Image run as nonroot

885 views
Skip to first unread message

david david

unread,
Apr 28, 2020, 10:23:03 AM4/28/20
to Jib users
Hi,
I'm using gradle image to build the application using Gradle Jib.

When I run as user root, the build is successful. When I remove the user - root, I get the below error.

Could anyone please let me know how to successfully build using Gradle Jib through the image without user -root? Appreciate any help!




 * What went wrong:

 Could not create service of type ScriptPluginFactory using BuildScopeServices.createScriptPluginFactory().

Could not create service of type CrossBuildFileHashCache using BuildSessionScopeServices.createCrossBuildFileHashCache().


 * Try:


Thanks!

Chanseok Oh

unread,
Apr 28, 2020, 10:48:49 AM4/28/20
to Jib users
> When I run as user root, the build is successful.

> how to successfully build using Gradle Jib

I am confused. Which one are you talking about?

1. You run Gradle (with Jib) as root OS user, and the Gradle build succeeds.
2. You run Gradle (with Jib) as root OS user, and the image built by Jib runs OK (on whatever runtime platform you are using, whether local Docker, Docker Compose, or Kubernetes).
3. Running the image (built by Jib) as root (i.e., your containerized application runs as root OS user inside the container) succeeds.
4. You run Gradle inside a container (i.e., building a container image inside another container); the Gradle build inside a container runs successfully when you run the outer container image as root.

david david

unread,
Apr 28, 2020, 11:09:09 AM4/28/20
to Jib users
I'm sorry. No-3 below works as I can see the image created.

No-3 - Running the image (built by Jib) as root (i.e., your containerized application runs as root OS user inside the container) succeeds.

Since, I cannot run the container as user -root (because of POD RBAC enablement), when I change the user as my id,  gradle jib is unable to create a directory during build and I get the below error.

Failed to load native library 'libnative-platform.so' for Linux amd64.


Is there any way to grant the non-root user passed via securityContext to perform the build successfully using the gradle image?


Workaround is to change the permission of the directory to 777 and I don't want to do this because of security reasons.

Thanks in advance!!

Appu Goundan

unread,
Apr 28, 2020, 11:41:25 AM4/28/20
to david david, Jib users
Hey David,

While we can occasionally offer solutions here, we would prefer most questions come on our github page so they can benefit the community. This is more of an announcement channel.

Please file issues at github.com/GoogleContainerTools/jib or use the `jib` tag on stackoverflow.

--
You received this message because you are subscribed to the Google Groups "Jib users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jib-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jib-users/84ae548e-1049-41b7-bb44-86ff6077e4a6%40googlegroups.com.
Reply all
Reply to author
Forward
Message has been deleted
0 new messages