1

I am running Docker on a server running RedHat Enterprise Linux 7. I have created a Dockerfile with a CentOS base image and was trying to create a non-root user with the useradd command as suggested in this Stackoverflow question. My dockerfile looks like the following (with some omitted lines):

FROM centos:7

RUN yum install -y make \
 && yum install -y bc

RUN useradd -ms /bin/bash newuser
USER newuser

#Other commands that docker build does not reach

When I build using the command:
docker build -t docker.io/user/myimage -f Dockerfile . the previous commands run, but then I get the following error when docker build reaches the RUN useradd command:

ApplyLayer exit status 1 stdout:  stderr: remove /etc/passwd: permission denied

The output from docker info is the following:

Server Version: 1.13.1
Storage Driver: devicemapper
 Pool Name: docker-253:2-4300033608-pool
 Pool Blocksize: 65.54 kB
 Base Device Size: 10.74 GB
 Backing Filesystem: xfs
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 712.9 MB
 Data Space Total: 107.4 GB
 Data Space Available: 106.7 GB
 Metadata Space Used: 18.08 MB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.129 GB
 Thin Pool Minimum Free Space: 10.74 GB
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.149-RHEL7 (2018-07-20)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins: 
 Volume: local
 Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version:  (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)
runc version: df5c38a9167e87f53a9894d77c0950e178a745e7 (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)
init version: N/A (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
 seccomp
  Profile: default
Kernel Version: 3.10.0-957.1.3.el7.x86_64
Operating System: Red Hat Enterprise Linux
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 3
CPUs: 80
Total Memory: 881.6 GiB
Name:
ID:
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Http Proxy: http://url:8080
Username: arahatdohmh
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Registries: docker.io (secure)

Any ideas on how to fix this?

Drops
  • 340
  • 4
  • 13
  • 2
    Please post the information about your host system (if it is Linux - the output of `uname -a`) and the output of `docker info` - at least all lines related to the storage driver and its backing file system. – Danila Kiver Apr 02 '19 at 15:29
  • `I have other RUN commands before the useradd` can you show the complete Dockerfile? It mayh be linked to these previous commands – Pierre B. Apr 02 '19 at 16:13
  • The error is right after the `docker build` reaches `RUN useradd`, but I'll add the previous ones – Drops Apr 02 '19 at 16:20
  • Have you tested with the reduced example as you provide it to us? From my own test, I cannot reproduce and everything goes fine – β.εηοιτ.βε Apr 02 '19 at 18:30
  • Maybe you have a McAfee antivirus on your host machine? https://github.com/moby/moby/issues/37817 – β.εηοιτ.βε Apr 02 '19 at 18:32
  • Running the reduced example gives me the same error. I believe there is McAfee on the host, I'll check to see if that changes it. – Drops Apr 02 '19 at 18:36

0 Answers0