Docker BuildKit Error: OCI Runtime Create Failed on IDX

General
1

Hello,

I encountered an issue while trying to build a Docker container using the docker compose command with BuildKit enabled in the Google Cloud IDX environment. Below are the details of the error and my environment.

Error:

[+] Building 11.2s (1/1) FINISHED                                              docker-container:brave_almeida
 => ERROR [backend internal] booting buildkit                                                           11.2s
 => => pulling image moby/buildkit:buildx-stable-1                                                      10.6s
 => => creating container buildx_buildkit_brave_almeida0                                                 0.6s
------
 > [backend internal] booting buildkit:
------
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "sysfs" to rootfs at "/sys": mount sysfs:/sys (via /proc/self/fd/6), flags: 0xe: operation not permitted: unknown

Environment:

  • Docker version:
Client:
 Version:           24.0.9
 API version:       1.43
 Go version:        go1.21.11
 Git commit:        v24.0.9
 Built:             Thu Jan  1 00:00:00 1970
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          24.0.9
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.21.11
  Git commit:       v24.0.9
  Built:            Tue Jan  1 00:00:00 1980
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.7.13
  GitCommit:        v1.7.13
 runc:
  Version:          1.1.12
  GitCommit:        
 docker-init:
  Version:          0.19.0
  GitCommit:        
 rootlesskit:
  Version:          1.1.1
  ApiVersion:       1.1.1
  NetworkDriver:    slirp4netns
  PortDriver:       builtin
  StateDir:         /tmp/rootlesskit1721314958
 slirp4netns:
  Version:          1.2.2
  GitCommit:        0ee2d87523e906518d34a6b423271e4826f71faf
  • Docker Compose version: 2.23.1

Steps to Reproduce:

  1. Enabled Docker BuildKit DOCKER_BUILDKIT=1.
  2. Ran docker compose up --build.

Expected Behavior: The container should build successfully using BuildKit.

Actual Behavior: The error mentioned above occurred, preventing the container from being built.

Please let me know if you need additional details or further logs to diagnose this issue.

Thank you!

2

This may be something that @Vova may know more about, so (unless somebody else knows the answer) I’ll defer to him on this :slight_smile:

3

Thank you for the reply. I’d like to clarify of how to reproduce an error. To do this, one has to clone the https://github.com/docker/awesome-compose repo and add the cache_from and cache_to to the compose.yaml file

services:
  web: 
    build:
      context: app
      target: builder
      cache_to:
        - type=local,dest=/tmp/docker_compose_local,mode=max
      cache_from:
        - type=local,src=/tmp/docker_compose_local

Expectedly, the following will appear

[+] Building 0.0s (0/0)                                                                        docker:default
Cache export feature is currently not supported for docker driver. Please switch to a different driver (eg. "docker buildx create --use")

After a run of the docker buildx create --use --driver=docker-container command, the error shows up.

[+] Building 8.9s (1/1) FINISHED                                                docker-container:great_turing
 => ERROR [web internal] booting buildkit                                                                8.9s
 => => pulling image moby/buildkit:buildx-stable-1                                                       8.6s
 => => creating container buildx_buildkit_great_turing0                                                  0.3s
------
 > [web internal] booting buildkit:
------
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "sysfs" to rootfs at "/sys": mount sysfs:/sys (via /proc/self/fd/6), flags: 0xe: operation not permitted: unknown
4

Hi @Andrii ,

For context, IDX’s docker runs in rootless mode, which has some limitations like not being able to execute privileged containers or privileged builds.
From my current understanding, BuildKit supports running in rootless mode but buildx cli does not, this issue may be out of date so I encourage you to look in that direction.