AccessDeniedException error with build using native image on linux with Docker Desktop #37193

johnmanko · 2023-11-18T02:05:46Z

Describe the bug

I'm new to Quarkus, and just checkout the sample application. That works fine, so I now want to try a native build using the provided containers.

I'm running Docker Desktop 4.23.0 on Ubuntu 23.10, and I verified my home directory is share with DD:

When attempting ./mvnw install -Dnative -Dquarkus.native.container-build=true -Dquarkus.native.container-runtime=docker:

Build resources:
 - 5.80GB of memory (75.6% of 7.67GB system memory, determined at start)
 - 10 thread(s) (100.0% of 10 available processor(s), determined at start)
[2/8] Performing analysis...  [*****]                                                                   (17.5s @ 1.18GB)
   10,678 reachable types   (85.9% of   12,426 total)
   15,175 reachable fields  (56.7% of   26,771 total)
   53,763 reachable methods (55.8% of   96,362 total)
    3,437 types,   104 fields, and 3,151 methods registered for reflection
       61 types,    59 fields, and    55 methods registered for JNI access
        4 native libraries: dl, pthread, rt, z
[3/8] Building universe...                                                                               (3.0s @ 0.91GB)
[4/8] Parsing methods...      [**]                                                                       (2.1s @ 1.07GB)
[5/8] Inlining methods...     [***]                                                                      (1.4s @ 1.17GB)
[6/8] Compiling methods...    [****]                                                                    (14.1s @ 1.19GB)
[7/8] Layouting methods...    [**]                                                                       (2.7s @ 1.82GB)

[8/8] Creating image...       [**]                                                                       (0.0s @ 2.28GB)
Fatal error: jdk.vm.ci.common.JVMCIError: java.nio.file.AccessDeniedException: /project/svm_err_b_20231118T013054.112_pid81.md
	at jdk.internal.vm.ci/jdk.vm.ci.common.JVMCIError.shouldNotReachHere(JVMCIError.java:52)
	at org.graalvm.nativeimage.pointsto/com.oracle.graal.pointsto.reports.ReportUtils.reportImpl(ReportUtils.java:174)
	at org.graalvm.nativeimage.pointsto/com.oracle.graal.pointsto.reports.ReportUtils.report(ReportUtils.java:155)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.ProgressReporter.printEpilog(ProgressReporter.java:652)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.reportEpilog(NativeImageGeneratorRunner.java:604)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.buildImage(NativeImageGeneratorRunner.java:596)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.build(NativeImageGeneratorRunner.java:720)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.start(NativeImageGeneratorRunner.java:142)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.main(NativeImageGeneratorRunner.java:97)
Caused by: java.nio.file.AccessDeniedException: /project/svm_err_b_20231118T013054.112_pid81.md
	at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
	at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:261)
	at java.base/java.nio.file.Files.newByteChannel(Files.java:379)
	at java.base/java.nio.file.Files.createFile(Files.java:657)
	at org.graalvm.nativeimage.pointsto/com.oracle.graal.pointsto.reports.ReportUtils.reportImpl(ReportUtils.java:164)
	... 7 more

Considering I'm just following the tutorials, this is either a bug or I'm missing something obvious. Help is appreciated.

Expected behavior

Build completes successfully.

Actual behavior

Fails to build.

How to Reproduce?

No response

Output of `uname -a` or `ver`

❯ uname -a Linux jm 6.5.0-10-generic #10-Ubuntu SMP PREEMPT_DYNAMIC Fri Oct 13 13:49:38 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

Output of `java -version`

Java HotSpot(TM) 64-Bit Server VM Oracle GraalVM 21.0.1+12.1 (build 21.0.1+12-jvmci-23.1-b19, mixed mode, sharing)

Mandrel or GraalVM version (if different from Java)

No response

Quarkus version or git rev

3.5.2

Build tool (ie. output of `mvnw --version` or `gradlew --version`)

Apache Maven 3.9.5 (57804ffe001d7215b5e7bcb531cf83df38f93546)

Additional information

No response

The text was updated successfully, but these errors were encountered:

quarkus-bot · 2023-11-18T02:05:49Z

/cc @Karm (mandrel), @galderz (mandrel), @zakkak (mandrel,native-image)

galderz · 2023-11-21T05:54:30Z

Maybe you can run maven with -X and see what the docker command looks like? Alternatively you could try with podman.

