moby: userns: rm: cannot remove '/var/lib/apt/lists/partial': Operation not permitted
Description of problem:
docker build fails to build a simple Dockerfile with (more in the reproduction below):
Running hooks in /etc/ca-certificates/update.d....done.
rm: cannot remove '/var/lib/apt/lists/partial': Operation not permitted
The command '/bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && rm -rf /var/lib/apt/lists/*' returned a non-zero code: 1
docker version:
Client:
Version: 1.10.0-dev
API version: 1.22
Go version: go1.5.1
Git commit: 3ff9bb5
Built: Sat Nov 21 16:03:51 UTC 2015
OS/Arch: linux/amd64
Experimental: true
Server:
Version: 1.10.0-dev
API version: 1.22
Go version: go1.5.1
Git commit: 3ff9bb5
Built: Sat Nov 21 16:03:51 UTC 2015
OS/Arch: linux/amd64
Experimental: true
docker info:
Containers: 9
Images: 53
Server Version: 1.10.0-dev
Storage Driver: overlay
Backing Filesystem: extfs
Execution Driver: native-0.2
Logging Driver: journald
Plugins:
Volume: local
Network: bridge null host
Kernel Version: 4.2.6-300.fc23.x86_64
Operating System: Fedora 23 (Workstation Edition)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 11.44 GiB
Name: localhost.localdomain
ID: SP2V:VTP3:V6ZK:RMJZ:UADA:V2UM:IHXB:WPCM:BMQ6:NTQX:4W43:CRYE
Debug mode (server): true
File Descriptors: 14
Goroutines: 28
System Time: 2015-11-22T12:16:35.687308737+01:00
EventsListeners: 0
Init SHA1: dd81947525a7b52db7d8cc15ed0d11db0717be51
Init Path:
Docker Root Dir: /var/lib/docker/100000.100000
Username: runcom
Registry: https://index.docker.io/v1/
Experimental: true
uname -a:
Linux localhost.localdomain 4.2.6-300.fc23.x86_64 #1 SMP Tue Nov 10 19:32:21 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
Environment details (AWS, VirtualBox, physical, etc.):
physical
How reproducible:
Always
Steps to Reproduce: 1.
start the daemon with /usr/bin/docker daemon -D -H fd:// -H tcp://127.0.0.1:2375 --userland-proxy=false -s overlay --log-driver=journald --exec-opt native.cgroupdriver=cgroupfs --userns-remap=default
cat - > Dockerfile << EOF
FROM debian:jessie
RUN groupadd -r redis && useradd -r -g redis redis
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
curl \
&& rm -rf /var/lib/apt/lists/*
EOF
docker build .
Actual Results:
Sending build context to Docker daemon 2.56 kB
Step 1 : FROM debian:jessie
---> a604b236bcde
Step 2 : RUN groupadd -r redis && useradd -r -g redis redis
---> Using cache
---> 1dafae223d73
Step 3 : RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && rm -rf /var/lib/apt/lists/*
---> Running in 1c830ef356cf
Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]
Get:2 http://security.debian.org jessie/updates/main amd64 Packages [189 kB]
Get:3 http://httpredir.debian.org jessie-updates InRelease [135 kB]
Ign http://httpredir.debian.org jessie InRelease
Get:4 http://httpredir.debian.org jessie Release.gpg [2373 B]
Get:5 http://httpredir.debian.org jessie-updates/main amd64 Packages [3619 B]
Get:6 http://httpredir.debian.org jessie Release [148 kB]
Get:7 http://httpredir.debian.org jessie/main amd64 Packages [9035 kB]
Fetched 9577 kB in 43s (219 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
The following extra packages will be installed:
libcurl3 libffi6 libgmp10 libgnutls-deb0-28 libgssapi-krb5-2 libhogweed2
libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.4-2
libnettle4 libp11-kit0 librtmp1 libsasl2-2 libsasl2-modules-db libssh2-1
libssl1.0.0 libtasn1-6 openssl
Suggested packages:
gnutls-bin krb5-doc krb5-user
Recommended packages:
krb5-locales libsasl2-modules
The following NEW packages will be installed:
ca-certificates curl libcurl3 libffi6 libgmp10 libgnutls-deb0-28
libgssapi-krb5-2 libhogweed2 libidn11 libk5crypto3 libkeyutils1 libkrb5-3
libkrb5support0 libldap-2.4-2 libnettle4 libp11-kit0 librtmp1 libsasl2-2
libsasl2-modules-db libssh2-1 libssl1.0.0 libtasn1-6 openssl
0 upgraded, 23 newly installed, 0 to remove and 0 not upgraded.
