Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Addition Regression 0.275.1 -> 0.282.0 with Podman + SELinux #8557

Closed
garryod opened this issue Jun 1, 2023 · 4 comments
Closed

Feature Addition Regression 0.275.1 -> 0.282.0 with Podman + SELinux #8557

garryod opened this issue Jun 1, 2023 · 4 comments
Assignees
@chrmarti
Labels
bug Issue identified by VS Code Team member as probable bug containers Issue in vscode-remote containers podman Dev Container using Podman

Comments

@garryod
Copy link

garryod commented Jun 1, 2023
edited
Loading

As of v0.282.0 of the ms-vscode-remote.remote-containers extension, adding a dev container feature to a container in a Podman + SELinux environment results in a build failure with cp: cannot access '/tmp/build-features-src/common-utils_1': Permission denied. This is likely a result of the change to mounting the /tmp/build-features-src/common-utils_1 directory with --mount=type=bind, see: containers/podman#15423

  • VSCode Version: 1.77.3

  • Local OS Version: Red Hat Enterprise Linux release 8.7 (Ootpa)

  • Remote OS Version: node:18-bullseye

  • Remote Extension/Connection Type: Containers

  • Logs:

[2023-06-01T11:23:19.815Z] Dev Containers 0.288.0 in VS Code 1.77.3 (704ed70d4fd1c6bd6342c436f1ede30d1cff4710).
[2023-06-01T11:23:19.815Z] Start: Resolving Remote
[2023-06-01T11:23:19.835Z] Setting up container for folder or workspace: /scratch/enu43627/projects/developer-portal/developer-guide
[2023-06-01T11:23:19.836Z] Host: unix:///run/user/1218453/podman/podman.sock
[2023-06-01T11:23:19.847Z] Start: Check Docker is running
[2023-06-01T11:23:19.847Z] Start: Run: podman version --format {{.Server.APIVersion}}
[2023-06-01T11:23:19.899Z] Stop (52 ms): Run: podman version --format {{.Server.APIVersion}}
[2023-06-01T11:23:19.900Z] Server API version: 4.4.1
[2023-06-01T11:23:19.900Z] Stop (53 ms): Check Docker is running
[2023-06-01T11:23:19.900Z] Start: Run: podman volume ls -q
[2023-06-01T11:23:19.941Z] Stop (41 ms): Run: podman volume ls -q
[2023-06-01T11:23:19.942Z] Start: Run: podman inspect --type container 22e65ab3acf63ed6168d97782cf7cf981702590d837d45f16db87be2825e72b0
[2023-06-01T11:23:19.976Z] Stop (34 ms): Run: podman inspect --type container 22e65ab3acf63ed6168d97782cf7cf981702590d837d45f16db87be2825e72b0
[2023-06-01T11:23:19.976Z] Start: Run: podman ps -q -a --filter label=vsch.local.folder=/scratch/enu43627/projects/developer-portal/developer-guide --filter label=vsch.quality=stable
[2023-06-01T11:23:20.021Z] Stop (45 ms): Run: podman ps -q -a --filter label=vsch.local.folder=/scratch/enu43627/projects/developer-portal/developer-guide --filter label=vsch.quality=stable
[2023-06-01T11:23:20.021Z] Start: Run: podman ps -q -a --filter label=devcontainer.local_folder=/scratch/enu43627/projects/developer-portal/developer-guide --filter label=devcontainer.config_file=/scratch/enu43627/projects/developer-portal/developer-guide/.devcontainer/devcontainer.json
[2023-06-01T11:23:20.062Z] Stop (41 ms): Run: podman ps -q -a --filter label=devcontainer.local_folder=/scratch/enu43627/projects/developer-portal/developer-guide --filter label=devcontainer.config_file=/scratch/enu43627/projects/developer-portal/developer-guide/.devcontainer/devcontainer.json
[2023-06-01T11:23:20.062Z] Start: Run: podman ps -q -a --filter label=devcontainer.local_folder=/scratch/enu43627/projects/developer-portal/developer-guide
[2023-06-01T11:23:20.098Z] Stop (36 ms): Run: podman ps -q -a --filter label=devcontainer.local_folder=/scratch/enu43627/projects/developer-portal/developer-guide
[2023-06-01T11:23:20.098Z] Start: Run: podman ps -q -a --filter label=devcontainer.local_folder=/scratch/enu43627/projects/developer-portal/developer-guide
[2023-06-01T11:23:20.142Z] Stop (44 ms): Run: podman ps -q -a --filter label=devcontainer.local_folder=/scratch/enu43627/projects/developer-portal/developer-guide
[2023-06-01T11:23:20.143Z] Start: Run: /dls_sw/apps/vscode/1.77.3/code --ms-enable-electron-run-as-node /home/enu43627/.vscode/extensions/ms-vscode-remote.remote-containers-0.288.0/dist/spec-node/devContainersSpecCLI.js up --user-data-folder /home/enu43627/.config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data --docker-path podman --docker-compose-path /home/enu43627/.local/bin/docker-compose --container-session-data-folder /tmp/devcontainers-ca8ffa58-0a02-4199-a1e1-c26a159d7f4e1685618599148 --workspace-folder /scratch/enu43627/projects/developer-portal/developer-guide --workspace-mount-consistency cached --id-label devcontainer.local_folder=/scratch/enu43627/projects/developer-portal/developer-guide --id-label devcontainer.config_file=/scratch/enu43627/projects/developer-portal/developer-guide/.devcontainer/devcontainer.json --log-level debug --log-format json --config /scratch/enu43627/projects/developer-portal/developer-guide/.devcontainer/devcontainer.json --default-user-env-probe loginInteractiveShell --mount type=volume,source=vscode,target=/vscode,external=true --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root true
[2023-06-01T11:23:20.339Z] @devcontainers/cli 0.35.0. Node.js v16.14.2. linux 4.18.0-425.13.1.el8_7.x86_64 x64.
[2023-06-01T11:23:20.339Z] Start: Run: podman buildx version
[2023-06-01T11:23:20.375Z] Stop (36 ms): Run: podman buildx version
[2023-06-01T11:23:20.376Z] buildah 1.29.0
[2023-06-01T11:23:20.376Z] 
[2023-06-01T11:23:20.376Z] Start: Resolving Remote
[2023-06-01T11:23:20.379Z] Running the initializeCommand from devcontainer.json...