Treat Docker Desktop as "rootless" since the way it binds mounts does not transparently map the host user ID and GID see https://docs.docker.com/desktop/faqs/linuxfaqs/#how-do-i-enable-file-sharing Closes quarkusio#37193

zakkak · 2023-11-21T11:02:52Z

I was able to reproduce the issue on Fedora linux and prepared a fix in #37242

Thanks for the issue report @johnmanko

johnmanko · 2023-11-21T13:53:26Z

@zakkak wow, amazing turnaround on putting together a fix. Thanks!

Treat Docker Desktop as "rootless" since the way it binds mounts does not transparently map the host user ID and GID see https://docs.docker.com/desktop/faqs/linuxfaqs/#how-do-i-enable-file-sharing Closes quarkusio#37193 (cherry picked from commit 81818c7)

Treat Docker Desktop as "rootless" since the way it binds mounts does not transparently map the host user ID and GID see https://docs.docker.com/desktop/faqs/linuxfaqs/#how-do-i-enable-file-sharing Closes quarkusio#37193

This MR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [flow-bin](https://github.com/flowtype/flow-bin) ([changelog](https://github.com/facebook/flow/blob/master/Changelog.md)) | devDependencies | minor | [`^0.222.0` -> `^0.223.0`](https://renovatebot.com/diffs/npm/flow-bin/0.222.0/0.223.2) | | [io.quarkus:quarkus-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.5.3` -> `3.6.0` | | [io.quarkus:quarkus-universe-bom](https://github.com/quarkusio/quarkus-platform) | import | minor | `3.5.3` -> `3.6.0` | --- ### Release Notes <details> <summary>flowtype/flow-bin</summary> ### [`v0.223.2`](flow/flow-bin@5bb7bcf...6e1e3f7) [Compare Source](flow/flow-bin@5bb7bcf...6e1e3f7) ### [`v0.223.0`](flow/flow-bin@84a68f1...5bb7bcf) [Compare Source](flow/flow-bin@84a68f1...5bb7bcf) </details> <details> <summary>quarkusio/quarkus</summary> ### [`v3.6.0`](https://github.com/quarkusio/quarkus/releases/tag/3.6.0) [Compare Source](quarkusio/quarkus@3.5.3...3.6.0) ##### Major changes - [#37241](quarkusio/quarkus#37241) - Make improvements to REST Client SSE handling ##### Complete changelog - [#37242](quarkusio/quarkus#37242) - Support Docker Desktop for building native executables - [#37241](quarkusio/quarkus#37241) - Make improvements to REST Client SSE handling - [#37240](quarkusio/quarkus#37240) - Updates Infinispan to 14.0.21.Final - [#37238](quarkusio/quarkus#37238) - Build cache - Only store if the access key is around - [#37236](quarkusio/quarkus#37236) - Api to read minimum and recommended Java versions from catalog metadata - [#37221](quarkusio/quarkus#37221) - Image updates (including Java 21 base image) - [#37218](quarkusio/quarkus#37218) - Fix OpenTelemetry trace exclusion of endpoints served from the management interface - [#37213](quarkusio/quarkus#37213) - Add basic Range header support - [#37205](quarkusio/quarkus#37205) - Resteasy-reactive Partial Content support (Range: bytes http header) - [#37204](quarkusio/quarkus#37204) - Allow to define allowed roles as configuration expressions inside `@SecureField` annotation - [#37201](quarkusio/quarkus#37201) - Fixed sample code for KotlinModule initialization - [#37198](quarkusio/quarkus#37198) - Some minor refinements for build scans - [#37193](quarkusio/quarkus#37193) - AccessDeniedException error with build using native image on linux with Docker Desktop - [#37185](quarkusio/quarkus#37185) - Removed DependencyFlags.REMOVED - [#37170](quarkusio/quarkus#37170) - Fix snapshots following a collision of pull requests - [#37166](quarkusio/quarkus#37166) - Support custom Authorization schemes for OIDC bearer tokens - [#37162](quarkusio/quarkus#37162) - Bump org.apache.commons:commons-text from 1.10.0 to 1.11.0 - [#37161](quarkusio/quarkus#37161) - Bump io.quarkus:quarkus-platform-bom-maven-plugin from 0.0.97 to 0.0.99 - [#37158](quarkusio/quarkus#37158) - Bump com.unboundid:unboundid-ldapsdk from 6.0.9 to 6.0.10 - [#37153](quarkusio/quarkus#37153) - Bump smallrye-jwt version to 4.4.0 - [#37149](quarkusio/quarkus#37149) - Bump com.squareup.okio:okio from 1.17.2 to 1.17.6 in /bom/application - [#37107](quarkusio/quarkus#37107) - Rest client able to get full SSE event - [#37101](quarkusio/quarkus#37101) - Remove `smallrye-opentracing` from native tests modules in CI - [#37094](quarkusio/quarkus#37094) - Bump jakarta.json:jakarta.json-api from 2.1.2 to 2.1.3 - [#37092](quarkusio/quarkus#37092) - Bump mongo-client.version from 4.11.0 to 4.11.1 - [#37067](quarkusio/quarkus#37067) - SmallRye GraphQL 2.6 + custom scalar registration - [#37053](quarkusio/quarkus#37053) - Clarify dynamic Environment Variables name conversion - [#37004](quarkusio/quarkus#37004) - Move failsafe config to the root instead of in an execution - [#36976](quarkusio/quarkus#36976) - Error in JBossLoggerFinder during integration test - [#36804](quarkusio/quarkus#36804) - `@SecureField` add expression support - [#36801](quarkusio/quarkus#36801) - Add note that endpointdisabled does not work native - [#36746](quarkusio/quarkus#36746) - Allow using a random test port within Google Cloud Function tests - [#35476](quarkusio/quarkus#35476) - Random test port does not work together with google-cloud-functions extensions </details> <details> <summary>quarkusio/quarkus-platform</summary> ### [`v3.6.0`](quarkusio/quarkus-platform@3.5.3...3.6.0) [Compare Source](quarkusio/quarkus-platform@3.5.3...3.6.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This MR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

