Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When DOCKER_CONFIG is permission denied, --tag is an invalid option #2788

Open
3 tasks done
rrauenza opened this issue Nov 12, 2024 · 2 comments
Open
3 tasks done

When DOCKER_CONFIG is permission denied, --tag is an invalid option #2788

rrauenza opened this issue Nov 12, 2024 · 2 comments

Comments

@rrauenza
Copy link

rrauenza commented Nov 12, 2024

Contributing guidelines

I've found a bug and checked that ...

  • ... the documentation does not mention anything about my problem
  • ... there are no open or closed issues that are related to my problem

Description

If the docker config file path is permission denied, somehow docker build / buildx build gives an "unknown flag: --tag" error.

Expected behaviour

It should accept the --tag operator and build even though the docker config is permission denied - unless we want to make the permission denied a fatal error. But I feel it should be consistent with the file not existing.

Right now it's really confusing.

Actual behaviour

$ DOCKER_CONFIG=/root/.docker /usr/bin/docker buildx build --tag=mytag .
WARNING: Error loading config file: open /root/.docker/config.json: permission denied
unknown flag: --tag
See 'docker --help'.

Usage:  docker [OPTIONS] COMMAND

A self-sufficient runtime for containers

But this works:

$ /usr/bin/docker buildx build --tag=mytag .
[+] Building 0.3s (9/27)                                                                                                                                                                                                                    docker:default
 => [internal] load build definition from Dockerfile                                                                                                                                                                                                  0.0s
 => => transferring dockerfile: 1.43kB                               

If DOCKER_CONFIG is just non existent, it's not a problem:

$ DOCKER_CONFIG=/tmp/foobarbaz /usr/bin/docker buildx build --tag=mytag .
[+] Building 0.3s (9/27)                                                                                                                                                                                                                    docker:default
 => [internal] load build definition from Dockerfile                                                                                                                                                                                                  0.0s
 => => transferring dockerfile: 1.43kB                      

Buildx version

github.com/docker/buildx v0.16.2 99dea6d

Docker info

$ docker info
Client: Docker Engine - Community
 Version:    27.2.0
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.16.2
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.2
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 17
  Running: 16
  Paused: 0
  Stopped: 1
 Images: 76
 Server Version: 27.2.0
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 472731909fa34bd7bc9c087e4c27943f9835f111
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.14.0-362.8.1.el9_3.x86_64
 Operating System: Rocky Linux 9.3 (Blue Onyx)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 7.463GiB
 Name: rr027351-perfcat1.lvn.broadcom.net
 ID: 9b259803-2885-422a-a158-e76b0eaf1199
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Default Address Pools:
   Base: 172.16.0.0/12, Size: 24
   Base: 192.168.0.0/16, Size: 24

Builders list

$ docker buildx ls
NAME/NODE     DRIVER/ENDPOINT   STATUS    BUILDKIT   PLATFORMS
default*      docker                                 
 \_ default    \_ default       running   v0.15.2    linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/386

Configuration

FROM alpine

Build logs


Additional info

This isn't something I intended to do, but ended up in an environment where the user running docker had a docker config pointing to /root.

Took me awhile to figure out the warning was the issue with "--tag" not being recognized.

@tonistiigi
Copy link
Member

That error is from the http://github.com/docker/cli repository, so I guess it never forwards the command to buildx. @thaJeztah

@thaJeztah
Copy link
Member

per-user plugins are installed inside the config-directory, so if buildx is only present inside ~/.docker/cli-plugins/ then switching the config-directory may mean that buildx is not installed.

The fact that it doesn't produce an error when the config-dir is missing, is that the config files are optional; ideally the WARNING should be a fatal error (i.e., if a config-file was found, but we're not able to read it); I'd have to check why that's not the case though. Some related tickets; the last one is related to the "unknown flag" error (instead of printing "unknown command");

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants