Calling fakeroot (in an Archlinux container) hangs forever

[denschub]

Description

fakeroot v1.35 to be broken. It just freezes forever, and you have to kill the container. I'm not sure if this is Archlinux-specific, but it worked ~2 weeks ago, and no longer does.

This is a Docker for Mac-issue, it works fine in Docker-for-Linux with the same Docker version. Because it works on Linux, I'll report this here - but if this turns out not to be a Docker issue, please let me know. :)

Reproduce

1. docker run -it --platform=linux/amd64 archlinux/archlinux:base-devel sh -c "fakeroot"

Expected behavior

I should see a shell that's interactive.

docker version

Client:
 Version:           26.1.4
 API version:       1.45
 Go version:        go1.21.11
 Git commit:        5650f9b
 Built:             Wed Jun  5 11:26:02 2024
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.31.0 (153195)
 Engine:
  Version:          26.1.4
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.21.11
  Git commit:       de5c9cf
  Built:            Wed Jun  5 11:29:12 2024
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.33
  GitCommit:        d2d58213f83a351ca8f528a95fbd145f5654e957
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Version:    26.1.4
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.14.1-desktop.1
    Path:     /Users/denschub/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.27.1-desktop.1
    Path:     /Users/denschub/.docker/cli-plugins/docker-compose
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.32
    Path:     /Users/denschub/.docker/cli-plugins/docker-debug
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.2
    Path:     /Users/denschub/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.24
    Path:     /Users/denschub/.docker/cli-plugins/docker-extension
  feedback: Provide feedback, right in your terminal! (Docker Inc.)
    Version:  v1.0.5
    Path:     /Users/denschub/.docker/cli-plugins/docker-feedback
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.2.0
    Path:     /Users/denschub/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/denschub/.docker/cli-plugins/docker-sbom
  scout: Docker Scout (Docker Inc.)
    Version:  v1.9.3
    Path:     /Users/denschub/.docker/cli-plugins/docker-scout

Server:
 Containers: 6
  Running: 0
  Paused: 0
  Stopped: 6
 Images: 3
 Server Version: 26.1.4
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: d2d58213f83a351ca8f528a95fbd145f5654e957
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 6.6.31-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 9
 Total Memory: 23.44GiB
 Name: docker-desktop
 ID: ab34bb1d-206d-4686-9896-f47df089dd0d
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=unix:///Users/denschub/Library/Containers/com.docker.docker/Data/docker-cli.sock
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

Diagnostics ID

7200E6FD-1BC6-461B-878E-83E3CBF00FC6/20240614231450

Additional Info

No response

[denschub]

I should add that there was a previous issue, https://github.com/moby/moby/issues/45436, and I have set the following engine config:

{
  // ...
  "default-ulimits": {
    "nofile": {
      "Name": "nofile",
      "Hard": 1024,
      "Soft": 524288
    }
  },
  // ...
}

but it's freezing with and without this.

[usk-tkhs]

Exactly. I am currently encountering this same problem at the Archlinux container, where building packages for Archilinux for armv7l at that container using makepkg fails. During the process of makepkg, fakeroot is called, but it freezes and does not move forward.

[drzee99]

I can confirm that I have the same issue with all my containers building AUR packages for Arch Linux (x86_64).

Forcing a downgrade of the fakeroot package to the previous version: pacman -U --noconfirm https://archive.archlinux.org/packages/f/fakeroot/fakeroot-1.34-1-x86_64.pkg.tar.zst

prior to running the makepkg command allows the build to run successfully.

[thaJeztah]

This is a Docker for Mac-issue, it works fine in Docker-for-Linux with the same Docker version. Because it works on Linux, I'll report this here - but if this turns out not to be a Docker issue, please let me know. :)

Are you running the same version of runc on your Linux installation? Would you be able to post the docker version and docker info of your Linux installation as well?

As the previous issue (linked in the moby repo) was related to Ulimits, and I'm aware that runc v1.1.13 had fixes to work around an issue in the Go runtime (see https://github.com/opencontainers/runc/pull/4277, and https://github.com/opencontainers/runc/pull/4299), which could result in the ulimits not always being applied. The next release of Docker Desktop, should come with runc 1.1.13 (in case that's the cause)

Forcing a downgrade of the fakeroot package to the previous version:

@drzee99 do you know what the version of fakeroot was that didn't work? (In case colleagues want to look at differences between those versions to narrow down what could cause it).

[thaJeztah]

do you know what the version of fakeroot was that didn't work? (In case colleagues want to look at differences between those versions to narrow down what could cause it).

Nevermind, I see the original comment at the top mentions it; 😅

fakeroot v1.35 to be broken.

[vincent-163]

fakeroot v1.36 continues to be broken as well, I found this issue while running makepkg -si in a systemd-nspawn environment and fixed the problem by downgrading to v1.34

[MarisaDAZA]

This is a Docker for Mac-issue, it works fine in Docker-for-Linux with the same Docker version. Because it works on Linux, I'll report this here - but if this turns out not to be a Docker issue, please let me know. :)

I am using docker-ce on Ubuntu. This promblem also happened, when I ran fakeroot (v1.35 & v1.36) in the archlinux and fedora containers.

docker version

Client: Docker Engine - Community
 Version:           27.4.0
 API version:       1.47
 Go version:        go1.22.10
 Git commit:        bde2b89
 Built:             Sat Dec  7 10:38:58 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          27.4.0
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.22.10
  Git commit:       92a8393
  Built:            Sat Dec  7 10:38:58 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.24
  GitCommit:        88bf19b2105c8b17560993bee28a01ddc2f97182
 runc:
  Version:          1.2.2
  GitCommit:        v1.2.2-0-g7cb3632
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client: Docker Engine - Community
 Version:    27.4.0
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.19.2
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.31.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 10
 Server Version: 27.4.0
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 88bf19b2105c8b17560993bee28a01ddc2f97182
 runc version: v1.2.2-0-g7cb3632
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
 Kernel Version: 5.15.0-126-generic
 Operating System: Ubuntu 20.04.6 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 7.657GiB
 Name: flandre-Lenovo-V530s-14IKB
 ID: ce65a974-30bd-48f5-a4f6-361b64c471eb
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Username: flandres495
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

[Zollerboy1]

This doesn't seem to be a Docker for Mac-issue, as it happens for me as well when running an archlinux container with fakeroot 1.37 on Ubuntu. Interestingly however, it doesn't happen when running the same container on archlinux.

[NeumoNeumo]

In my case, it turned out that fakeroot requires some system call that is disabled by docker by default. You can either docker run --privileged archlinux or more safely docker run -it --name arch --security-opt seccomp=unconfined archlinux to give it enough privilege.