Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission issues when building the Jenkins Docker image with userns-remap #1528

Open
Gthevampire opened this issue Dec 14, 2022 · 0 comments
Open

Permission issues when building the Jenkins Docker image with userns-remap #1528

Gthevampire opened this issue Dec 14, 2022 · 0 comments
Labels
bug

Comments

@Gthevampire
Copy link

Jenkins and plugins versions report

Environment 
Paste the output here

What Operating System are you using (both controller, and any agents involved in the problem)?

OS: Ubuntu 20.04.5 LTS
Docker version 20.10.12, build 20.10.12-0ubuntu2~20.04.1

Also reproduced it on Debian 11 with a slighlty older Docker version.

Reproduction steps

  1. Edit /etc/docker/daemon.json to add:
{
  "userns-remap": "<username>"
}

(Replace <username> by your current username)

  1. Set the second number for your username in /etc/subuid and /etc/subgid with the UID and GID of your username. You can type id <username> to know the values. In my case (and usually) it is 1000.

  2. Get the Dockerfile example from the Jenkins website documentation https://www.jenkins.io/doc/book/installing/docker/

$cat Dockerfile
FROM jenkins/jenkins:2.375.1-jdk11
USER root
RUN apt-get update && apt-get install -y lsb-release
RUN curl -fsSLo /usr/share/keyrings/docker-archive-keyring.asc \
  https://download.docker.com/linux/debian/gpg
RUN echo "deb [arch=$(dpkg --print-architecture) \
  signed-by=/usr/share/keyrings/docker-archive-keyring.asc] \
  https://download.docker.com/linux/debian \
  $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
RUN apt-get update && apt-get install -y docker-ce-cli
USER jenkins
RUN jenkins-plugin-cli --plugins "blueocean:1.25.8 docker-workflow:521.v1a_a_dd2073b_2e"
  1. Build the docker
docker build -t myjenkins-blueocean:2.375.1-1 .

Expected Results

The docker is built without error

Actual Results

Permission error:

Step 8/8 : RUN jenkins-plugin-cli --plugins "blueocean:1.25.8 docker-workflow:521.v1a_a_dd2073b_2e"
 ---> Running in 94f2d09719fc
Unable to create plugin directory: '/usr/share/jenkins/ref/plugins', supply a directory with -d <your-directory>

The /usr/share/jenkins/ref/ directory indeed belongs to root. Same for the logs directory.

Anything else?

Even on the base jenkins image there are some issues

$ docker run -it --rm jenkins/jenkins:2.375.1-jdk11 ls -ltd /usr/share/jenkins/ref
touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?

$ docker run -it --rm --entrypoint='' jenkins/jenkins:2.375.1-jdk11 ls -ltd /usr/share/jenkins/ref
drwxr-xr-x 1 root root 4096 Nov 30 11:07 /usr/share/jenkins/ref
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Gthevampire