7 Mar 15 2022 lib -> usr/lib lrwxrwxrwx 1 root root 9 Mar 15 2022 lib32 -> usr/lib32 lrwxrwxrwx 1 root root 9 Mar 15 2022 lib64 -> usr/lib64 lrwxrwxrwx 1 root root 10 Mar 15 2022 libx32 -> usr/libx32 drwxr-xr-x 2 root root 4096 Mar 15 2022 media drwxr-xr-x 2 root root 4096 Mar 15 2022 mnt drwxr-xr-x 2 root root 4096 Mar 15 2022 opt dr-xr-xr-x 1399 nobody nogroup 0 Sep 26 03:01 proc drwx------ 2 root root 4096 Mar 15 2022 root drwxr-xr-x 5 root root 4096 Sep 26 03:01 run lrwxrwxrwx 1 root root 8 Mar 15 2022 sbin -> usr/sbin drwxr-xr-x 2 root root 4096 Mar 15 2022 srv dr-xr-xr-x 13 nobody nogroup 0 Sep 26 03:01 sys drwxrwxrwt 2 root root 4096 Mar 15 2022 tmp drwxr-xr-x 14 root root 4096 Mar 15 2022 usr drwxr-xr-x 11 root root 4096 Mar 15 2022 var p115628@joplin:/tmp/tmp.C9om2kPwbS$ podman commit $CONTAINER b0rk WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: `loginctl enable-linger 37273` (possibly as root) WARN[0000] Falling back to --cgroup-manager=cgroupfs Getting image source signatures Copying blob 7814f64ddf5b skipped: already exists Copying blob e2c59928cf65 done Copying config 88045d45ce done Writing manifest to image destination Storing signatures 88045d45cea43a8b24d06200900cd5cdb0987619f495770874e85be1bdddb7c6 p115628@joplin:/tmp/tmp.C9om2kPwbS$ podman stop $CONTAINER WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: `loginctl enable-linger 37273` (possibly as root) WARN[0000] Falling back to --cgroup-manager=cgroupfs d3f54040df100a6e0a4f345a5782edf08124e25f2e0de7ea6ede26057b43f18a p115628@joplin:/tmp/tmp.C9om2kPwbS$ podman images WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: `loginctl enable-linger 37273` (possibly as root) WARN[0000] Falling back to --cgroup-manager=cgroupfs REPOSITORY TAG IMAGE ID CREATED SIZE localhost/b0rk latest 88045d45cea4 20 seconds ago 80.5 MB docker.io/library/ubuntu 22.04 5ccefbfc0416 6 months ago 80.5 MB ```

Describe the results you expected:

If I

root@joplin:~# systemctl unmask user@
Removed /etc/systemd/system/user@.service.

then log out and back in again, the build succeeds:

p115628@joplin:~$ env | grep DBUS
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/37273/bus
p115628@joplin:~$  cd $(mktemp -d)
p115628@joplin:/tmp/tmp.6kEn0V0iJf$ cat >Containerfile <<EOF
FROM ubuntu:22.04
RUN ls -la
EOF
p115628@joplin:/tmp/tmp.6kEn0V0iJf$ podman build -t b0rk .
STEP 1/2: FROM ubuntu:22.04
STEP 2/2: RUN ls -la
total 52
dr-xr-xr-x   17 root   root    4096 Sep 26 02:45 .
lrwxrwxrwx    1 root   root       7 Mar 15  2022 bin -> usr/bin
drwxr-xr-x    2 root   root    4096 Nov  8  2021 boot
drwxr-xr-x    5 root   root     340 Sep 26 02:45 dev
drwxr-xr-x   31 root   root    4096 Sep 26 02:45 etc
drwxr-xr-x    2 root   root    4096 Nov  8  2021 home
lrwxrwxrwx    1 root   root       7 Mar 15  2022 lib -> usr/lib
lrwxrwxrwx    1 root   root       9 Mar 15  2022 lib32 -> usr/lib32
lrwxrwxrwx    1 root   root       9 Mar 15  2022 lib64 -> usr/lib64
lrwxrwxrwx    1 root   root      10 Mar 15  2022 libx32 -> usr/libx32
drwxr-xr-x    2 root   root    4096 Mar 15  2022 media
drwxr-xr-x    2 root   root    4096 Mar 15  2022 mnt
drwxr-xr-x    2 root   root    4096 Mar 15  2022 opt
dr-xr-xr-x 1255 nobody nogroup    0 Sep 26 02:45 proc
drwx------    2 root   root    4096 Mar 15  2022 root
drwxr-xr-x    5 root   root    4096 Sep 26 02:45 run
lrwxrwxrwx    1 root   root       8 Mar 15  2022 sbin -> usr/sbin
drwxr-xr-x    2 root   root    4096 Mar 15  2022 srv
dr-xr-xr-x   13 nobody nogroup    0 Sep 26 02:02 sys
drwxrwxrwt    2 root   root    4096 Mar 15  2022 tmp
drwxr-xr-x   14 root   root    4096 Mar 15  2022 usr
drwxr-xr-x   11 root   root    4096 Mar 15  2022 var
COMMIT b0rk
--> 8897721d9ca
Successfully tagged localhost/b0rk:latest
8897721d9ca219ad8d2ee4483a3fbe546ac069080845d3c89afc99bac95e9423

I'd like the build to succeed whether or not I have user@.service masked; or whether or not the Desktop Environment/startx/gdm has started its own DBUS session (https://github.com/containers/podman/issues/13429).

Output of rpm -q buildah or apt list buildah:

buildah/jammy,now 1.23.1+ds1-2 amd64 [installed]

Output of buildah version:

Version:         1.23.1
Go Version:      go1.17
Image Spec:      1.0.1
Runtime Spec:    1.0.2-dev
CNI Spec:        0.4.0
libcni Version:  
image Version:   5.16.0
Git Commit:      
Built:           Wed Dec 31 19:00:00 1969
OS/Arch:         linux/amd64
BuildPlatform:   linux/amd64

Output of podman version if reporting a podman build issue:

Version:      3.4.4
API Version:  3.4.4
Go Version:   go1.17.3
Built:        Wed Dec 31 19:00:00 1969
OS/Arch:      linux/amd64

*Output of `cat /etc/release`:**

PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

Output of uname -a:

Linux joplin.example.com 5.15.0-47-generic #51-Ubuntu SMP Thu Aug 11 07:51:15 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Output of cat /etc/containers/storage.conf:

cat: /etc/containers/storage.conf: No such file or directory
github-actions[bot] commented 1 year ago

A friendly reminder that this issue had no activity for 30 days.