[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ServiceAccount used to build images



2018-02-19 11:26 GMT+01:00 Raja <rajasaur gmail com>:
Hi
Im trying to use a SVN Builder as a Custom Strategy to build my images from Subversion. Im following the links https://github.com/gabrielscheffer/osev3-examples/tree/master/external_builder/svn-builder. I have been able to pull my source code from SVN and be able to run the Dockerfile.

My Dockerfile runs an apt-get -y update to update itself and the build fails at this point with a 

Step 4 : RUN apt-get -y update && apt-get install -y default-jdk         maven         git

 ---> Running in ed1a6e0a8bc0

E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)

E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)

E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?

The command '/bin/sh -c apt-get -y update && apt-get install -y default-jdk         maven         git' returned a non-zero code: 100

An image does not exist locally with the tag: 172.30.1.1:5000/myproject/test


I understand that this is because the image is not run as root and hence its failing, but Im trying to understand the service account that is used to build this for the Custom Strategy so I can relax it by adding it to the anyuid scc. All the tutorials I have seen are about relaxing rules when the container is run, but in my case, it happens during the time of building my image that is then pushed to the internal registry.


AFAIR building an image requires root privileges. It means that the issue isn't related to SCC and the builder pod is already have appropriate permissions.

I think that this happens because RUN is being executed under non-privileged user. So, somewhere above this directive you have USER directive that changes the current user. Try to add USER root before RUN to change the current user to root. Also don't forget to add USER <id/name> back after you finish privileged operations.


--
Slava Semushin | OpenShift

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]