CGO docker build failing at link stage "operation not permitted"

Hi, I am finding that all my CGO golang docker builds are failing at what appears to be the linking staged, any hints on how to debug (or even better, fix) would be appreciated. This has started occurring recently (in the last 2 weeks or so), on projects that have not been modified during this time. The failures are consistent.

I build something like this

GO111MODULE=on CGO_ENABLED=1 go build -o my-service-name -a -ldflags '-s -X main.gitHash=xxxxx' ./cmd/my-service-name

And I get a failure only in circleci (the same command succeeds with no issues locally)

usr/local/go/pkg/tool/linux_amd64/link: cannot write /tmp/go-link-960338826/000000.o: write /tmp/go-link-960338826/000000.o: copy_file_range: operation not permitted
/usr/local/go/pkg/tool/linux_amd64/link: cannot write /tmp/go-link-960338826/000032.o: write /tmp/go-link-960338826/000032.o: copy_file_range: operation not permitted

Other services using a very similar (save for the name) Makefile but without CGO succeed. Unfortunately I can’t disable CGO for these particular ones as they use sqlite :slight_smile:

Many thanks in advance for any insights!

1 Like

I found a workaround for this by pinning an older version of remote docker

      - setup_remote_docker: 
            version: 18.09.3
1 Like

Also with Node containers. Generates an EPERM error

https://app.circleci.com/pipelines/github/monowai/beancounter/1128/workflows/127f645c-90ad-448e-8533-3832da30174f/jobs/5360