Closed akhilerm closed 4 months ago
But if I am using nerdctl to do the build, both runc and crun works fine. Not sure if it's a buildx or cli issue, couldnt trace the code part that does this.
I think neither; docker/cli
is not handling build on the client side (which is delegated to buildx), and buildx
is only the client; the code related to this is in BuildKit, but it's assuming runc
is the actual OCI runtime in this case, so it likely assumes that the runc
binary provides the --keep
flag. https://github.com/moby/buildkit/blob/51d85d712fad213cd10ac362b18c0a5aab909923/executor/runcexecutor/executor_linux.go#L24-L30
func (w *runcExecutor) run(ctx context.Context, id, bundle string, process executor.ProcessInfo, started func(), keep bool) error {
killer := newRunProcKiller(w.runc, id)
return w.callWithIO(ctx, process, started, killer, func(ctx context.Context, started chan<- int, io runc.IO, pidfile string) error {
extraArgs := []string{}
if keep {
extraArgs = append(extraArgs, "--keep")
}
In your case, crun
is aliased as runc
, so it'll likely still assume it's an actual runc
binary, or a binary with the same ABI. Not sure if it does any feature detection though (and depending on that could set the keep
options or not set it)
I see there was a ticket for this in the BuildKit repository;
And it looks like crun
had a ticket for this, and crun
1.15 added support for the --keep
option; https://github.com/containers/crun/releases/tag/1.15
Thank you for the details. I hadnt checked the buildkit repository for the code. Yep, and the latest crun
fixes this issue. My bad didnt update to that version.
q: Other than aliasing, is there a way to specify to buildx
to use crun
instead of runc
?
q: Other than aliasing, is there a way to specify to buildx to use crun instead of runc?
For the default BuildKit builder built in to the docker daemon, there's not currently an option for that.
Well, there IS an option, but it's currently a temporary one (see https://github.com/moby/moby/pull/47563), so I don't recommend depending on that (as it will go away) we do have an internal tracking ticket to see if we can provide a permanent configuration option for that, but that's not there (yet).
I'm curious though what nerdctl
did to make this work without having to update crun
to a version that supports the --keep
option; it's possible that it's not using the runc
executor, but instead uses the containerd
executor. Perhaps @AkihiroSuda knows from the top of his head.
Description
Using the following Dockerfile
crun
But if I am using
nerdctl
to do the build, bothrunc
andcrun
works fine. Not sure if its abuildx
orcli
issue, couldnt trace the code part that does this.Reproduce
runc
binary withcrun
. (crun binary should also be renamed runc)Expected behavior
docker build
should succeed.docker version
docker version
withcrun
docker info
Additional Info