Cannot build docker image: "No permissions to creating new namespace" error
ianhinder opened this issue · comments
Ian Hinder commented
When I try to build the provided Dockerfile, I get an error
$ sudo docker build . -t git-lfs-server
[cut]
<><> Processing actions <><><><><><><><><><><><><><><><><><><><><><><><><><><><>
[ERROR] The compilation of ocaml-system failed at "/home/test/.opam/opam-init/hooks/sandbox.sh build ocaml gen_ocaml_config.ml".
-> installed base-bigarray.base
-> installed base-threads.base
-> installed base-unix.base
#=== ERROR while compiling ocaml-system.4.02.3 ================================#
# context 2.0.4 | linux/x86_64 | | https://opam.ocaml.org#94c62049
# path ~/.opam/default/.opam-switch/build/ocaml-system.4.02.3
# command ~/.opam/opam-init/hooks/sandbox.sh build ocaml gen_ocaml_config.ml
# exit-code 1
# env-file /tmp/opam-xxx-7/ocaml-system-7-b76d46.env
# output-file /tmp/opam-xxx-7/ocaml-system-7-b76d46.out
### output ###
# bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
[cut]
I tried running the sysctl command, but it didn't help. The host machine is running Ubuntu 18.04.2 LTS.
Adding --disable-sandboxing, as recommended at ps://github.com/ocaml/opam-repository/issues/12050#issuecomment-393478072, seems to work around this issue, and since we are running in a container anyway, should be fine. i.e.
RUN su - test -c 'opam init --disable-sandboxing'