You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are a number of bug reports in various places that look like the following.
executor failed running [/dev/.buildkit_qemu_emulator xyz]:
failed to copy xattrs: failed to set xattr "security.selinux" on
/tmp/buildkit-qemu-emulator538849571/dev/.buildkit_qemu_emulator:
operation not supported
The issue applies to systems with SELinux enabled; SELinux prevents the modification of an ACL attached to a file as an xattr.
The error arises when copying the emulator binary into a temporary location:
Several years ago the PR containerd/continuity#138 added an option to ignore xattr errors specifically due to this security.selinux issue. The tonistiigi/fsutil implementation mirrors this option, but it is unused in the BuildKit code.
I believe in the BuildKit code ci.XAttrErrorHandler should be set to a function that ignores ENOTSUP, as in this PR.
There are a number of bug reports in various places that look like the following.
The issue applies to systems with SELinux enabled; SELinux prevents the modification of an ACL attached to a file as an xattr.
The error arises when copying the emulator binary into a temporary location:
buildkit/solver/llbsolver/ops/exec_binfmt.go
Lines 67 to 72 in db6989a
The implementation of
copy.Copy()
is from tonistiigi/fsutil. The error string "failed to copy xattrs" originates here:https://github.com/tonistiigi/fsutil/blob/0789dc562bd7099bec7be479164e261ac5334f5f/copy/copy.go#L425-L427
Several years ago the PR containerd/continuity#138 added an option to ignore xattr errors specifically due to this
security.selinux
issue. The tonistiigi/fsutil implementation mirrors this option, but it is unused in the BuildKit code.I believe in the BuildKit code
ci.XAttrErrorHandler
should be set to a function that ignoresENOTSUP
, as in this PR.cc @tonistiigi.
The text was updated successfully, but these errors were encountered: