Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pack cli rootless build fails on podman with permission denied to connect to docker daemon #2243

Closed
blatobi opened this issue Aug 5, 2024 · 4 comments
Closed

pack cli rootless build fails on podman with permission denied to connect to docker daemon #2243

blatobi opened this issue Aug 5, 2024 · 4 comments
Labels
status/triage Issue or PR that requires contributor attention. type/bug Issue that reports an unexpected behaviour.

Comments

@blatobi
Copy link

blatobi commented Aug 5, 2024

Summary

When trying to build an image I get:

[analyzer] ERROR: failed to initialize analyzer: getting previous image: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.45/version": dial unix /var/run/docker.sock: connect: permission denied
ERROR: failed to build: executing lifecycle: failed with status code: 1

despite having DOCKER_HOST set to: unix:///run/user/1000/podman/podman.sock

Reproduction

  • requires rootless podman installation
  • requires workaround https://github.com/buildpacks/pack/issues/2242#issuecomment-2268503086
  • DOCKER_HOST is set to: unix:///run/user/1000/podman/podman.sock
Steps
  1. git clone https://github.com/buildpacks/samples
  2. workaround 2242: podman network create pack-local-net
  3. pack build sample-app -p samples/apps/ruby-bundler/ -B cnbs/sample-builder:jammy --network pack-local-net
Current behavior
[analyzer] ERROR: failed to initialize analyzer: getting previous image: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.45/version": dial unix /var/run/docker.sock: connect: permission denied
ERROR: failed to build: executing lifecycle: failed with status code: 1
Expected behavior

Build should succeed and (I guess) use /run/user/1000/podman/podman.sock that is set in DOCKER_HOST environment variable.

Environment

pack info
Pack:
  Version:  0.35.0
  OS/Arch:  linux/amd64

Default Lifecycle Version:  0.19.6

Supported Platform APIs:  0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.10, 0.11, 0.12, 0.13

Config:
(no config file found at /home/xxxxx/.pack/config.toml)
podman info
 host:
  arch: amd64
  buildahVersion: 1.36.0
  cgroupControllers:
  - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: Unknown
    path: /nix/store/mbxcn95wf32cy267jg6f46fpfnxznl49-podman-helper-binary-wrapper/bin/conmon
    version: 'conmon version 2.1.12, commit: '
  cpuUtilization:
    idlePercent: 94.89
    systemPercent: 1.03
    userPercent: 4.08
  cpus: 16
  databaseBackend: sqlite
  distribution:
    codename: vicuna
    distribution: nixos
    version: "24.11"
  eventLogger: journald
  freeLocks: 2013
  hostname: bms-cs21337
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 100
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 6.6.43
  linkmode: dynamic
  logDriver: journald
  memFree: 7051476992
  memTotal: 33373638656
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: Unknown
      path: /nix/store/aa9yk6mgigcsl7dxls2fbs135613fa7x-podman-5.1.2/libexec/podman/aardvark-dns
      version: aardvark-dns 1.11.0
    package: Unknown
    path: /nix/store/aa9yk6mgigcsl7dxls2fbs135613fa7x-podman-5.1.2/libexec/podman/netavark
    version: netavark 1.7.0
  ociRuntime:
    name: crun
    package: Unknown
    path: /nix/store/mbxcn95wf32cy267jg6f46fpfnxznl49-podman-helper-binary-wrapper/bin/crun
    version: |-
      crun version 1.15
      commit: 1.15
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  pasta:
    executable: /nix/store/aa9yk6mgigcsl7dxls2fbs135613fa7x-podman-5.1.2/libexec/podman/pasta
    package: Unknown
    version: |
      pasta 2024_06_24.1ee2eca
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: ""
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /nix/store/aa9yk6mgigcsl7dxls2fbs135613fa7x-podman-5.1.2/libexec/podman/slirp4netns
    package: Unknown
    version: |-
      slirp4netns version 1.3.1
      commit: e5e368c4f5db6ae75c2fce786e31eef9da6bf236
      libslirp: 4.8.0
      SLIRP_CONFIG_VERSION_MAX: 5
      libseccomp: 2.5.5
  swapFree: 42946953216
  swapTotal: 42949668864
  uptime: 71h 9m 7.00s (Approximately 2.96 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /home/xxxx/.config/containers/storage.conf
  containerStore:
    number: 5
    paused: 0
    running: 1
    stopped: 4
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/xxxx/.local/share/containers/storage
  graphRootAllocated: 1023563268096
  graphRootUsed: 191684964352
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /tmp
  imageStore:
    number: 57
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/xxxxx/.local/share/containers/storage/volumes
version:
  APIVersion: 5.1.2
  Built: 315532800
  BuiltTime: Tue Jan  1 01:00:00 1980
  GitCommit: ""
  GoVersion: go1.22.5
  Os: linux
  OsArch: linux/amd64
  Version: 5.1.2
@blatobi blatobi added status/triage Issue or PR that requires contributor attention. type/bug Issue that reports an unexpected behaviour. labels Aug 5, 2024
@natalieparellano
Copy link
Member

@matejvasek do you have any idea about this one?

@vlada-dudr
Copy link

Same issue here. If I can help out somehow, let me know.

@AbdullahWali
Copy link

does --docker-host=inherit help here?

@blatobi
Copy link
Author

blatobi commented Aug 15, 2024

🤦‍♂️ You are correct! It is even mentioned in the docs at build-on-podman with a link to #1338. I was pretty sure I tried that before, obviously I didn't. Sry for the fuss.

@blatobi blatobi closed this as completed Aug 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/triage Issue or PR that requires contributor attention. type/bug Issue that reports an unexpected behaviour.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@natalieparellano @AbdullahWali @vlada-dudr @blatobi