Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to run /usr/bin/sudo due to volumes/main partition mounted with nosuid #859

Open
kellermanrivero opened this issue Mar 15, 2024 · 1 comment
Open

Unable to run /usr/bin/sudo due to volumes/main partition mounted with nosuid #859

kellermanrivero opened this issue Mar 15, 2024 · 1 comment
Assignees
@mharwani
Labels
bug Something isn't working

Comments

@kellermanrivero
Copy link

Describe the bug
Unable to use finch to build crops/poky container used for build yocto (yocto is a Linux meta-distribution for embedded devices).

/usr/bin/sudo fails with this message:

sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

Steps to reproduce

Dockerfile:

(docker/Dockerfile)

FROM crops/poky@sha256:cecb8668a35b712cbb78d2b427934c27c5048d85d9734ab26bd6d692a9c38105

USER root

# Additional dependencies for Juno build
RUN apt update && apt install -y openssh-client gawk \
    wget \
    git-core \
    diffstat \
    unzip \
    texinfo \
    gcc-multilib \
    build-essential \
    chrpath \
    socat \
    libsdl1.2-dev \
    libgtk2.0-bin \
    xterm \
    libssl-dev \
    lib32ncurses5 \
    lib32z1 \
    ant \
    gcc-multilib \
    g++-multilib \
    libglib2.0-dev \
    libpulse-dev \
    zip \
    docbook \
    bison \
    libgmp3-dev \
    libmpc-dev

USER usersetup

WORKDIR /workdir

Step-by-step

finch build docker -t juno/yocto
finch run -it --rm -v ~/workplace/workdir:/workdir busybox chown -R $(id -u):$(id -g) /workdir
finch run -it --rm -v ~/workplace/workdir:/workdir juno/yocto --workdir=/workdir

Error:

sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
Traceback (most recent call last):
  File "/usr/bin/usersetup.py", line 92, in <module>
    subprocess.check_call(cmd.split(), stdout=sys.stdout, stderr=sys.stderr)
  File "/usr/lib/python2.7/subprocess.py", line 541, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', 'restrict_useradd.sh', '504', '20', 'pokyuser']' returned non-zero exit status 1
FATA[0000] exit status 1

Expected behavior
Container succeeds to run as it does in docker desktop

Screenshots or logs
Screenshot 2024-03-15 at 11 35 04

Additional context
finch-support-20240315113539.zip
@kellermanrivero kellermanrivero added the bug Something isn't working label Mar 15, 2024
@mharwani
Copy link
Member

There are issues with changing permissions on mounted directory with QEMU: lima-vm/lima#231

I see a different error when I switch to "vz" :

$finch run -it --rm -v ~/workplace/workdir:/workdir juno/yocto --workdir=/workdir            
The uid:gid for "/workdir" is "0:0". The uid and gid must be non-zero. Please check to make sure the "volume" or "bind" specified using either "-v" or "--mount" to docker, exists and has a non-zero uid:gid.

@mharwani mharwani self-assigned this Mar 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mharwani mharwani

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mharwani @kellermanrivero