Docker sandboxing, error unable to mount

docker

#1

I’m tying to run bazel build inside of a docker container and bazel’s sandboxing is failing with the following error:

ERROR: /root/.cache/bazel/_bazel_root/cf3077b83e930e0c42e53cc2f9959c4d/external/com_github_facebookgo_clock/BUILD:5:1: error executing shell command: ‘bazel-out/local-fastbuild/bin/external/com_github_facebookgo_clock/bazel-out/local-fastbuild/bin/external/com_github_facebookgo_clock/go_default_library.a.GoCompileFile.params’ failed: linux-sandbox failed: error executing command
(exec env -
GOARCH=amd64
GOOS=linux
/root/.cache/bazel/_bazel_root/cf3077b83e930e0c42e53cc2f9959c4d/execroot/Gyroscope/_bin/linux-sandbox @/root/.cache/bazel/_bazel_root/cf3077b83e930e0c42e53cc2f9959c4d/bazel-sandbox/b26b07cb-2f3a-4f22-b46f-dc0f397bc17e-3/linux-sandbox.params – /bin/bash -c bazel-out/local-fastbuild/bin/external/com_github_facebookgo_clock/bazel-out/local-fastbuild/bin/external/com_github_facebookgo_clock/go_default_library.a.GoCompileFile.params).
src/main/tools/linux-sandbox.cc:186: linux-sandbox-pid1 has PID 2900
src/main/tools/linux-sandbox-pid1.cc:88: “mount”: Permission denied
src/main/tools/linux-sandbox.cc:226: child exited normally with exitcode 1
Use --strategy=GoCompile=standalone to disable sandboxing for the failing actions.

Looking around, it sounds like running docker with the --privileged flag might be a fix, is that possible on circle? For now i’m going to disable all sandboxing but obviously that is less than ideal.


#2

That should be achievable on the machine executor

https://circleci.com/docs/2.0/executor-types/#machine-executor


#3

Does the machine executor already have docker installed on it?


#4

Yes, it has Docker preinstalled.


#5

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.