mock
mock copied to clipboard
Published
20 hours ago •
rpm-software-management
rpm-software-management
Cannot --init in a Docker container with --new-chroot
Short description of the problem
@xsuchy I have a similar issue to #96, if not the same issue, despite adding the SYS_ADMIN capabilitiy. However, I have not tried the --old-chroot option that @shanemcd mentioned in that issue.
Output of rpm -q mock
[root@85f189912d69 /]# rpm -q mock
mock-1.4.10-1.el7.noarch
Steps to reproduce issue
- Build a Docker image
- Run
mock ... --init - Pout at the computer screen
Do not forget to mention full commandline with the mock command you executed.
Any additional notes
I'll jump to the core of the issue (rather than including several hundred lines of mock/yum installing packages).
[root@24b9a6033d5d /]# capsh --print
Current: = cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_sys_admin,cap_mknod,cap_audit_write,cap_setfcap+eip
Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_sys_admin,cap_mknod,cap_audit_write,cap_setfcap
Securebits: 00/0x0/1'b0
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
uid=0(root)
gid=0(root)
groups=
[root@24b9a6033d5d /]# /usr/bin/systemd-nspawn -q -M 1a1b2bafa6594d95a7345238c6630c8a -D /var/lib/mock/epel-7-x86_64/root --setenv=LANG=en_US.UTF-8 --setenv=TERM=vt100 --setenv=SHELL=/bin/bash --setenv=HOSTNAME=mock --setenv=PROMPT_COMMAND=printf "\033]0;<mock-chroot>\007" --setenv=HOME=/builddir --setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin --setenv=PS1='<mock-chroot> \s-\v\$' /usr/sbin/groupadd -g 135 mock
Not running on a systemd system.
And this is the Dockerfile I'm using to build my image:
FROM centos:7
RUN yum install -y epel-release && \
yum install -y lbzip2 mock mock-scm nosync pigz && \
yum clean all && \
rm -rf /var/cache/yum
COPY site-defaults.cfg /etc/mock/
RUN useradd -m -G mock -s /bin/bash builder
VOLUME ["/var/lib/mock"]
COPY docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]
USER builder
The entrypoint is nothing fancy, just this:
#!/bin/sh
set -eu
exec 2>&1
exec mock -r ${TARGET_PLATFORM} $@
[root@85f189912d69 /]# mock --debug-config
INFO: mock.py version 1.4.10 starting (python version = 2.7.5)...
Start: init plugins
INFO: selinux disabled
Finish: init plugins
Start: run
config_opts['backup_base_dir'] = '/var/lib/mock/backup'
config_opts['backup_on_clean'] = False
config_opts['basedir'] = '/var/lib/mock'
config_opts['build_log_fmt_name'] = 'unadorned'
config_opts['build_log_fmt_str'] = '%(message)s'
config_opts['cache_alterations'] = False
config_opts['cache_topdir'] = '/var/cache/mock'
config_opts['check'] = True
config_opts['chroot_name'] = 'default'
config_opts['chroot_setup_cmd'] = 'install @buildsys-build'
config_opts['chrootgid'] = 135
config_opts['chrootgroup'] = 'mock'
config_opts['chroothome'] = '/builddir'
config_opts['chrootuid'] = 0
config_opts['clean'] = True
config_opts['cleanup_on_failure'] = False
config_opts['cleanup_on_success'] = False
config_opts['config_file'] = '/etc/mock/default.cfg'
config_opts['config_paths'] = ['/etc/mock/site-defaults.cfg',
'/etc/mock/site-defaults.cfg',
'/etc/mock/default.cfg',
'/etc/mock/epel-7-x86_64.cfg']
config_opts['createrepo_command'] = '/usr/bin/createrepo_c -d -q -x *.src.rpm'
config_opts['createrepo_on_rpms'] = False
config_opts['dist'] = 'el7'
config_opts['dnf_command'] = '/usr/bin/dnf'
config_opts['dnf_install_command'] = 'install dnf dnf-plugins-core distribution-gpg-keys'
config_opts['enable_disable_repos'] = []
config_opts['environment'] = {'HOME': '/builddir',
'HOSTNAME': 'mock',
'LANG': 'en_US.UTF-8',
'PATH': '/usr/bin:/bin:/usr/sbin:/sbin',
'PROMPT_COMMAND': 'printf "\\033]0;<mock-chroot>\\007"',
'PS1': '<mock-chroot> \\s-\\v\\$ ',
'SHELL': '/bin/bash',
'TERM': 'vt100'}
config_opts['exclude_from_homedir_cleanup'] = ['build/SOURCES', '.bash_history', '.bashrc']
config_opts['extra_chroot_dirs'] = []
config_opts['files'] = {'etc/hosts': '127.0.0.1 localhost localhost.localdomain\n::1 localhost localhost.localdomain localhost6 localhost6.localdomain6\n'}
config_opts['hostname'] = None
config_opts['internal_dev_setup'] = True
config_opts['legal_host_arches'] = ('x86_64',)