[2023-06-01T11:23:20.379Z] Start: Run: /bin/sh -c bash -c 'for i in $HOME/.inputrc; do [ -f $i ] || touch $i; done'
[2023-06-01T11:23:20.586Z] Stop (207 ms): Run: /bin/sh -c bash -c 'for i in $HOME/.inputrc; do [ -f $i ] || touch $i; done'
[2023-06-01T11:23:20.587Z] 
[2023-06-01T11:23:20.587Z] Start: Run: podman ps -q -a --filter label=devcontainer.local_folder=/scratch/enu43627/projects/developer-portal/developer-guide --filter label=devcontainer.config_file=/scratch/enu43627/projects/developer-portal/developer-guide/.devcontainer/devcontainer.json
[2023-06-01T11:23:20.628Z] Stop (41 ms): Run: podman ps -q -a --filter label=devcontainer.local_folder=/scratch/enu43627/projects/developer-portal/developer-guide --filter label=devcontainer.config_file=/scratch/enu43627/projects/developer-portal/developer-guide/.devcontainer/devcontainer.json
[2023-06-01T11:23:20.630Z] Start: Run: podman inspect --type image node:18-bullseye
[2023-06-01T11:23:20.692Z] Stop (62 ms): Run: podman inspect --type image node:18-bullseye
[2023-06-01T11:23:20.694Z] local container features stored at: /home/enu43627/.vscode/extensions/ms-vscode-remote.remote-containers-0.288.0/dist/node_modules/vscode-dev-containers/container-features
[2023-06-01T11:23:20.694Z] Start: Run: tar --no-same-owner -x -f -
[2023-06-01T11:23:20.718Z] Stop (24 ms): Run: tar --no-same-owner -x -f -
[2023-06-01T11:23:20.731Z] * Processing feature: ghcr.io/devcontainers/features/common-utils:2.0.10
[2023-06-01T11:23:21.280Z] * Fetching feature: common-utils_1_oci
[2023-06-01T11:23:21.604Z] Start: Run: podman buildx build --load --build-arg BUILDKIT_INLINE_CACHE=1 -f /scratch/enu43627/containers/tmpdir/devcontainercli-enu43627/container-features/0.35.0-1685618600693/Dockerfile-with-features -t vsc-developer-guide-c0516e83fc48835294a9d8be9264aede0af2175ed913898fcfbf60b95bdf3d4f --target dev_containers_target_stage --build-context dev_containers_feature_content_source=/scratch/enu43627/containers/tmpdir/devcontainercli-enu43627/container-features/0.35.0-1685618600693 --build-arg _DEV_CONTAINERS_BASE_IMAGE=dev_container_auto_added_stage_label --build-arg _DEV_CONTAINERS_IMAGE_USER=root --build-arg _DEV_CONTAINERS_FEATURE_CONTENT_SOURCE=dev_container_feature_content_temp /scratch/enu43627/projects/developer-portal/developer-guide
[2023-06-01T11:23:21.638Z] [1/3] STEP 1/3: FROM node:18-bullseye AS dev_container_auto_added_stage_label
[2023-06-01T11:23:21.676Z] [1/3] STEP 2/3: COPY requirements.txt /tmp/requirements.txt
[2023-06-01T11:23:21.841Z] --> Using cache fedb671b50e09bf80c5efd548cad99fef48a07e28ba6408122ae19ca1c6da7ee
--> fedb671b50e
[2023-06-01T11:23:21.846Z] [1/3] STEP 3/3: RUN apt-get update     && apt-get install -y --no-install-recommends         python3-pip     && pip install -r /tmp/requirements.txt     && rm -rf /var/lib/apt/lists/*     && rm /tmp/requirements.txt
[2023-06-01T11:23:21.852Z] --> Using cache 33094fa1bf0ac08d0eb9281da4e0c098b40e3b6ae073085f60f67e3739228e09
--> 33094fa1bf0
[2023-06-01T11:23:21.852Z] [2/3] STEP 1/4: FROM 33094fa1bf0ac08d0eb9281da4e0c098b40e3b6ae073085f60f67e3739228e09 AS dev_containers_feature_content_normalize
[2023-06-01T11:23:21.857Z] [2/3] STEP 2/4: USER root
[2023-06-01T11:23:21.863Z] --> Using cache 813d9121841f7285e3279bcda1fe746af42c17b58607c0bd932aa10e06981240
--> 813d9121841
[2023-06-01T11:23:21.869Z] [2/3] STEP 3/4: COPY --from=dev_containers_feature_content_source devcontainer-features.builtin.env /tmp/build-features/
[2023-06-01T11:23:22.025Z] --> Using cache de8ab4b568ef29f3a9876f3b8b5c6d5911da7ae207c8d5e0fd95184ffead1a84
--> de8ab4b568e
[2023-06-01T11:23:22.031Z] [2/3] STEP 4/4: RUN chmod -R 0755 /tmp/build-features/
[2023-06-01T11:23:22.037Z] --> Using cache 8baac4cc325583ef2b1da1c77a540d2b175e259a083ea9ccd16f7d6fd63e9403
--> 8baac4cc325