yrodiere · 2023-12-07T09:34:47Z

Hey @zakkak , are you sure this error was specific to docker desktop?

I'm getting a very similar error using a build of Quarkus from the main branch (58834c2, so with your fix), but I use podman rootless on Fedora...

Reproducer: not sure this will help, but here you go: https://github.com/yrodiere/quarkus-playground/tree/i37193
Just run ./mvnw verify -Dnative.
Note I expect native tests to fail, that's unrelated (it's originally a reproduer for #36376). But right now I can't even build the native executable.

Podman version:

❯ podman -v
podman version 4.7.2

Mandrel builder image:

❯ podman image list quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21
REPOSITORY                                         TAG         IMAGE ID      CREATED     SIZE
quay.io/quarkus/ubi-quarkus-mandrel-builder-image  jdk-21      d01f5ccd2972  4 days ago  1.18 GB

Logs:

[WARNING] [io.quarkus.deployment.pkg.steps.NativeImageBuildStep] Cannot find the `native-image` in the GRAALVM_HOME, JAVA_HOME and System PATH. Install it using `gu install native-image` Attempting to fall back to container build.
[INFO] [io.quarkus.deployment.pkg.steps.JarResultBuildStep] Building native image source jar: /home/yrodiere/workspaces/testcases/quarkus-playground/target/code-with-quarkus-1.0.0-SNAPSHOT-native-image-source-jar/code-with-quarkus-1.0.0-SNAPSHOT-runner.jar
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildStep] Building native image from /home/yrodiere/workspaces/testcases/quarkus-playground/target/code-with-quarkus-1.0.0-SNAPSHOT-native-image-source-jar/code-with-quarkus-1.0.0-SNAPSHOT-runner.jar
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildContainerRunner] Using podman to run the native image builder
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildContainerRunner] Checking status of builder image 'quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21'
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildContainerRunner] Found builder image 'quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21' locally, skipping image pulling
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildStep] Running Quarkus native-image plugin on MANDREL 23.1.1.0 JDK 21.0.1+12-LTS
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildRunner] podman run --env LANG=C --rm --user 110378:110378 -v /home/yrodiere/workspaces/testcases/quarkus-playground/target/code-with-quarkus-1.0.0-SNAPSHOT-native-image-source-jar:/project:z --name build-native-Efwzj quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 -J-Djava.util.logging.manager=org.jboss.logmanager.LogManager -J-DCoordinatorEnvironmentBean.transactionStatusManagerEnable=false -J-Dsun.nio.ch.maxUpdateArraySize=100 -J-Dlogging.initial-configurator.min-level=500 -J-Dvertx.logger-delegate-factory-class-name=io.quarkus.vertx.core.runtime.VertxLogDelegateFactory -J-Dvertx.disableDnsResolver=true -J-Dio.netty.leakDetection.level=DISABLED -J-Dio.netty.allocator.maxOrder=3 -J-Duser.language=en -J-Duser.country=US -J-Dfile.encoding=UTF-8 --features=io.quarkus.jdbc.postgresql.runtime.graal.SQLXMLFeature,io.quarkus.hibernate.orm.runtime.graal.DisableLoggingFeature,io.quarkus.runner.Feature,io.quarkus.runtime.graal.DisableLoggingFeature,org.hibernate.graalvm.internal.GraalVMStaticFeature,io.quarkus.caffeine.runtime.graal.CacheConstructorsFeature -J--add-exports=java.security.jgss/sun.security.krb5=ALL-UNNAMED -J--add-opens=java.base/java.text=ALL-UNNAMED -J--add-opens=java.base/java.io=ALL-UNNAMED -J--add-opens=java.base/java.lang.invoke=ALL-UNNAMED -J--add-opens=java.base/java.util=ALL-UNNAMED -H:+UnlockExperimentalVMOptions -H:BuildOutputJSONFile=code-with-quarkus-1.0.0-SNAPSHOT-runner-build-output-stats.json -H:-UnlockExperimentalVMOptions --strict-image-heap -H:+UnlockExperimentalVMOptions -H:+AllowFoldMethods -H:-UnlockExperimentalVMOptions -J-Djava.awt.headless=true --no-fallback --link-at-build-time -H:+UnlockExperimentalVMOptions -H:+ReportExceptionStackTraces -H:-UnlockExperimentalVMOptions -H:-AddAllCharsets --enable-url-protocols=http,https --enable-monitoring=heapdump -H:+UnlockExperimentalVMOptions -H:-UseServiceLoaderFeature -H:-UnlockExperimentalVMOptions -J--add-exports=org.graalvm.nativeimage/org.graalvm.nativeimage.impl=ALL-UNNAMED --exclude-config io\.netty\.netty-codec /META-INF/native-image/io\.netty/netty-codec/generated/handlers/reflect-config\.json --exclude-config io\.netty\.netty-handler /META-INF/native-image/io\.netty/netty-handler/generated/handlers/reflect-config\.json code-with-quarkus-1.0.0-SNAPSHOT-runner -jar code-with-quarkus-1.0.0-SNAPSHOT-runner.jar
