[0.14.1] .local/share/buildkit/runc-overlayfs/snapshots/snapshots/10/work/work: permission denied

[reimgun]

buildkit version tried: 0.14.1

Error Message:

#8 [base 1/9] FROM registry.redhat.io/ubi9/ubi-minimal:latest@sha256:a7d837b00520a32502ada85ae339e33510cdfdbc8d2ddf460cc838e12ec5fa5a
#8 resolve registry.redhat.io/ubi9/ubi-minimal:latest@sha256:a7d837b00520a32502ada85ae339e33510cdfdbc8d2ddf460cc838e12ec5fa5a 0.0s done
#8 DONE 0.0s

#9 [internal] load build context
#9 transferring context: 161B done
#9 ERROR: error from sender: open /home/jenkins/workspace/prod-images-0/at_ubi9_minimal_filebeat/.local/share/buildkit/runc-overlayfs/snapshots/snapshots/10/work/work: permission denied
------
 > [internal] load build context:
------
error: failed to solve: error from sender: open /home/jenkins/workspace/prod-images-0/at_ubi9_minimal_filebeat/.local/share/buildkit/runc-overlayfs/snapshots/snapshots/10/work/work: permission denied
7148 v0.14.1 buildkitd --oci-worker-no-process-sandbox --addr=unix:///run/user/1000/buildkit/buildkitd.sock
github.com/tonistiigi/fsutil.(*receiver).run.func2
    /src/vendor/github.com/tonistiigi/fsutil/receive.go:211
golang.org/x/sync/errgroup.(*Group).Go.func1
    /src/vendor/golang.org/x/sync/errgroup/errgroup.go:75
runtime.goexit
    /usr/local/go/src/runtime/asm_amd64.s:1650

7148 v0.14.1 buildkitd --oci-worker-no-process-sandbox --addr=unix:///run/user/1000/buildkit/buildkitd.sock
github.com/moby/buildkit/session/filesync.recvDiffCopy
    /src/session/filesync/diffcopy.go:108
github.com/moby/buildkit/session/filesync.FSSync
    /src/session/filesync/filesync.go:235
github.com/moby/buildkit/source/local.(*localSourceHandler).snapshot
    /src/source/local/source.go:264
github.com/moby/buildkit/source/local.(*localSourceHandler).Snapshot
    /src/source/local/source.go:153
github.com/moby/buildkit/solver/llbsolver/ops.(*SourceOp).Exec
    /src/solver/llbsolver/ops/source.go:108
github.com/moby/buildkit/solver.(*sharedOp).Exec.func2
    /src/solver/jobs.go:1100
github.com/moby/buildkit/util/flightcontrol.(*call[...]).run
    /src/util/flightcontrol/flightcontrol.go:122
sync.(*Once).doSlow
    /usr/local/go/src/sync/once.go:74
sync.(*Once).Do
    /usr/local/go/src/sync/once.go:65
runtime.goexit
    /usr/local/go/src/runtime/asm_amd64.s:1650

7148 v0.14.1 buildkitd --oci-worker-no-process-sandbox --addr=unix:///run/user/1000/buildkit/buildkitd.sock
github.com/moby/buildkit/solver.(*edge).execOp
    /src/solver/edge.go:979
github.com/moby/buildkit/solver/internal/pipe.NewWithFunction.func2
    /src/solver/internal/pipe/pipe.go:82
runtime.goexit
    /usr/local/go/src/runtime/asm_amd64.s:1650

