Error when running with unshare (`lchown /run/user/1000/containerd-mount843278575/run/lock/lockdev: invalid argument\n"`)

[shevelevs]

When running buildkit with unshare -U -r -m buildkitd ... the builds are erroring out:

time="2021-11-12T03:16:58Z" level=error msg="/moby.buildkit.v1.Control/Solve returned error: rpc error: code = Unknown desc = failed to compute cache key: mount callback failed on /run/user/1000/containerd-mount843278575: lchown /run/user/1000/containerd-mount843278575/run/lock/lockdev: invalid argument\n"

Sam setup doesn't fail when running by rootlesskit. We can't use rootlesskit because it's executing new[gu]idmap which requires SET[GU]ID capabilities on the file which is not working with no-new-privileges docker option. Is there anything missing in the unshare above that buildkit needs?

[AkihiroSuda]

lchown /run/user/1000/containerd-mount843278575/run/lock/lockdev: invalid argument\n"

This chown fails because you don’t have subuids. (And you can’t get subuids with no-new-privileges mode) Probably we should have an option to ignore the chown error and set xattr instead. https://github.com/rootless-containers/proto https://github.com/rootless-containers/subuidless