[2023-06-01T11:23:22.042Z] [3/3] STEP 1/9: FROM 33094fa1bf0ac08d0eb9281da4e0c098b40e3b6ae073085f60f67e3739228e09 AS dev_containers_target_stage
[2023-06-01T11:23:22.047Z] [3/3] STEP 2/9: USER root
[2023-06-01T11:23:22.052Z] --> Using cache 813d9121841f7285e3279bcda1fe746af42c17b58607c0bd932aa10e06981240
--> 813d9121841
[2023-06-01T11:23:22.057Z] [3/3] STEP 3/9: RUN mkdir -p /tmp/dev-container-features
[2023-06-01T11:23:22.062Z] --> Using cache 7365d3b5dc80953838b5396443e8102dc058a2a99f0ff23e76dfc18792a6570c
--> 7365d3b5dc8
[2023-06-01T11:23:22.067Z] [3/3] STEP 4/9: COPY --from=dev_containers_feature_content_normalize /tmp/build-features/ /tmp/dev-container-features
[2023-06-01T11:23:22.231Z] --> Using cache e114262feb74af9c1a626f11507071f2889b28461a2f663193203c20a4f88ca1
--> e114262feb7
[2023-06-01T11:23:22.236Z] [3/3] STEP 5/9: RUN echo "_CONTAINER_USER_HOME=$(getent passwd root | cut -d: -f6)" >> /tmp/dev-container-features/devcontainer-features.builtin.env && echo "_REMOTE_USER_HOME=$(getent passwd root | cut -d: -f6)" >> /tmp/dev-container-features/devcontainer-features.builtin.env
[2023-06-01T11:23:22.241Z] --> Using cache d87f040fd813d8678e081b8f31074482e30ee91f365743ada878f7ce1d9185ac
--> d87f040fd81
[2023-06-01T11:23:22.247Z] [3/3] STEP 6/9: RUN --mount=type=bind,from=dev_containers_feature_content_source,source=common-utils_1,target=/tmp/build-features-src/common-utils_1     cp -ar /tmp/build-features-src/common-utils_1 /tmp/dev-container-features  && chmod -R 0755 /tmp/dev-container-features/common-utils_1  && cd /tmp/dev-container-features/common-utils_1  && chmod +x ./devcontainer-features-install.sh  && ./devcontainer-features-install.sh  && rm -rf /tmp/dev-container-features/common-utils_1
[2023-06-01T11:23:22.492Z] cp: cannot access '/tmp/build-features-src/common-utils_1': Permission denied
[2023-06-01T11:23:22.836Z] Error: building at STEP "RUN --mount=type=bind,from=dev_containers_feature_content_source,source=common-utils_1,target=/tmp/build-features-src/common-utils_1 cp -ar /tmp/build-features-src/common-utils_1 /tmp/dev-container-features  && chmod -R 0755 /tmp/dev-container-features/common-utils_1  && cd /tmp/dev-container-features/common-utils_1  && chmod +x ./devcontainer-features-install.sh  && ./devcontainer-features-install.sh  && rm -rf /tmp/dev-container-features/common-utils_1": while running runtime: exit status 1
[2023-06-01T11:23:23.037Z] Stop (1433 ms): Run: podman buildx build --load --build-arg BUILDKIT_INLINE_CACHE=1 -f /scratch/enu43627/containers/tmpdir/devcontainercli-enu43627/container-features/0.35.0-1685618600693/Dockerfile-with-features -t vsc-developer-guide-c0516e83fc48835294a9d8be9264aede0af2175ed913898fcfbf60b95bdf3d4f --target dev_containers_target_stage --build-context dev_containers_feature_content_source=/scratch/enu43627/containers/tmpdir/devcontainercli-enu43627/container-features/0.35.0-1685618600693 --build-arg _DEV_CONTAINERS_BASE_IMAGE=dev_container_auto_added_stage_label --build-arg _DEV_CONTAINERS_IMAGE_USER=root --build-arg _DEV_CONTAINERS_FEATURE_CONTENT_SOURCE=dev_container_feature_content_temp /scratch/enu43627/projects/developer-portal/developer-guide
[2023-06-01T11:23:23.037Z] Error: Command failed: podman buildx build --load --build-arg BUILDKIT_INLINE_CACHE=1 -f /scratch/enu43627/containers/tmpdir/devcontainercli-enu43627/container-features/0.35.0-1685618600693/Dockerfile-with-features -t vsc-developer-guide-c0516e83fc48835294a9d8be9264aede0af2175ed913898fcfbf60b95bdf3d4f --target dev_containers_target_stage --build-context dev_containers_feature_content_source=/scratch/enu43627/containers/tmpdir/devcontainercli-enu43627/container-features/0.35.0-1685618600693 --build-arg _DEV_CONTAINERS_BASE_IMAGE=dev_container_auto_added_stage_label --build-arg _DEV_CONTAINERS_IMAGE_USER=root --build-arg _DEV_CONTAINERS_FEATURE_CONTENT_SOURCE=dev_container_feature_content_temp /scratch/enu43627/projects/developer-portal/developer-guide