Need to get 5121 kB of archives.
After this operation, 12.6 MB of additional disk space will be used.
Get:1 http://security.debian.org/ jessie/updates/main libkrb5support0 amd64 1.12.1+dfsg-19+deb8u1 [58.7 kB]
Get:2 http://security.debian.org/ jessie/updates/main libk5crypto3 amd64 1.12.1+dfsg-19+deb8u1 [115 kB]
Get:3 http://security.debian.org/ jessie/updates/main libkrb5-3 amd64 1.12.1+dfsg-19+deb8u1 [302 kB]
Get:4 http://security.debian.org/ jessie/updates/main libgssapi-krb5-2 amd64 1.12.1+dfsg-19+deb8u1 [151 kB]
Get:5 http://security.debian.org/ jessie/updates/main libsasl2-modules-db amd64 2.1.26.dfsg1-13+deb8u1 [67.1 kB]
Get:6 http://security.debian.org/ jessie/updates/main libsasl2-2 amd64 2.1.26.dfsg1-13+deb8u1 [105 kB]
Get:7 http://security.debian.org/ jessie/updates/main libldap-2.4-2 amd64 2.4.40+dfsg-1+deb8u1 [218 kB]
Get:8 http://httpredir.debian.org/debian/ jessie/main libssl1.0.0 amd64 1.0.1k-3+deb8u1 [1038 kB]
Get:9 http://httpredir.debian.org/debian/ jessie/main libnettle4 amd64 2.7.1-5 [176 kB]
Get:10 http://httpredir.debian.org/debian/ jessie/main libffi6 amd64 3.1-2+b2 [20.1 kB]
Get:11 http://httpredir.debian.org/debian/ jessie/main libgnutls-deb0-28 amd64 3.3.8-6+deb8u3 [694 kB]
Get:12 http://httpredir.debian.org/debian/ jessie/main libgmp10 amd64 2:6.0.0+dfsg-6 [253 kB]
Get:13 http://httpredir.debian.org/debian/ jessie/main libhogweed2 amd64 2.7.1-5 [125 kB]
Get:14 http://httpredir.debian.org/debian/ jessie/main openssl amd64 1.0.1k-3+deb8u1 [677 kB]
Get:15 http://httpredir.debian.org/debian/ jessie/main libp11-kit0 amd64 0.20.7-1 [81.2 kB]
Get:16 http://httpredir.debian.org/debian/ jessie/main libkeyutils1 amd64 1.5.9-5+b1 [12.0 kB]
Get:17 http://httpredir.debian.org/debian/ jessie/main libidn11 amd64 1.29-1+b2 [136 kB]
Get:18 http://httpredir.debian.org/debian/ jessie/main libtasn1-6 amd64 4.2-3+deb8u1 [48.9 kB]
Get:19 http://httpredir.debian.org/debian/ jessie/main librtmp1 amd64 2.4+20150115.gita107cef-1 [59.8 kB]
Get:20 http://httpredir.debian.org/debian/ jessie/main libssh2-1 amd64 1.4.3-4.1 [125 kB]
Get:21 http://httpredir.debian.org/debian/ jessie/main libcurl3 amd64 7.38.0-4+deb8u2 [259 kB]
Get:22 http://httpredir.debian.org/debian/ jessie/main curl amd64 7.38.0-4+deb8u2 [200 kB]
Get:23 http://httpredir.debian.org/debian/ jessie/main ca-certificates all 20141019 [200 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 5121 kB in 16s (302 kB/s)
Selecting previously unselected package libssl1.0.0:amd64.
(Reading database ... 7531 files and directories currently installed.)
Preparing to unpack .../libssl1.0.0_1.0.1k-3+deb8u1_amd64.deb ...
Unpacking libssl1.0.0:amd64 (1.0.1k-3+deb8u1) ...
Selecting previously unselected package libgmp10:amd64.