Warning: The option '-H:ReflectionConfigurationResources=META-INF/native-image/io.netty/netty-transport/reflection-config.json' is experimental and must be enabled via '-H:+UnlockExperimentalVMOptions' in the future.
Warning: Please re-evaluate whether any experimental option is required, and either remove or unlock it. The build output lists all active experimental options, including where they come from and possible alternatives. If you think an experimental option should be considered as stable, please file an issue.
========================================================================================================================
GraalVM Native Image: Generating 'code-with-quarkus-1.0.0-SNAPSHOT-runner' (executable)...
========================================================================================================================
For detailed information and explanations on the build output, visit:
https://github.com/oracle/graal/blob/master/docs/reference-manual/native-image/BuildOutput.md
------------------------------------------------------------------------------------------------------------------------
[1/8] Initializing...                                                                                    (5.2s @ 0.27GB)
 Java version: 21.0.1+12-LTS, vendor version: Mandrel-23.1.1.0-Final
 Graal compiler: optimization level: 2, target machine: x86-64-v3
 C compiler: gcc (redhat, x86_64, 8.5.0)
 Garbage collector: Serial GC (max heap size: 80% of RAM)
 8 user-specific feature(s):
 - com.oracle.svm.thirdparty.gson.GsonFeature
 - io.quarkus.caffeine.runtime.graal.CacheConstructorsFeature
 - io.quarkus.hibernate.orm.runtime.graal.DisableLoggingFeature: Disables INFO logging during the analysis phase
 - io.quarkus.jdbc.postgresql.runtime.graal.SQLXMLFeature
 - io.quarkus.runner.Feature: Auto-generated class by Quarkus from the existing extensions
 - io.quarkus.runtime.graal.DisableLoggingFeature: Disables INFO logging during the analysis phase
 - org.eclipse.angus.activation.nativeimage.AngusActivationFeature
 - org.hibernate.graalvm.internal.GraalVMStaticFeature: Hibernate ORM's static reflection registrations for GraalVM
------------------------------------------------------------------------------------------------------------------------
 4 experimental option(s) unlocked:
 - '-H:+AllowFoldMethods' (origin(s): command line)
 - '-H:BuildOutputJSONFile' (origin(s): command line)
 - '-H:-UseServiceLoaderFeature' (origin(s): command line)
 - '-H:ReflectionConfigurationResources' (origin(s): 'META-INF/native-image/io.netty/netty-transport/native-image.properties' in 'file:///project/lib/io.netty.netty-transport-4.1.100.Final.jar')
------------------------------------------------------------------------------------------------------------------------
Build resources:
 - 19.32GB of memory (30.9% of 62.50GB system memory, determined at start)
 - 16 thread(s) (100.0% of 16 available processor(s), determined at start)
09:29:17,947 WARN  [org.hib.orm.deprecation] HHH90000025: PostgreSQLDialect does not need to be specified explicitly using 'hibernate.dialect' (remove the property setting and it will be selected by default)
[2/8] Performing analysis...  [*****]                                                                   (31.0s @ 2.15GB)
   18,565 reachable types   (88.6% of   20,962 total)
   25,585 reachable fields  (60.7% of   42,116 total)
   90,709 reachable methods (54.5% of  166,286 total)
    5,873 types,   143 fields, and 4,312 methods registered for reflection
       61 types,    59 fields, and    55 methods registered for JNI access
        4 native libraries: dl, pthread, rt, z
[3/8] Building universe...                                                                               (5.1s @ 2.42GB)
[4/8] Parsing methods...      [**]                                                                       (2.6s @ 2.60GB)
[5/8] Inlining methods...     [***]                                                                      (2.3s @ 2.79GB)
[6/8] Compiling methods...    [*****]                                                                   (22.8s @ 2.04GB)
[7/8] Layouting methods...    [***]                                                                      (5.6s @ 3.09GB)