[2023-06-01T11:23:23.037Z]     at Sse (/home/enu43627/.vscode/extensions/ms-vscode-remote.remote-containers-0.288.0/dist/spec-node/devContainersSpecCLI.js:1917:1698)
[2023-06-01T11:23:23.037Z]     at process.processTicksAndRejections (node:internal/process/task_queues:96:5)
[2023-06-01T11:23:23.038Z]     at async AD (/home/enu43627/.vscode/extensions/ms-vscode-remote.remote-containers-0.288.0/dist/spec-node/devContainersSpecCLI.js:1916:3889)
[2023-06-01T11:23:23.038Z]     at async J7 (/home/enu43627/.vscode/extensions/ms-vscode-remote.remote-containers-0.288.0/dist/spec-node/devContainersSpecCLI.js:1916:2808)
[2023-06-01T11:23:23.038Z]     at async $se (/home/enu43627/.vscode/extensions/ms-vscode-remote.remote-containers-0.288.0/dist/spec-node/devContainersSpecCLI.js:1931:2626)
[2023-06-01T11:23:23.038Z]     at async Ah (/home/enu43627/.vscode/extensions/ms-vscode-remote.remote-containers-0.288.0/dist/spec-node/devContainersSpecCLI.js:1931:3741)
[2023-06-01T11:23:23.038Z]     at async aae (/home/enu43627/.vscode/extensions/ms-vscode-remote.remote-containers-0.288.0/dist/spec-node/devContainersSpecCLI.js:2059:17376)
[2023-06-01T11:23:23.038Z]     at async oae (/home/enu43627/.vscode/extensions/ms-vscode-remote.remote-containers-0.288.0/dist/spec-node/devContainersSpecCLI.js:2059:17117)
[2023-06-01T11:23:23.041Z] Stop (2898 ms): Run: /dls_sw/apps/vscode/1.77.3/code --ms-enable-electron-run-as-node /home/enu43627/.vscode/extensions/ms-vscode-remote.remote-containers-0.288.0/dist/spec-node/devContainersSpecCLI.js up --user-data-folder /home/enu43627/.config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data --docker-path podman --docker-compose-path /home/enu43627/.local/bin/docker-compose --container-session-data-folder /tmp/devcontainers-ca8ffa58-0a02-4199-a1e1-c26a159d7f4e1685618599148 --workspace-folder /scratch/enu43627/projects/developer-portal/developer-guide --workspace-mount-consistency cached --id-label devcontainer.local_folder=/scratch/enu43627/projects/developer-portal/developer-guide --id-label devcontainer.config_file=/scratch/enu43627/projects/developer-portal/developer-guide/.devcontainer/devcontainer.json --log-level debug --log-format json --config /scratch/enu43627/projects/developer-portal/developer-guide/.devcontainer/devcontainer.json --default-user-env-probe loginInteractiveShell --mount type=volume,source=vscode,target=/vscode,external=true --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root true
[2023-06-01T11:23:23.042Z] Exit code 1
[2023-06-01T11:23:23.044Z] Command failed: /dls_sw/apps/vscode/1.77.3/code --ms-enable-electron-run-as-node /home/enu43627/.vscode/extensions/ms-vscode-remote.remote-containers-0.288.0/dist/spec-node/devContainersSpecCLI.js up --user-data-folder /home/enu43627/.config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data --docker-path podman --docker-compose-path /home/enu43627/.local/bin/docker-compose --container-session-data-folder /tmp/devcontainers-ca8ffa58-0a02-4199-a1e1-c26a159d7f4e1685618599148 --workspace-folder /scratch/enu43627/projects/developer-portal/developer-guide --workspace-mount-consistency cached --id-label devcontainer.local_folder=/scratch/enu43627/projects/developer-portal/developer-guide --id-label devcontainer.config_file=/scratch/enu43627/projects/developer-portal/developer-guide/.devcontainer/devcontainer.json --log-level debug --log-format json --config /scratch/enu43627/projects/developer-portal/developer-guide/.devcontainer/devcontainer.json --default-user-env-probe loginInteractiveShell --mount type=volume,source=vscode,target=/vscode,external=true --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root true
[2023-06-01T11:23:23.044Z] Exit code 1

