Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-74995

withDockerContainer uses -u with fails for rootless docker

XMLWordPrintable

      Hi,

      I have rhel 9.6 with selinux enabled. I run a jenkins agent as systemd service. The user which runs the agent has rootless docker.

       

      My pipeline job first downloads a repo from git (this set runs outside of docker), then runs build steps in docker.

      The issue is that withDockerContainer starts the docker container with -u user_pid:user_group (in my case it is -u 1013:1013) which causes the processes inside of docker to not be able to modify files created by git (or create new directories).

       

      I suspect that the issue in this case is that the user inside of docker is mapped to root, but by providing -u option the applications inside of docker run with another user.

       

      I do not have any special configuration for docker.

       

      systemd file:

      [Unit]
      Description=Jenkins JNLP Slave service
      After=network.target
      [Service]
      Type=simple
      Environment=LANG=C
      Environment=DOCKER_HOST=unix:///run/user/1013/docker.sock
      WorkingDirectory=/var/agent
      ExecStart=/usr/lib/jvm/java-21-zulu-openjdk/bin/java -jar /home/jenkins/agent.jar -url https://ANONYMIZED/ -secret ANONMIZED -name "ANONYMIZED" -webSocket -workDir "/var/agent"
      Restart=always
      RestartSec=30s
      WantedBy=multi-user.target
       

      rootless docker is installed according to the docs, without any options.

       

       

      I am able to run the pipeline if I provide args to withDockerContainer that overwrite -u by providing -u root:root. But I have to do it for each withDockerContainer execution.

            Unassigned Unassigned
            pachum_vig Michał
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: