NodeOS: "Operation not permitted" on docker image

Hey,

@piranna i managed to create a docker image by hand and got this error do think you can fix this or do you have a clue how to fix it? The nodeos-barebones create a invalid tar file so i unpacked barebones and packed again with this command: tar -cf barebones.tar bin/ dev/ lib/ sbin/ init | docker import - barebones

[philipp@arch NodeOS]$ docker run -i 497fb770977e
mount: Operation not permitted
{ [Error: EPERM, Operation not permitted 'proc'] errno: 1, code: 'EPERM', path: 'proc', syscall: 'mount' }
fs.js:897
  return binding.symlink(preprocessSymlinkDestination(target, type, path),
                 ^

Error: EEXIST: file already exists, symlink '/proc/mounts' -> '/etc/mtab'
    at Error (native)
    at Object.fs.symlinkSync (fs.js:897:18)
    at /lib/node_modules/nodeos-mount-filesystems/server.js:394:8
    at /lib/node_modules/nodeos-mount-filesystems/node_modules/mkdirp/index.js:48:26
    at FSReqWrap.oncomplete (fs.js:82:15)
termination: Operation not permitted

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
<none>              <none>              497fb770977e        7 minutes ago       54.75 MB
usersfs             latest              ce2793db7999        13 minutes ago      54.75 MB
rootfs              latest              5dbee56f5abb        13 minutes ago      19.77 MB
initramfs           latest              f209c1c10720        14 minutes ago      19.77 MB
barebones           latest              05c860e2d94c        23 minutes ago      17.06 MB

The one with the “none” in it is the nodeos image

About this issue

Original URL
State: open
Created 8 years ago
Comments: 51 (51 by maintainers)

Most upvoted comments

I think I’ve found it, and in fact, it’s not something new. Seems gnu tar (booooh…) requires the file size of the symlink entry header to be zero, while we are setting it to the length of the target path (22), and in fact it’s the only notable difference between fromcpio.tar and gnu.tar files…

00003e00  64 6f 63 73 2f 6c 61 79  65 72 31 00 00 00 00 00  |docs/layer1.....|
00003e10  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00003e60  00 00 00 00 30 30 30 37  37 37 20 00 30 30 31 37  |....000777 .0017|
00003e70  35 30 20 00 30 30 30 31  34 34 20 00 30 30 30 30  |50 .000144 .0000|
00003e80  30 30 30 30 30 32 32 20  31 32 37 30 34 35 32 31  |0000022 12704521|
00003e90  33 36 31 20 30 31 34 33  37 37 20 00 32 4e 6f 64  |361 014377 .2Nod|
00003ea0  65 4f 53 20 6c 61 79 65  72 20 31 2e 70 6e 67 00  |eOS layer 1.png.|
00003eb0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00003f00  00 75 73 74 61 72 00 30  30 00 00 00 00 00 00 00  |.ustar.00.......|
00003f10  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00003f40  00 00 00 00 00 00 00 00  00 30 30 30 30 30 30 20  |.........000000 |
00003f50  00 30 30 30 30 30 30 20  00 00 00 00 00 00 00 00  |.000000 ........|
00003f60  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*

00006600  64 6f 63 73 2f 6c 61 79  65 72 31 00 00 00 00 00  |docs/layer1.....|
00006610  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00006660  00 00 00 00 30 30 30 30  37 37 37 00 30 30 30 31  |....0000777.0001|
00006670  37 35 30 00 30 30 30 30  31 34 34 00 30 30 30 30  |750.0000144.0000|
00006680  30 30 30 30 30 30 30 00  31 32 37 30 34 35 32 31  |0000000.12704521|
00006690  33 36 31 00 30 31 35 35  36 33 00 20 32 4e 6f 64  |361.015563. 2Nod|
000066a0  65 4f 53 20 6c 61 79 65  72 20 31 2e 70 6e 67 00  |eOS layer 1.png.|
000066b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00006700  00 75 73 74 61 72 20 20  00 70 68 69 6c 69 70 70  |.ustar  .philipp|
00006710  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00006720  00 00 00 00 00 00 00 00  00 75 73 65 72 73 00 00  |.........users..|
00006730  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*

Probably this is due to the fact cpio2tar is using stream API, since cpio-stream module send the symlink path as it’s content. I’ll notify to @mafintosh about this and put cpio2tar in an independent module so we can be able to test this easily.

piranna on Apr 18, 2016

I’ve fixed tar-stream and in a quick check seems cpio2tar is now generating valid tar files regarding to symlinks size 😃

[piranna@Latitude:~/Proyectos/cpio2tar]
 (master) > find test/ | cpio -o -H newc > archive.cpio 
1 bloque

[piranna@Latitude:~/Proyectos/cpio2tar]
 (master) > hd archive.cpio 
00000000  30 37 30 37 30 31 30 30  34 31 43 30 43 41 30 30  |0707010041C0CA00|
00000010  30 30 34 31 46 44 30 30  30 30 30 33 45 38 30 30  |0041FD000003E800|
00000020  30 30 30 33 45 38 30 30  30 30 30 30 30 32 35 37  |0003E80000000257|
00000030  31 36 32 45 38 43 30 30  30 30 30 30 30 30 30 30  |162E8C0000000000|
00000040  30 30 30 30 30 38 30 30  30 30 30 30 30 33 30 30  |0000080000000300|
00000050  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30  |0000000000000000|
00000060  30 30 30 30 30 36 30 30  30 30 30 30 30 30 74 65  |00000600000000te|
00000070  73 74 2f 00 30 37 30 37  30 31 30 30 34 30 42 34  |st/.0707010040B4|
00000080  45 32 30 30 30 30 38 31  42 34 30 30 30 30 30 33  |E2000081B4000003|
00000090  45 38 30 30 30 30 30 33  45 38 30 30 30 30 30 30  |E8000003E8000000|
000000a0  30 31 35 37 31 36 32 45  30 36 30 30 30 30 30 30  |0157162E06000000|
000000b0  30 37 30 30 30 30 30 30  30 38 30 30 30 30 30 30  |0700000008000000|
000000c0  30 33 30 30 30 30 30 30  30 30 30 30 30 30 30 30  |0300000000000000|
000000d0  30 30 30 30 30 30 30 30  30 45 30 30 30 30 30 30  |000000000E000000|
000000e0  30 30 74 65 73 74 2f 66  69 6c 65 2e 74 78 74 00  |00test/file.txt.|
000000f0  61 20 66 69 6c 65 0a 00  30 37 30 37 30 31 30 30  |a file..07070100|
00000100  34 30 42 34 44 44 30 30  30 30 41 31 46 46 30 30  |40B4DD0000A1FF00|
00000110  30 30 30 33 45 38 30 30  30 30 30 33 45 38 30 30  |0003E8000003E800|
00000120  30 30 30 30 30 31 35 37  31 36 32 45 38 37 30 30  |00000157162E8700|
00000130  30 30 30 30 30 38 30 30  30 30 30 30 30 38 30 30  |0000080000000800|
00000140  30 30 30 30 30 33 30 30  30 30 30 30 30 30 30 30  |0000030000000000|
00000150  30 30 30 30 30 30 30 30  30 30 30 30 30 44 30 30  |0000000000000D00|
00000160  30 30 30 30 30 30 74 65  73 74 2f 73 79 6d 6c 69  |000000test/symli|
00000170  6e 6b 00 00 66 69 6c 65  2e 74 78 74 30 37 30 37  |nk..file.txt0707|
00000180  30 31 30 30 30 30 30 30  30 30 30 30 30 30 30 30  |0100000000000000|
00000190  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30  |0000000000000000|
000001a0  30 30 30 30 30 30 30 30  30 31 30 30 30 30 30 30  |0000000001000000|
000001b0  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30  |0000000000000000|
*
000001e0  30 42 30 30 30 30 30 30  30 30 54 52 41 49 4c 45  |0B00000000TRAILE|
000001f0  52 21 21 21 00 00 00 00  00 00 00 00 00 00 00 00  |R!!!............|
00000200

