img: copy permission error with v0.4.2

I upgraded from 0.3.4 to 0.4.2 and img build stopped working.

Building with img-in-docker using the following versions:

FROM golang:1.10.2-alpine3.7

# runc - CLI tool for spawning and running containers according to the OCI specification
RUN curl -o /usr/local/bin/runc -L https://github.com/opencontainers/runc/releases/download/v1.0.0-rc5/runc.amd64 \
&& chmod 755 /usr/local/bin/runc

# img - a standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.
ENV IMG_DISABLE_EMBEDDED_RUNC 1
RUN curl -o /usr/local/bin/img -L https://github.com/genuinetools/img/releases/download/v0.4.2/img-linux-amd64 \
&& chmod 755 /usr/local/bin/img

When I try to do an img build it fails with this error: time="2018-06-05T05:22:44Z" level=fatal msg="please install 'runc'". This seems to be related to the relatively new change of embedding the runc inside the img.

I also tried by removing the IMG_DISABLE_EMBEDDED_RUNC envar but now i’m facing a different and probably unrelated error, which seems to be a bug?

[copy --unpack /src-0/mycontainer-linux-amd64 usr/local/bin/mycontainer]: panic: failed to copy /src-0/mycontainer-linux-amd64 to usr/local/bin/mycontainer: failed to copy files: copy file range failed: operation not permitted
 
 goroutine 1 [running]:
 main.main()
 	/go/src/github.com/tonistiigi/copy/cmd/copy/main.go:57 +0x2b1
 failed to solve: executor failed running [copy --unpack /src-0/mycontainer-linux-amd64 usr/local/bin/mycontainer]: exit code 2

As the error states it is failing here which is probably because this change was made.

I tried to track this down in order to identify where it is being used with no success. I didn’t find any reference in img, runc or buildkit. I’m sorry for not being able to give more details.

Thanks again,

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 1
  • Comments: 22

Most upvoted comments

The embedded runc in img was causing “the copy file range failed: operation not permitted” on CentOS 7.

I am using img 0.4.6

img:
 version     : v0.4.6
 git hash    : 9c9f6f6
 go version  : go1.10.3
 go compiler : gc
 platform    : linux/amd64

I was able to symlink the runc that is packaged with docker-ce 18.05-ce to get around the problem and to be able to finally build an image that contained COPY in the Dockerfile.

sudo ln -s /usr/bin/docker-runc /usr/bin/runc

The runc version I am using

docker-runc --version
runc version 1.0.0-rc5
commit: 4fc53a81fb7c994640722ac585fa9ca548971871
spec: 1.0.0

The embedded runc that was causing me issues

/tmp/img-runc033549591/runc --version
runc version 1.0.0-rc5+dev
commit: dd56ece8236d6d9e5bed4ea0c31fe53c7b873ff4
spec: 1.0.0
+2
danlenar on Jul 5, 2018

Just to close on this thread, I took the source code of vanilla runc (tag v1.0.0-rc5), compiled it and used this with the img and my dockerfiles worked.

+1
arunmk on Jul 6, 2018

@arunmk

The vanilla runc is missing commit line in the version output, which is causing img to default to still using embedded runc.

./runc.amd64 --version
runc version 1.0.0-rc5
spec: 1.0.0

The code (https://github.com/containerd/go-runc/blob/14606eb66abd9e834e3bd22a4f5f46a3aad54c54/runc.go#L609-L612) expects there to be 3 lines in the runc version output.

+1
danlenar on Jul 5, 2018
Read more comments on GitHub
← px: [WinError10053] An established connection was aborted by the software in your host machine
img: img build: newuidmap: write to uid_map failed: Invalid argument →