Preparing to unpack .../libgmp10_2%3a6.0.0+dfsg-6_amd64.deb ...
Unpacking libgmp10:amd64 (2:6.0.0+dfsg-6) ...
Selecting previously unselected package libnettle4:amd64.
Preparing to unpack .../libnettle4_2.7.1-5_amd64.deb ...
Unpacking libnettle4:amd64 (2.7.1-5) ...
Selecting previously unselected package libhogweed2:amd64.
Preparing to unpack .../libhogweed2_2.7.1-5_amd64.deb ...
Unpacking libhogweed2:amd64 (2.7.1-5) ...
Selecting previously unselected package libffi6:amd64.
Preparing to unpack .../libffi6_3.1-2+b2_amd64.deb ...
Unpacking libffi6:amd64 (3.1-2+b2) ...
Selecting previously unselected package libp11-kit0:amd64.
Preparing to unpack .../libp11-kit0_0.20.7-1_amd64.deb ...
Unpacking libp11-kit0:amd64 (0.20.7-1) ...
Selecting previously unselected package libtasn1-6:amd64.
Preparing to unpack .../libtasn1-6_4.2-3+deb8u1_amd64.deb ...
Unpacking libtasn1-6:amd64 (4.2-3+deb8u1) ...
Selecting previously unselected package libgnutls-deb0-28:amd64.
Preparing to unpack .../libgnutls-deb0-28_3.3.8-6+deb8u3_amd64.deb ...
Unpacking libgnutls-deb0-28:amd64 (3.3.8-6+deb8u3) ...
Selecting previously unselected package libkeyutils1:amd64.
Preparing to unpack .../libkeyutils1_1.5.9-5+b1_amd64.deb ...
Unpacking libkeyutils1:amd64 (1.5.9-5+b1) ...
Selecting previously unselected package libkrb5support0:amd64.
Preparing to unpack .../libkrb5support0_1.12.1+dfsg-19+deb8u1_amd64.deb ...
Unpacking libkrb5support0:amd64 (1.12.1+dfsg-19+deb8u1) ...
Selecting previously unselected package libk5crypto3:amd64.
Preparing to unpack .../libk5crypto3_1.12.1+dfsg-19+deb8u1_amd64.deb ...
Unpacking libk5crypto3:amd64 (1.12.1+dfsg-19+deb8u1) ...
Selecting previously unselected package libkrb5-3:amd64.
Preparing to unpack .../libkrb5-3_1.12.1+dfsg-19+deb8u1_amd64.deb ...
Unpacking libkrb5-3:amd64 (1.12.1+dfsg-19+deb8u1) ...
Selecting previously unselected package libgssapi-krb5-2:amd64.
Preparing to unpack .../libgssapi-krb5-2_1.12.1+dfsg-19+deb8u1_amd64.deb ...
Unpacking libgssapi-krb5-2:amd64 (1.12.1+dfsg-19+deb8u1) ...
Selecting previously unselected package libidn11:amd64.
Preparing to unpack .../libidn11_1.29-1+b2_amd64.deb ...
Unpacking libidn11:amd64 (1.29-1+b2) ...
Selecting previously unselected package libsasl2-modules-db:amd64.
Preparing to unpack .../libsasl2-modules-db_2.1.26.dfsg1-13+deb8u1_amd64.deb ...
Unpacking libsasl2-modules-db:amd64 (2.1.26.dfsg1-13+deb8u1) ...
Selecting previously unselected package libsasl2-2:amd64.
Preparing to unpack .../libsasl2-2_2.1.26.dfsg1-13+deb8u1_amd64.deb ...
Unpacking libsasl2-2:amd64 (2.1.26.dfsg1-13+deb8u1) ...
Selecting previously unselected package libldap-2.4-2:amd64.
Preparing to unpack .../libldap-2.4-2_2.4.40+dfsg-1+deb8u1_amd64.deb ...
Unpacking libldap-2.4-2:amd64 (2.4.40+dfsg-1+deb8u1) ...
Selecting previously unselected package librtmp1:amd64.
Preparing to unpack .../librtmp1_2.4+20150115.gita107cef-1_amd64.deb ...
Unpacking librtmp1:amd64 (2.4+20150115.gita107cef-1) ...