[8/8] Creating image...       [***]                                                                      (0.0s @ 2.02GB)
Fatal error: jdk.vm.ci.common.JVMCIError: java.nio.file.AccessDeniedException: /project/svm_err_b_20231207T093032.578_pid87.md
        at jdk.internal.vm.ci/jdk.vm.ci.common.JVMCIError.shouldNotReachHere(JVMCIError.java:52)
        at org.graalvm.nativeimage.pointsto/com.oracle.graal.pointsto.reports.ReportUtils.reportImpl(ReportUtils.java:174)
        at org.graalvm.nativeimage.pointsto/com.oracle.graal.pointsto.reports.ReportUtils.report(ReportUtils.java:155)
        at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.ProgressReporter.printEpilog(ProgressReporter.java:652)
        at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.reportEpilog(NativeImageGeneratorRunner.java:604)
        at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.buildImage(NativeImageGeneratorRunner.java:596)
        at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.build(NativeImageGeneratorRunner.java:720)
        at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.start(NativeImageGeneratorRunner.java:142)
        at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.main(NativeImageGeneratorRunner.java:97)
Caused by: java.nio.file.AccessDeniedException: /project/svm_err_b_20231207T093032.578_pid87.md
        at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
        at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
        at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
        at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:261)
        at java.base/java.nio.file.Files.newByteChannel(Files.java:379)
        at java.base/java.nio.file.Files.createFile(Files.java:657)
        at org.graalvm.nativeimage.pointsto/com.oracle.graal.pointsto.reports.ReportUtils.reportImpl(ReportUtils.java:164)
        ... 7 more
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  01:37 min
[INFO] Finished at: 2023-12-07T10:30:33+01:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal io.quarkus:quarkus-maven-plugin:999-SNAPSHOT:build (default) on project code-with-quarkus: Failed to build quarkus application: io.quarkus.builder.BuildException: Build failure: Build failed due to errors
[ERROR]         [error]: Build step io.quarkus.deployment.pkg.steps.NativeImageBuildStep#build threw an exception: io.quarkus.deployment.pkg.steps.NativeImageBuildStep$ImageGenerationFailureException: Image generation failed. Exit code: 1
[ERROR]         at io.quarkus.deployment.pkg.steps.NativeImageBuildStep.imageGenerationFailed(NativeImageBuildStep.java:468)
[ERROR]         at io.quarkus.deployment.pkg.steps.NativeImageBuildStep.build(NativeImageBuildStep.java:258)
[ERROR]         at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[ERROR]         at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
[ERROR]         at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[ERROR]         at java.base/java.lang.reflect.Method.invoke(Method.java:568)
[ERROR]         at io.quarkus.deployment.ExtensionLoader$3.execute(ExtensionLoader.java:849)
[ERROR]         at io.quarkus.builder.BuildContext.run(BuildContext.java:256)
[ERROR]         at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
[ERROR]         at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
[ERROR]         at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
[ERROR]         at java.base/java.lang.Thread.run(Thread.java:833)
[ERROR]         at org.jboss.threads.JBossThread.run(JBossThread.java:501)
[ERROR] -> [Help 1]

zakkak · 2023-12-07T10:05:45Z

Hi @yrodiere.