7192 v0.14.1 buildctl --addr=unix:///run/user/1000/buildkit/buildkitd.sock --debug build --frontend dockerfile.v0 --local context=/home/jenkins/workspace/prod-images-0/at_ubi9_minimal_filebeat --local dockerfile=/home/jenkins/workspace/prod-images-0/at_ubi9_minimal_filebeat --opt filename=Dockerfile --metadata-file metadata.json --output type=image,"name=itmpproductshared.azurecr.io/base-images-untested/at_ubi9_minimal_filebeat:8.14.2.2,itmpproductshared.azurecr.io/base-images-untested/at_ubi9_minimal_filebeat:latest",push=true --opt build-arg:HTTP_PROXY=http://proxy.regional.devops-services.ec1.aws.aztec.cloud.allianz:8080/ --opt build-arg:http_proxy=http://proxy.regional.devops-services.ec1.aws.aztec.cloud.allianz:8080/ --opt build-arg:HTTPS_PROXY=http://proxy.regional.devops-services.ec1.aws.aztec.cloud.allianz:8080/ --opt build-arg:https_proxy=http://proxy.regional.devops-services.ec1.aws.aztec.cloud.allianz:8080/ --opt build-arg:NO_PROXY=localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,44.0.0.0/8,.allianz,.aeat.allianz.at,.svc,.cluster.local,jmp.allianz.net,cmp.allianz.net,github.developer.allianz.io --opt build-arg:no_proxy=localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,44.0.0.0/8,.allianz,.aeat.allianz.at,.svc,.cluster.local,jmp.allianz.net,cmp.allianz.net,github.developer.allianz.io --opt build-arg:PROXY_HOST=proxy.regional.devops-services.ec1.aws.aztec.cloud.allianz --opt build-arg:PROXY_PORT=8080 --opt build-arg:NONPROXYHOSTS=localhost|127.*|10.*|172.16.0.0/12|192.168.*|44.*|*.allianz|*.aeat.allianz.at|*.svc|*.cluster.local|jmp.allianz.net|cmp.allianz.net|github.developer.allianz.io
google.golang.org/grpc.(*ClientConn).Invoke
    /src/vendor/google.golang.org/grpc/call.go:35
github.com/moby/buildkit/api/services/control.(*controlClient).Solve
    /src/api/services/control/control.pb.go:2234
github.com/moby/buildkit/client.(*Client).solve.func2
    /src/client/solve.go:274
golang.org/x/sync/errgroup.(*Group).Go.func1
    /src/vendor/golang.org/x/sync/errgroup/errgroup.go:75
runtime.goexit
    /usr/local/go/src/runtime/asm_amd64.s:1650

7192 v0.14.1 buildctl --addr=unix:///run/user/1000/buildkit/buildkitd.sock --debug build --frontend dockerfile.v0 --local context=/home/jenkins/workspace/prod-images-0/at_ubi9_minimal_filebeat --local dockerfile=/home/jenkins/workspace/prod-images-0/at_ubi9_minimal_filebeat --opt filename=Dockerfile --metadata-file metadata.json --output type=image,"name=itmpproductshared.azurecr.io/base-images-untested/at_ubi9_minimal_filebeat:8.14.2.2,itmpproductshared.azurecr.io/base-images-untested/at_ubi9_minimal_filebeat:latest",push=true --opt build-arg:HTTP_PROXY=http://proxy.regional.devops-services.ec1.aws.aztec.cloud.allianz:8080/ --opt build-arg:http_proxy=http://proxy.regional.devops-services.ec1.aws.aztec.cloud.allianz:8080/ --opt build-arg:HTTPS_PROXY=http://proxy.regional.devops-services.ec1.aws.aztec.cloud.allianz:8080/ --opt build-arg:https_proxy=http://proxy.regional.devops-services.ec1.aws.aztec.cloud.allianz:8080/ --opt build-arg:NO_PROXY=localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,44.0.0.0/8,.allianz,.aeat.allianz.at,.svc,.cluster.local,jmp.allianz.net,cmp.allianz.net,github.developer.allianz.io --opt build-arg:no_proxy=localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,44.0.0.0/8,.allianz,.aeat.allianz.at,.svc,.cluster.local,jmp.allianz.net,cmp.allianz.net,github.developer.allianz.io --opt build-arg:PROXY_HOST=proxy.regional.devops-services.ec1.aws.aztec.cloud.allianz --opt build-arg:PROXY_PORT=8080 --opt build-arg:NONPROXYHOSTS=localhost|127.*|10.*|172.16.0.0/12|192.168.*|44.*|*.allianz|*.aeat.allianz.at|*.svc|*.cluster.local|jmp.allianz.net|cmp.allianz.net|github.developer.allianz.io
github.com/moby/buildkit/client.(*Client).solve.func2
    /src/client/solve.go:290
golang.org/x/sync/errgroup.(*Group).Go.func1
    /src/vendor/golang.org/x/sync/errgroup/errgroup.go:75
runtime.goexit
    /usr/local/go/src/runtime/asm_amd64.s:1650

to reproduce:

buildctl-daemonless.sh --debug build --frontend dockerfile.v0 --local context=/home/jenkins/workspace/prod-images-0/at_ubi9_minimal_filebeat --local dockerfile=/home/jenkins/workspace/prod-images-0/at_ubi9_minimal_filebeat --opt filename=Dockerfile --metadata-file metadata.json --output 'type=image,"name=****.azurecr.io/base-images-untested/at_ubi9_minimal_filebeat:8.14.2.2,*****.azurecr.io/base-images-untested/at_ubi9_minimal_filebeat:latest",push=true'

with buildkit Version 0.12.5 all is working perfectly fine.

[AkihiroSuda]

Was it working in v0.14.0?

[reimgun]

@AkihiroSuda i have tested it with all versions from 0.12.5 on - but all versions are not working -> see also https://github.com/moby/buildkit/issues/4789 - it works only with version 0.12.5