Steps to Reproduce:

  1. Set dev.containers.dockerPath to point to an instance of podman
  2. Build a container with a feature (e.g. ghcr.io/devcontainers/features/common-utils:2.0.10)

Does this issue occur when you try this locally?: Yes
Does this issue occur when you try this locally and all extensions are disabled?: Yes
@garryod garryod changed the title Feature Addition Regression 0.275 with Podman + SELinux Feature Addition Regression 0.275.1 -> 0.282.0 with Podman + SELinux Jun 1, 2023
@github-actions github-actions bot added the containers Issue in vscode-remote containers label Jun 1, 2023
@Jarartur
Copy link

Jarartur commented Oct 2, 2023
edited
Loading

I stumbled upon this issue too. Is there any workaround, like adding the z parameter to the --mount? I'm quite inexperienced with containers, but I understand a user can't modify those commands ran?
Running with:

"runArgs": [
    "--security-opt",
    "label=disable"
]

does not help in my case.

@garryod
Copy link
Author

garryod commented Oct 4, 2023

As the mount is internal to the devcontainer build process, runArgs will not take affect. All I, and my colleagues, have been able to do thus far is pin the extension version to 0.275.1. Would be really nice to see this resolved

@gilesknap
Copy link

Here is a horrible workaround that gets you up and running with the latest devcontainers extension 0.315.1

create a bash script called podman in your path that looks like this:

#!/bin/bash
 
if [[  "${@}" == "buildx build"* ]] ; then
  shift 2
  /usr/bin/podman buildx build --security-opt=label=disable "${@}"
else
  /usr/bin/podman "${@}"
fi

This was referenced Nov 17, 2023
Closed
Open
@chrmarti chrmarti self-assigned this Dec 1, 2023
@chrmarti chrmarti added podman Dev Container using Podman bug Issue identified by VS Code Team member as probable bug labels Dec 1, 2023
@chrmarti
Copy link
Contributor

chrmarti commented Dec 1, 2023

Continuing in devcontainers/cli#548.

@chrmarti chrmarti closed this as completed Dec 1, 2023
@microsoft microsoft locked and limited conversation to collaborators Jan 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@chrmarti chrmarti

Labels
bug Issue identified by VS Code Team member as probable bug containers Issue in vscode-remote containers podman Dev Container using Podman
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gilesknap @chrmarti @Jarartur @garryod