Problem with sandbox build
Closed this issue · 3 comments
This very useful took worked well with a container imported from Docker.
However, I am now trying it on an image built from a Singularity definition file, and I am seeing permission problems with the sandbox build. They sound similar to other sandbox problems reported recently.
The error I see is:
(clair-singularity) [software@easybuild clair-singularity]$ clair-singularity --bind-ip 10.1.0.3 --json-output ~/src/singularity/antspynet-0.0.3.sif > antspynet-clair-scan-$(date +%F).json
Exporting image to sandbox.
INFO: Starting build...
INFO: Creating sandbox directory...
FATAL: While performing build: sandbox assemble failed: exit status 1: mv: cannot move ‘/tmp/sbuild-096432949/fs’ to ‘/tmp/tmproogpums’: Permission denied
Traceback (most recent call last):
File "/home/software/src/venv/clair-singularity/lib/python3.6/site-packages/clair_singularity-0.2.0-py3.6.egg/clair_singularity/image.py", line 33, in image_to_tgz
subprocess.check_call(cmd)
File "/usr/lib64/python3.6/subprocess.py", line 311, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['singularity', 'build', '-F', '--sandbox', '/tmp/tmproogpums', '/home/software/src/singularity/antspynet-0.0.3.sif']' returned non-zero exit status 255.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/software/src/venv/clair-singularity/lib/python3.6/site-packages/clair_singularity-0.2.0-py3.6.egg/clair_singularity/cli.py", line 32, in cli
(tar_dir, tar_file) = image_to_tgz(image, quiet)
File "/home/software/src/venv/clair-singularity/lib/python3.6/site-packages/clair_singularity-0.2.0-py3.6.egg/clair_singularity/image.py", line 35, in image_to_tgz
raise ImageException("Error calling Singularity export to create sandbox\n%s" % e)
clair_singularity.image.ImageException: Error calling Singularity export to create sandbox
Command '['singularity', 'build', '-F', '--sandbox', '/tmp/tmproogpums', '/home/software/src/singularity/antspynet-0.0.3.sif']' returned non-zero exit status 255.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/software/src/venv/clair-singularity/bin/clair-singularity", line 11, in <module>
load_entry_point('clair-singularity==0.2.0', 'console_scripts', 'clair-singularity')()
File "/home/software/src/venv/clair-singularity/lib/python3.6/site-packages/Click-7.0-py3.6.egg/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/home/software/src/venv/clair-singularity/lib/python3.6/site-packages/Click-7.0-py3.6.egg/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/home/software/src/venv/clair-singularity/lib/python3.6/site-packages/Click-7.0-py3.6.egg/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/home/software/src/venv/clair-singularity/lib/python3.6/site-packages/Click-7.0-py3.6.egg/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/home/software/src/venv/clair-singularity/lib/python3.6/site-packages/clair_singularity-0.2.0-py3.6.egg/clair_singularity/cli.py", line 33, in cli
except ImageError as e:
NameError: name 'ImageError' is not defined
This is with the latest Singularity available in EPEL at the time of writing, 3.4.1-1.2.
Hi @verdurin - apologies for these issues. I should be able to tidy this up (it's a personal side project now) after work stuff on Singularity 3.5 gets to an RC state.
Thanks @dctrud
Just tested with the 3.4.2 build that Dave has pushed to EPEL and the behaviour is the same.
In case it wasn't obvious, the container is build with sudo, not fakeroot.