config_opts['log_config_file'] = 'logging.ini'
config_opts['macros'] = {'%__bzip2': '/usr/bin/lbzip2',
'%__gzip': '/usr/bin/pigz',
'%_buildhost': '85f189912d69',
'%_rpmfilename': '%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm',
'%_smp_mflags': '-j2',
'%_topdir': '/builddir/build'}
config_opts['module_enable'] = []
config_opts['module_install'] = []
config_opts['more_buildreqs'] = {}
config_opts['no_root_shells'] = False
config_opts['nosync'] = False
config_opts['nosync_force'] = False
config_opts['nspawn_args'] = []
config_opts['online'] = True
config_opts['opstimeout'] = 0
config_opts['package_manager'] = 'yum'
config_opts['plugin_conf'] = {'bind_mount_enable': True,
'bind_mount_opts': {'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'create_dirs': False,
'dirs': [],
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64'},
'ccache_enable': False,
'ccache_opts': {'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'compress': None,
'dir': '%(cache_topdir)s/%(root)s/ccache/u%(chrootuid)s/',
'max_cache_size': '4G',
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64'},
'chroot_scan_enable': False,
'chroot_scan_opts': {'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'only_failed': True,
'regexes': ['^[^k]?core(\\.\\d+)?$', '\\.log$'],
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64'},
'hw_info_enable': True,
'hw_info_opts': {'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64'},
'lvm_root_enable': False,
'lvm_root_opts': {'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'pool_name': 'mockbuild',
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64'},
'mount_enable': False,
'mount_opts': {'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64'},
'overlayfs_enable': False,
'overlayfs_opts': {'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64'},
'package_state_enable': False,
'package_state_opts': {'available_pkgs': False,
'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'installed_pkgs': True,
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64'},
'pm_request_enable': False,
'pm_request_opts': {'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64'},
'root_cache_enable': True,
'root_cache_opts': {'age_check': True,
'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'compress_program': 'pigz',
'dir': '%(cache_topdir)s/%(root)s/root_cache/',
'exclude_dirs': ['./proc',
'./sys',
'./dev',
'./tmp/ccache',
'./var/cache/yum',
'./var/cache/dnf'],
'extension': '.gz',
'max_age_days': 15,
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64'},
'selinux_enable': True,
'selinux_opts': {'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64'},
'sign_enable': False,
'sign_opts': {'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'cmd': 'rpmsign',
'opts': '--addsign %(rpms)s',
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64'},
'tmpfs_enable': False,
'tmpfs_opts': {'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'keep_mounted': False,
'max_fs_size': None,
'mode': '0755',
'required_ram_mb': 900,
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64'},
'yum_cache_enable': True,
'yum_cache_opts': {'basedir': '/var/lib/mock/epel-7-x86_64',
'cache_topdir': '/var/cache/mock',
'cachedir': '/var/cache/mock/epel-7-x86_64',
'dir': '%(cache_topdir)s/%(root)s/%(package_manager)s_cache/',
'max_age_days': 30,
'max_metadata_age_days': 30,
'online': True,
'package_manager': 'yum',
'resultdir': '/var/lib/mock/epel-7-x86_64/result',
'root': 'epel-7-x86_64',
'target_dir': '/var/cache/%(package_manager)s/'}}
config_opts['plugin_dir'] = '/usr/lib/python2.7/site-packages/mockbuild/plugins'
config_opts['plugins'] = ['tmpfs',
'root_cache',
'yum_cache',
'bind_mount',
'ccache',
'selinux',
'package_state',
'chroot_scan',
'lvm_root',
'compress_logs',
'sign',
'pm_request',
'hw_info',
'mount',
'overlayfs']
config_opts['post_install'] = False
config_opts['print_main_output'] = True
config_opts['priorities.conf'] = '\n[main]\nenabled=0'
config_opts['releasever'] = '7'
config_opts['resultdir'] = '%(basedir)s/%(root)s/result'
config_opts['rhnplugin.conf'] = '\n[main]\nenabled=0'
config_opts['root'] = 'epel-7-x86_64'
config_opts['root_log_fmt_name'] = 'detailed'