[piranna@Latitude:~/Proyectos/cpio2tar]
 (master) > ./server.js < archive.cpio > archive.tar

[piranna@Latitude:~/Proyectos/cpio2tar]
 (master) > hd archive.tar 
00000000  74 65 73 74 2f 00 00 00  00 00 00 00 00 00 00 00  |test/...........|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000060  00 00 00 00 30 30 30 37  37 35 20 00 30 30 31 37  |....000775 .0017|
00000070  35 30 20 00 30 30 31 37  35 30 20 00 30 30 30 30  |50 .001750 .0000|
00000080  30 30 30 30 30 30 30 20  31 32 37 30 35 34 32 37  |0000000 12705427|
00000090  32 31 34 20 30 31 30 32  34 37 20 00 35 00 00 00  |214 010247 .5...|
000000a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000100  00 75 73 74 61 72 00 30  30 00 00 00 00 00 00 00  |.ustar.00.......|
00000110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000140  00 00 00 00 00 00 00 00  00 30 30 30 30 31 30 20  |.........000010 |
00000150  00 30 30 30 30 30 33 20  00 00 00 00 00 00 00 00  |.000003 ........|
00000160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000200  74 65 73 74 2f 66 69 6c  65 2e 74 78 74 00 00 00  |test/file.txt...|
00000210  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000260  00 00 00 00 30 30 30 36  36 34 20 00 30 30 31 37  |....000664 .0017|
00000270  35 30 20 00 30 30 31 37  35 30 20 00 30 30 30 30  |50 .001750 .0000|
00000280  30 30 30 30 30 30 37 20  31 32 37 30 35 34 32 37  |0000007 12705427|
00000290  30 30 36 20 30 31 31 37  32 33 20 00 30 00 00 00  |006 011723 .0...|
000002a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000300  00 75 73 74 61 72 00 30  30 00 00 00 00 00 00 00  |.ustar.00.......|
00000310  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000340  00 00 00 00 00 00 00 00  00 30 30 30 30 31 30 20  |.........000010 |
00000350  00 30 30 30 30 30 33 20  00 00 00 00 00 00 00 00  |.000003 ........|
00000360  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000400  61 20 66 69 6c 65 0a 00  00 00 00 00 00 00 00 00  |a file..........|
00000410  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000600  74 65 73 74 2f 73 79 6d  6c 69 6e 6b 00 00 00 00  |test/symlink....|
00000610  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000660  00 00 00 00 30 30 30 37  37 37 20 00 30 30 31 37  |....000777 .0017|
00000670  35 30 20 00 30 30 31 37  35 30 20 00 30 30 30 30  |50 .001750 .0000|
00000680  30 30 30 30 30 30 30 20  31 32 37 30 35 34 32 37  |0000000 12705427|
00000690  32 30 37 20 30 31 33 33  33 35 20 00 32 66 69 6c  |207 013335 .2fil|
000006a0  65 2e 74 78 74 00 00 00  00 00 00 00 00 00 00 00  |e.txt...........|
000006b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000700  00 75 73 74 61 72 00 30  30 00 00 00 00 00 00 00  |.ustar.00.......|
00000710  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000740  00 00 00 00 00 00 00 00  00 30 30 30 30 31 30 20  |.........000010 |
00000750  00 30 30 30 30 30 33 20  00 00 00 00 00 00 00 00  |.000003 ........|
00000760  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000c00

I’ll try to find some time to integrate this on NodeOS and let’s see if we can generate Docker images 😄

piranna on Apr 19, 2016