can't build containers on latest ploigos-tools-container image
Closed this issue · 0 comments
itewk commented
severity
HIGH
issue
something between the 0.17 release and edge versions of the ploigos-tools-containers image has changed such that we can't build images on it any more, get errors. not sure if this is something that chagned in ubi8 or if we changed the image in some way.
level=warning msg="error running newuidmap: exit status 1: newuidmap: write to uid_map failed: Operation not permitted\n"
level=warning msg="falling back to single mapping"
STEP 1: FROM registry.redhat.io/ubi8/openjdk-8
Getting image source signatures
Checking if image destination supports signatures
Copying blob sha256:ce5c290737fbf1ea1ae0356bc5170a1dd72f40f22e2d6a74a53e6498c88c1d27
Copying blob sha256:8f403cb21126270e2d1551022b82c77c695ce40c9812795daf7ad77a05c2b9f6
Copying blob sha256:65c0f2178ac8a3c28f48efd26ccf16bd6f344fa88d1aa20efd3a25d5f99587c0
Copying config sha256:6fb01261b981a2f76281272db81b4e230f3b335255066e9f6721521b55d19ffd
Writing manifest to image destination
Storing signatures
level=error msg="Error while applying layer: ApplyLayer exit status 1 stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:12 for /var/spool/mail): Check /etc/subuid and /etc/subgid: lchown /var/spool/mail: invalid argument"
error creating build container: Error committing the finished image: error adding layer with blob "sha256:8f403cb21126270e2d1551022b82c77c695ce40c9812795daf7ad77a05c2b9f6": ApplyLayer exit status 1 stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:12 for /var/spool/mail): Check /etc/subuid and /etc/subgid: lchown /var/spool/mail: invalid argument
level=error msg="exit status 125"
investigation
- build works fine when using buildah 1.15.1 but not 1.19.8. not sure if that is the issue. going to try and install 1.15.1 with all other packages being at latest to isolate buildah and see if that is issue.
resolution
re-isntalling shadow-utils fixes magic with the newgidmap and newuidmap magic. see containers/buildah#3053 (comment)