Kaniko build fails if folder /lib/modules is available as read-only mount inside docker

[mariovor]

Actual behavior I encounterd this issue working with Sysbox as runtime, see my bugreport there. From the analysis there, it looks like kaniko tries to modify files under /lib/modules if the folder is available and fails if it is read-only with the error message

error building image: error building stage: failed to get filesystem from image: error removing lib to make way for new symlink: unlinkat //lib/modules/5.15.0-1005-aws/modules.builtin.modinfo: read-only file system

However, kaniko works just fine, if the folder is not available at all.

Expected behavior If the folder /lib/modules is read-only, ignore it the same way when it es not available, or do not try to modify files there.

To Reproduce Dockerfile

FROM ubuntu:20.04
RUN apt-get update \
	&& DEBIAN_FRONTEND=noninteractive apt-get install -y \
	libxerces-c3.2 python3 curl \
	&& apt-get clean \
	&& rm -rf /var/lib/apt/lists/*

Steps to reproduce the behavior:

1. Start docker container:

   docker run -v $PWD:/app --rm  -it --entrypoint="/busybox/sh"  -v /lib/modules:/lib/modules/:ro gcr.io/kaniko-project/executor:v1.8.1-debug
   

2. Inside container:

   /kaniko/executor --dockerfile /app/Dockerfile --no-push`
   

Additional Information

• Running on AWS EC2 machine, Ubuntu 22.04

Triage Notes for the Maintainers

Description	Yes/No
Please check if this a new feature you are proposing	- [ ]
Please check if the build works in docker but not in kaniko	[ x]
Please check if this error is seen when you use --cache flag	[ ]
Please check if your dockerfile is a multistage dockerfile	- [ ]

[RubenNL]

Workaround I successfully used with sysbox:

before you start the executor(step 2), run this: umount /lib/modules/*