starting container process caused "apply caps: operation not permitted"

Asked by Julio Montes on 2019-08-28

I'm trying to generate the snap for kata container but I get the following error when `docker run --cap-add ` is executed

docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "apply caps: operation not permitted": unknown.

did something change recently in the launchpad's build system/machine/VMs?

for more information
https://launchpadlibrarian.net/439349758/buildlog_snap_ubuntu_bionic_amd64_snap-stable_BUILDING.txt.gz

Question information

Language:
English Edit question
Status:
Expired
For:
Launchpad itself Edit question
Assignee:
No assignee Edit question
Last query:
2019-08-30
Last reply:
2019-09-15
Colin Watson (cjwatson) said : #1

Nothing has changed recently that I know of. When was the last successful run? Have you tried diffing build logs between successful and failing versions to see if that shows up any differences in build-dependencies and such?

Julio Montes (devimc) said : #2

Hi Colin,

Thanks for answering,

I spent some time debugging this issue and found that the problem is the --privileged flag in docker, seems like it's not possible to run privileged containers, I guess it's a security feature, is this expected?

Julio Montes (devimc) said : #3

I almost forgot to mention that the last successful run was in the last release (1.9.0-alpha) and it got broken because now we need priivileged containers to build some components.

Julio Montes (devimc) said : #4

found a workaround in our side to avoid the use of privileged containers, but the run still fails because loop devices are not block devices .. ?

ERROR: File /dev/loop2p1 is not a block device
ERROR: File /dev/loop3p1 is not a block device
ERROR: File /dev/loop4p1 is not a block device
ERROR: File /dev/loop5p1 is not a block device
ERROR: File /dev/loop6p1 is not a block device
ERROR: File /dev/loop7p1 is not a block device
losetup: /tmp/tmp.YZJDq89pSg: failed to set up loop device: No such file or directory
Error: Could not stat device - No such file or directory.

full log https://launchpadlibrarian.net/439610116/buildlog_snap_ubuntu_bionic_amd64_snap-stable_BUILDING.txt.gz

Launchpad Janitor (janitor) said : #5

This question was expired because it remained in the 'Open' state without activity for the last 15 days.