runc v1.2.1 appears to break Rootless BuildKit (cgroup: open /sys/fs/cgroup/snschvixiy3s74w74fjantrdg: no such file or directory) #4518
Description
It looks like PR #5443 has broken rootless builds. The problem seems related to issue #4483.
Is a container being removed twice à la double free? These two cases illustrate the issue.
$ cat Dockerfile FROM alpine RUN mkdir /tmp/empty_directoryCase 1: working with 0.17.0-rootless
$ docker run \ --name buildkitd-v17 \ -d \ --security-opt seccomp=unconfined \ --security-opt apparmor=unconfined \ moby/buildkit:v0.17.0-rootless --oci-worker-no-process-sandbox $ buildctl --addr docker-container://buildkitd-v17 build --frontend dockerfile.v0 --local context=. --local dockerfile=. [+] Building 7.9s (5/5) FINISHED => [internal] load build definition from Dockerfile 0.6s => => transferring dockerfile: 80B 0.2s => [internal] load metadata for docker.io/library/alpine:latest 2.2s => [internal] load .dockerignore 0.3s => => transferring context: 2B 0.1s => [1/2] FROM docker.io/library/alpine:latest@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d 2.9s => => resolve docker.io/library/alpine:latest@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d 0.1s => => sha256:43c4264eed91be63b206e17d93e75256a6097070ce643c5e8f0379998b44f170 3.62MB / 3.62MB 0.5s => => extracting sha256:43c4264eed91be63b206e17d93e75256a6097070ce643c5e8f0379998b44f170 2.0s => [2/2] RUN mkdir /tmp/empty_directory 1.0sCase 2: regression with master-rootless
$ docker run \ --name buildkitd \ -d \ --security-opt seccomp=unconfined \ --security-opt apparmor=unconfined \ moby/buildkit:master-rootless --oci-worker-no-process-sandbox $ buildctl --addr docker-container://buildkitd build --frontend dockerfile.v0 --local context=. --local dockerfile=. [+] Building 3.4s (5/5) FINISHED => [internal] load build definition from Dockerfile 0.2s => => transferring dockerfile: 80B 0.1s => [internal] load metadata for docker.io/library/alpine:latest 1.0s => [internal] load .dockerignore 0.3s => => transferring context: 2B 0.2s => CACHED [1/2] FROM docker.io/library/alpine:latest@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d 0.2s => => resolve docker.io/library/alpine:latest@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d 0.1s => ERROR [2/2] RUN mkdir /tmp/empty_directory 0.9s ------ > [2/2] RUN mkdir /tmp/empty_directory: ------ Dockerfile:2 -------------------- 1 | FROM alpine 2 | >>> RUN mkdir /tmp/empty_directory 3 | -------------------- error: failed to solve: process "/bin/sh -c mkdir /tmp/empty_directory" did not complete successfully: buildkit-runc did not terminate successfully: exit status 1: unable to destroy container: unable to remove container's cgroup: open /sys/fs/cgroup/snschvixiy3s74w74fjantrdg: no such file or directory
Originally posted by @samiam in moby/buildkit#5491