Closed calvarado2004 closed 1 month ago
@calvarado2004 what script are you referring to? You should not need to run docker scripts when using github actions runners.
Here, trying to build yocto for first time, using the container. https://github.com/cu-ecen-aeld/assignment-6-calvarado2004/actions/runs/10675687455
I also tried with podman-desktop with the same result.
Are you running the actions runners as root? If so, don't, make sure you are running with a user account in the docker group.
No, when running the container the directory /home/carlos/yocto-runner/_work/assignment-6-calvarado2004/assignment-6-calvarado2004 belongs to me (carlos is uid 1000) at Host OS level.
carlos@asus-tuf:~/yocto-runner$ ls -ld /home/carlos/yocto-runner/_work/assignment-6-calvarado2004/assignment-6-calvarado2004 drwxr-xr-x. 8 carlos carlos 4096 Sep 3 00:18 /home/carlos/yocto-runner/_work/assignment-6-calvarado2004/assignment-6-calvarado2004
However, running the container with the volume mounts the directory with root ownership, that triggers the issue with the directory ownership on the script. As far I remember, that is the default behavior or a bind mount, it belongs to root. Even when running on containers with non-root users.
carlos@asus-tuf:~/yocto-runner$ docker run --rm -it -v /home/carlos/yocto-runner/_work/assignment-6-calvarado2004/assignment-6-calvarado2004:/workdir --user 1000:1000 ubuntu ls -ld /workdir drwxr-xr-x 8 root ubuntu 4096 Sep 3 04:18 /workdir
According to this https://github.com/crops/poky-container/issues/40#issuecomment-635556165 we have to omit the --workdir option on the docker run command to make it work.
The problem is that both podman and docker desktop enables userns remap by default in Linux, and on top we still have that issue with workdir, which is a problem only on that specific container (it performs checks with a Python script).
So just to confirm and make sure I understand the issue... can you reproduce with this simple command, running as your local user account?
mkdir foo
docker run --rm -it -v $(pwd)/foo:/workdir cuaesd/aesd-autotest:assignment6-yocto --workdir=/workdir
If so, do you see the same error substituting any of the containers at https://hub.docker.com/r/crops/poky/tags instead of cuaesd/aesd-autotest:assignment6-yocto
? For example:
docker run --rm -it -v $(pwd)/foo:/workdir crops/poky:fedora-40 --workdir=/workdir
Here's ls -la of /workdir
for me on Ubuntu 22.04 and 20.04 hosts
dan@dan-tr:~$ docker run --rm -it -v $(pwd)/foo:/workdir cuaesd/aesd-autotest:assignment6-yocto --workdir=/workdir ls -la /workdir
total 8
drwxrwxr-x 2 pokyuser pokyuser 4096 Sep 3 15:40 .
drwxr-xr-x 1 root root 4096 Sep 3 15:52 ..
Also for reference, here's the docker version on 22.04:
dan@dan-tr:~$ docker --version
Docker version 20.10.21, build baeda1f
The problem is that both podman and docker desktop enables userns remap by default in Linux
This is presumably for a specific docker version used on fedora-40 after 20.10.21?
Have you attempted to disable userns remap in either /etc/docker/daemon.json
by passing --userns=host
to the run command?
Yes, and the problem also occurs on MacOS. Well, is actually not a problem, is the intended security configuration for modern Docker/Podman/Containerd, it reduces the vector of attack, even if someone gains root access on a container, is not the real root. The thing is that the image got left behind on that.
Mac M1
carlosalvaradomartinez@macbook-pro ~ % mkdir foo docker run --rm -it -v $(pwd)/foo:/workdir cuaesd/aesd-autotest:assignment6-yocto --workdir=/workdir WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested The uid:gid for "/workdir" is "0:0". The uid and gid must be non-zero. Please check to make sure the "volume" or "bind" specified using either "-v" or "--mount" to docker, exists and has a non-zero uid:gid.
In Windows is just a layer in between, the subsystem for Linux at the end of the day is not a real full Unix-like OS, it transforms the calls.
The results above from Ubuntu are on a physical Linux machine, not WSL.