Selecting previously unselected package libssh2-1:amd64.
Preparing to unpack .../libssh2-1_1.4.3-4.1_amd64.deb ...
Unpacking libssh2-1:amd64 (1.4.3-4.1) ...
Selecting previously unselected package libcurl3:amd64.
Preparing to unpack .../libcurl3_7.38.0-4+deb8u2_amd64.deb ...
Unpacking libcurl3:amd64 (7.38.0-4+deb8u2) ...
Selecting previously unselected package openssl.
Preparing to unpack .../openssl_1.0.1k-3+deb8u1_amd64.deb ...
Unpacking openssl (1.0.1k-3+deb8u1) ...
Selecting previously unselected package ca-certificates.
Preparing to unpack .../ca-certificates_20141019_all.deb ...
Unpacking ca-certificates (20141019) ...
Selecting previously unselected package curl.
Preparing to unpack .../curl_7.38.0-4+deb8u2_amd64.deb ...
Unpacking curl (7.38.0-4+deb8u2) ...
Setting up libssl1.0.0:amd64 (1.0.1k-3+deb8u1) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.20.2 /usr/local/share/perl/5.20.2 /usr/lib/x86_64-linux-gnu/perl5/5.20 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.20 /usr/share/perl/5.20 /usr/local/lib/site_perl .) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Setting up libgmp10:amd64 (2:6.0.0+dfsg-6) ...
Setting up libnettle4:amd64 (2.7.1-5) ...
Setting up libhogweed2:amd64 (2.7.1-5) ...
Setting up libffi6:amd64 (3.1-2+b2) ...
Setting up libp11-kit0:amd64 (0.20.7-1) ...
Setting up libtasn1-6:amd64 (4.2-3+deb8u1) ...
Setting up libgnutls-deb0-28:amd64 (3.3.8-6+deb8u3) ...
Setting up libkeyutils1:amd64 (1.5.9-5+b1) ...
Setting up libkrb5support0:amd64 (1.12.1+dfsg-19+deb8u1) ...
Setting up libk5crypto3:amd64 (1.12.1+dfsg-19+deb8u1) ...
Setting up libkrb5-3:amd64 (1.12.1+dfsg-19+deb8u1) ...
Setting up libgssapi-krb5-2:amd64 (1.12.1+dfsg-19+deb8u1) ...
Setting up libidn11:amd64 (1.29-1+b2) ...
Setting up libsasl2-modules-db:amd64 (2.1.26.dfsg1-13+deb8u1) ...
Setting up libsasl2-2:amd64 (2.1.26.dfsg1-13+deb8u1) ...
Setting up libldap-2.4-2:amd64 (2.4.40+dfsg-1+deb8u1) ...
Setting up librtmp1:amd64 (2.4+20150115.gita107cef-1) ...
Setting up libssh2-1:amd64 (1.4.3-4.1) ...
Setting up libcurl3:amd64 (7.38.0-4+deb8u2) ...
Setting up openssl (1.0.1k-3+deb8u1) ...
Setting up ca-certificates (20141019) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.20.2 /usr/local/share/perl/5.20.2 /usr/lib/x86_64-linux-gnu/perl5/5.20 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.20 /usr/share/perl/5.20 /usr/local/lib/site_perl .) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Setting up curl (7.38.0-4+deb8u2) ...
Processing triggers for libc-bin (2.19-18+deb8u1) ...
Processing triggers for ca-certificates (20141019) ...
Updating certificates in /etc/ssl/certs... 173 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
rm: cannot remove '/var/lib/apt/lists/partial': Operation not permitted
The command '/bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && rm -rf /var/lib/apt/lists/*' returned a non-zero code: 1
Expected Results:
The Dockerfile is being built successfully (and it is indeed w/o userns)
Additional info:
just disabling userns in the daemon solves this issue, ping @estesp
About this issue
- Original URL
- State: closed
- Created 9 years ago
- Comments: 35 (35 by maintainers)
FYI my patch has been queued upstream https://git.kernel.org/cgit/linux/kernel/git/mszeredi/vfs.git/log/?h=overlayfs-next
Kernel 4.7 with my patch has been released. I’m going to close this.
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/diff/?id=v4.7&id2=v4.6&dt=2