config_opts['root_log_fmt_str'] = '%(levelname)s %(filename)s:%(lineno)d: %(message)s'
config_opts['rpm_command'] = '/bin/rpm'
config_opts['rpmbuild_arch'] = 'x86_64'
config_opts['rpmbuild_command'] = '/usr/bin/rpmbuild'
config_opts['rpmbuild_networking'] = False
config_opts['rpmbuild_timeout'] = 0
config_opts['scm'] = False
config_opts['scm_opts'] = {'cvs_get': 'cvs -d /srv/cvs co SCM_BRN SCM_PKG',
'distgit_get': 'rpkg clone -a --branch SCM_BRN SCM_PKG SCM_PKG',
'distgit_src_get': 'rpkg sources',
'exclude_vcs': True,
'ext_src_dir': '/dev/null',
'git_get': 'git clone SCM_BRN git://localhost/SCM_PKG.git SCM_PKG',
'git_timestamps': False,
'method': 'git',
'spec': 'SCM_PKG.spec',
'svn_get': 'svn co file:///srv/svn/SCM_PKG/SCM_BRN SCM_PKG',
'write_tar': False}
config_opts['state_log_fmt_name'] = 'state'
config_opts['state_log_fmt_str'] = '%(asctime)s - %(message)s'
config_opts['subscription-manager.conf'] = ''
config_opts['system_dnf_command'] = '/usr/bin/dnf'
config_opts['system_yum_command'] = '/usr/bin/yum'
config_opts['target_arch'] = 'x86_64'
config_opts['update_before_build'] = True
config_opts['use_bootstrap_container'] = False
config_opts['use_container_host_hostname'] = True
config_opts['use_host_resolv'] = False
config_opts['use_nspawn'] = True
config_opts['useradd'] = '/usr/sbin/useradd -o -m -u %(uid)s -g %(gid)s -d %(home)s -n %(user)s'
config_opts['verbose'] = 1
config_opts['version'] = '1.4.10'
config_opts['yum.conf'] = '\n[main]\nkeepcache=1\ndebuglevel=2\nreposdir=/dev/null\nlogfile=/var/log/yum.log\nretries=20\nobsoletes=1\ngpgcheck=0\nassumeyes=1\nsyslog_ident=mock\nsyslog_device=\nmdpolicy=group:primary\nbest=1\n\n# repos\n[base]\nname=BaseOS\nmirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os\nfailovermethod=priority\ngpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-7\ngpgcheck=1\nskip_if_unavailable=False\n\n[updates]\nname=updates\nenabled=1\nmirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates\nfailovermethod=priority\ngpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-7\ngpgcheck=1\nskip_if_unavailable=False\n\n[epel]\nname=epel\nmirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=x86_64\nfailovermethod=priority\ngpgkey=file:///usr/share/distribution-gpg-keys/epel/RPM-GPG-KEY-EPEL-7\ngpgcheck=1\nskip_if_unavailable=False\n\n[extras]\nname=extras\nmirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=extras\nfailovermethod=priority\ngpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-7\ngpgcheck=1\nskip_if_unavailable=False\n\n[sclo]\nname=sclo\nbaseurl=http://mirror.centos.org/centos/7/sclo/x86_64/sclo/\ngpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-SIG-SCLo\ngpgcheck=1\nincludepkgs=devtoolset*\nskip_if_unavailable=False\n\n[sclo-rh]\nname=sclo-rh\nbaseurl=http://mirror.centos.org/centos/7/sclo/x86_64/rh/\ngpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-SIG-SCLo\ngpgcheck=1\nincludepkgs=devtoolset*\nskip_if_unavailable=False\n\n[testing]\nname=epel-testing\nenabled=0\nmirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel7&arch=x86_64\nfailovermethod=priority\nskip_if_unavailable=False\n\n[local]\nname=local\nbaseurl=https://kojipkgs.fedoraproject.org/repos/epel7-build/latest/x86_64/\ncost=2000\nenabled=0\nskip_if_unavailable=False\n\n[epel-debuginfo]\nname=epel-debug\nmirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-7&arch=x86_64\nfailovermethod=priority\nenabled=0\nskip_if_unavailable=False\n'
config_opts['yum_builddep_command'] = '/usr/bin/yum-builddep'
config_opts['yum_builddep_opts'] = []
config_opts['yum_command'] = '/usr/bin/yum'
config_opts['yum_common_opts'] = []
config_opts['yum_install_command'] = 'install yum yum-utils shadow-utils distribution-gpg-keys'
Finish: run
I've faced with same issue and found solution with disabling spawn in config like this: echo "config_opts['use_nspawn'] = False" >> /etc/mock/site-defaults.cfg
It will be nice to describe this in docs in Docker section.
Yes, we don't know how to run systemd-nspawn in container, yet. See pull request #337 which should lower the pain. Otherwise this is known problem.
Since this is about making systemd-nspawn work in docker, I'm flagging it as RFE.