Jenkinsfile: permission denied when running sh step in Docker container
Problem was that /home/jenkins
in the container was mounted with noexec
:
$ mount
/dev/mapper/rhel-var on /home/jenkins type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
Underlying issue was that the /var
on the underlying host was mounted with noexec
(/var
is where all the container files reside...):
$ mount
/dev/mapper/rhel-var on /var type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
So the solution to this problem was to mount /var
as executeable on the host via
sudo mount -o remount,exec /var
that solved the issue for us.
Michael Lihs
Infrastructure consultant at Thoughtworks Infrastructure as Code with Terraform, Pulumi & tons of bash Build and test automation Backend development (recently Golang, Python) Previously: Robert Bosch GmbH, punkt.de GmbH University of Karlsruhe
Updated on June 09, 2022Comments
-
Michael Lihs almost 2 years
I have trouble running a simple
Jenkinsfile
- e.g.pipeline { agent { label 'ssh-slave' } stages { stage('Shell Test') { steps { sh 'echo "Hello World"' } } } }
The logfiles of Jenkins on the master show that the container was started successfully but the build job crashes with a message like
sh: 1: /home/jenkins/workspace/pipeline@tmp/durable-34c21b81/script.sh: Permission denied
Here are some additional things that we configured / figured out:
We are running the agent on a VM with RHEL
We are using the Docker Plugin for Jenkins to start / manage the containers on a separate Jenkins agent
We are spinning up the Docker container using the
Connect with ssh
method in the Jenkins plugin and use the jenkinsci/ssh-slave Docker imageJenkins is using the
root
user in the Docker container (at least all files within/home/jenkins/...
are created as rootWhen we add a
sleep
step into the pipeline anddocker exec...
into the running container, we cannot execute a simple shell script as root, if we are trying to run it with./script.sh
(even if we set proper file mode withchmod +x script.sh
before) - we also getsh: 1: permission denied
. But we can run the script, if we usesh script.sh
The
root
user inside the Docker container has abash
- whereas Jenkins is trying to run the script withsh
.The error occurs no matter whether we check the
run privileged
flag in the Docker plugin's template configuration or not
Things we already tried, but didn't work
Changing the login shell of the
root
user in the Docker container to/bin/sh
-
Providing a shebang in the
sh
step, à lash '''#!/bin/sh echo "hello world" '''
Setting the shell executor to
/bin/sh
in the Jenkins global configurationChanging the
Dockerfile
of the ssh-slave Docker image in such a way that theENTRYPOINT
does not run abash
script, but runs/bin/sh
at the end
Any help is appreciated!
-
Wyck over 5 yearsYou lost me. I don't understand this answer. It looks like you didn't modify the Jenkinsfile. There was something external you had to change? Where did you perform this this "mount" command?
-
Michael Lihs over 5 yearsI performed this mount command on the machine where the Jenkins jobs are running. No, I had not got to modify anything in the Jenkinsfile. A
sh
step in the Jenkinsfile generates a small shell script, which is copied to some temp folder in the workspace of the job. In most cases, this is some directory in/var
. Within this directory, this shell script is executed, when thesh
step is run. Since/var
was mounted asnoexec
, this wasn't possible, so the step failed. Hope this makes things clearer.