Docker runner: operation not permitted (OD-2696)

First-Coder opened 5 days ago

I am not sure if it´s cause of server changing or it´s the last update of onedev. I can´t run a docker build command on my runner anymore. The runner is successfully registered on my self hosted server. The pipeline all run clean some days/weeks ago. But when I run now the runner I go these errors:

18:23:12 Pending resource allocation...
18:23:12 Executing job (executor: Docker-executor, server: 172.25.0.3:5710, network: Docker-executor-5-103-10)...
18:23:12 Copying job dependencies...
18:23:12 Running step "Checkout"...
18:23:12 Checking out code...
18:23:13 Switched to branch 'master'
18:23:13 branch 'master' set up to track 'origin/master'.
18:23:13 Step "Checkout" is successful (0 seconds)
18:23:13 Running step "Build"...
18:23:14 #0 building with "onedev" instance using docker-container driver
18:23:14 
18:23:14 #1 [internal] load build definition from Dockerfile
18:23:14 #1 transferring dockerfile: 644B done
18:23:14 #1 DONE 0.0s
18:23:14 ERROR: failed to build: failed to solve: failed to read dockerfile: failed to mount /tmp/buildkit-mount2891092015: [{Type:bind Source:/var/lib/buildkit/runc-native/snapshots/snapshots/11 Target: Options:[rbind ro]}]: mount source: "/var/lib/buildkit/runc-native/snapshots/snapshots/11", target: "/tmp/buildkit-mount2891092015", fstype: bind, flags: 20481, data: "", err: operation not permitted
18:23:14 Command execution failed (command: docker buildx build --builder onedev --pull . --push -t onedev.first-coder.de/nitrox/baufiwo/homepage:latest -t onedev.first-coder.de/nitrox/baufiwo/homepage:e6ec4fc61287c65e31a679d6e12f023fd2797777, exit code: 1)
18:23:15 Job finished

Here ist the "Build" step configuration:

Bildschirmfoto 2026-02-03 um 18.35.10.png

What I've tried

I tried to deactivate the buildkit with the commandflag: /bin/sh -c export DOCKER_BUILDKIT=0 && exec /root/bin/entrypoint.sh. And I've tried to set the privileged: true flag but both dosen`t work.

Version

Both the server and the agent run on latest image. For server it is now 14.1.3.

Activities

Robin Shen commented 4 days ago
Please run below command on the agent machine to see if it works:

docker buildx build --builder onedev --pull . --push -t <image tag>

If it works, please stop agent container, install bare metal agent (check the + button on agents page for bare metal mode), and run it in console mode from the same terminal where you've successfully run above command. Then test if it works.
Robin Shen commented 4 days ago

If builder onedev does not exist before testing the buildx build command, create it by running docker buildx create --name onedev. Also run the buildx build command from the directory containing a Dockerfile.
First-Coder commented 3 days ago

After checking my server and the logs I found out that my swag container always ban the docker agent container. It´s not directly swag... more fail2ban from swag 😟 . I've changed the fail2ban configuration and whitelist the agent. Now everything works again. Thanks for the fast response 👍
First-Coder changed fields 3 days ago
Name Previous Value Current Value
Type

Bug

Improvement
First-Coder changed fields 3 days ago
Name Previous Value Current Value
Priority

Major

Minor
First-Coder commented 3 days ago

Closed cause of server issues. OneDev does not have any problems.
First-Coder changed state to 'Closed' 3 days ago
Previous Value Current Value
Open

Closed
Login to comment

Name	Previous Value	Current Value
Type	Bug	Improvement

Name	Previous Value	Current Value
Priority	Major	Minor

Previous Value	Current Value
Open	Closed

Type	Improvement
Priority	Minor
Assignee	Robin Shen
Labels	No labels

Issue Votes (0)

Watchers (3)

Reference

OD-2696