I use docker-desktop, the official application from Docker (the company)
carlos@asus-tuf:~$ mkdir foo
docker run --rm -it -v $(pwd)/foo:/workdir cuaesd/aesd-autotest:assignment6-yocto --workdir=/workdir
The uid:gid for "/workdir" is "0:0". The uid and gid must be non-zero. Please check to make sure the "volume" or "bind" specified using either "-v" or "--mount" to docker, exists and has a non-zero uid:gid.
carlos@asus-tuf:~$ docker run --rm -it -v $(pwd)/foo:/workdir crops/poky:fedora-40 --workdir=/workdir
Unable to find image 'crops/poky:fedora-40' locally
fedora-40: Pulling from crops/poky
a2700874f546: Download complete
f7bb57d05c2a: Download complete
85f75646daa3: Download complete
4f4fb700ef54: Download complete
a9e099a70c33: Download complete
584563da1979: Download complete
041f90ca05d5: Download complete
d0d3f3fcc690: Download complete
e44ef2354181: Download complete
9e326ae8ce2e: Download complete
07486f7ac18c: Download complete
Digest: sha256:3f126b734af560a1b5f7b763d195cb63941a9d6bdb8a3f336202daf506f0bf65
Status: Downloaded newer image for crops/poky:fedora-40
The uid:gid for "/workdir" is "0:0". The uid and gid must be non-zero. Please check to make sure the "volume" or "bind" specified using either "-v" or "--mount" to docker, exists and has a non-zero uid:gid.
carlos@asus-tuf:~$ docker run --rm -it -v $(pwd)/foo:/workdir cuaesd/aesd-autotest:assignment6-yocto --workdir=/workdir ls -la /workdir
The uid:gid for "/workdir" is "0:0". The uid and gid must be non-zero. Please check to make sure the "volume" or "bind" specified using either "-v" or "--mount" to docker, exists and has a non-zero uid:gid.
carlos@asus-tuf:~$ docker --version
Docker version 27.2.0, build 3ab4256
To install Docker on Fedora 40, follow these steps:
If you have an older version of Docker installed, it's good to remove it first to avoid any conflicts:
sudo dnf remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
Create a yum
repository for Docker:
sudo dnf install -y dnf-plugins-core
Add the Docker repository:
sudo tee /etc/yum.repos.d/docker-ce.repo <<EOF
[docker-ce-stable]
name=Docker CE Stable - \$basearch
baseurl=https://download.docker.com/linux/fedora/\$releasever/\$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
EOF
Now you can install Docker:
sudo dnf install docker-ce-* docker-ce-cli-* containerd.io
Start the Docker service and enable it to start on boot:
sudo systemctl start docker
sudo systemctl enable docker
Check that Docker is installed correctly by running:
sudo docker version
If you want to use Docker as a non-root user (which is recommended), add your user to the docker
group:
sudo usermod -aG docker $USER
Log out and log back in so that your group membership is re-evaluated.
Run a test Docker container to ensure everything is set up properly:
carlos@asus-tuf:~$ docker run --rm -it -v $(pwd)/foo:/workdir cuaesd/aesd-autotest:assignment6-yocto --workdir=/workdir ls -la /workdir
total 8
drwxr-xr-x 2 pokyuser pokyuser 4096 Sep 3 17:20 .
drwxr-xr-x 1 root root 4096 Sep 3 17:41 ..
That’s it!
Thanks, I've updated https://github.com/cu-ecen-aeld/aesd-assignments/wiki/Setting-up-Github-Actions to stress installing docker engine instead of docker desktop and added a troubleshooting section for the same.
Using docker-desktop on Fedora 40, the script fails, it sets gid and uid as 0 (root) which would require --privileged flag on the docker run command on the autotest
Run docker run --rm \ The uid:gid for "/home/carlos/yocto-runner/_work/assignment-6-calvarado2004/assignment-6-calvarado2004" is "0:0". The uid and gid must be non-zero. Please check to make sure the "volume" or "bind" specified using either "-v" or "--mount" to docker, exists and has a non-zero uid:gid.
I only have this or a Mac M1 that is even more difficult, I do not use Windows.