I can't reproduce this on Fedora 39 using podman 4.8.0 in rootless mode

❯ more /etc/redhat-release 
Fedora release 39 (Thirty Nine)
❯ podman version             
Client:       Podman Engine
Version:      4.8.0
API Version:  4.8.0
Go Version:   go1.21.4
Built:        Tue Nov 28 11:58:32 2023
OS/Arch:      linux/amd64
❯ podman info | grep rootless                                                                                        
    rootless: true

What I tried:

gh repo clone yrodiere/quarkus-playground
cd quarkus-playground
git co i37193
./mvnw package -DskipTests -Dnative -Dquarkus.native.container-build=true -Dquarkus.native.container-runtime=podman

Could you please share the part of the logs showing how podman was invoked? It should look like this:

[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildStep] Running Quarkus native-image plugin on MANDREL 23.1.1.0 JDK 21.0.1+12-LTS
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildRunner] podman run --env LANG=C --rm --user 1000:1000 --userns=keep-id -v /tmp/quarkus-playground/target/code-with-quarkus-1.0.0-SNAPSHOT-native-image-source-jar:/project:z --name build-native-UQhKS quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 -J-Dsun.nio.ch.maxUpdateArraySize=100 -J-DCoordinatorEnvironmentBean.transactionStatusManagerEnable=false -J-Djava.util.logging.manager=org.jboss.logmanager.LogManager -J-Dlogging.initial-configurator.min-level=500 -J-Dvertx.logger-delegate-factory-class-name=io.quarkus.vertx.core.runtime.VertxLogDelegateFactory -J-Dvertx.disableDnsResolver=true -J-Dio.netty.leakDetection.level=DISABLED -J-Dio.netty.allocator.maxOrder=3 -J-Duser.language=en -J-Duser.country=IE -J-Dfile.encoding=UTF-8 --features=io.quarkus.runner.Feature,io.quarkus.runtime.graal.DisableLoggingFeature,org.hibernate.graalvm.internal.GraalVMStaticFeature,io.quarkus.jdbc.postgresql.runtime.graal.SQLXMLFeature,io.quarkus.caffeine.runtime.graal.CacheConstructorsFeature,io.quarkus.hibernate.orm.runtime.graal.DisableLoggingFeature -J--add-exports=java.security.jgss/sun.security.krb5=ALL-UNNAMED -J--add-opens=java.base/java.text=ALL-UNNAMED -J--add-opens=java.base/java.io=ALL-UNNAMED -J--add-opens=java.base/java.lang.invoke=ALL-UNNAMED -J--add-opens=java.base/java.util=ALL-UNNAMED -H:+UnlockExperimentalVMOptions -H:BuildOutputJSONFile=code-with-quarkus-1.0.0-SNAPSHOT-runner-build-output-stats.json -H:-UnlockExperimentalVMOptions --strict-image-heap -H:+UnlockExperimentalVMOptions -H:+AllowFoldMethods -H:-UnlockExperimentalVMOptions -J-Djava.awt.headless=true --no-fallback --link-at-build-time -H:+UnlockExperimentalVMOptions -H:+ReportExceptionStackTraces -H:-UnlockExperimentalVMOptions -H:-AddAllCharsets --enable-url-protocols=http,https --enable-monitoring=heapdump -H:+UnlockExperimentalVMOptions -H:-UseServiceLoaderFeature -H:-UnlockExperimentalVMOptions -J--add-exports=org.graalvm.nativeimage/org.graalvm.nativeimage.impl=ALL-UNNAMED --exclude-config io\.netty\.netty-codec /META-INF/native-image/io\.netty/netty-codec/generated/handlers/reflect-config\.json --exclude-config io\.netty\.netty-handler /META-INF/native-image/io\.netty/netty-handler/generated/handlers/reflect-config\.json code-with-quarkus-1.0.0-SNAPSHOT-runner -jar code-with-quarkus-1.0.0-SNAPSHOT-runner.jar

zakkak · 2023-12-07T10:11:28Z

Update: I can reproduce with Quarkus 58834c2, apparently I tested with a different version.

yrodiere · 2023-12-07T10:16:38Z

Update: I can reproduce with Quarkus 58834c2, apparently I tested with a different version.

Great, thanks for having a look @zakkak!

Could you please share the part of the logs showing how podman was invoked? It should look like this:

FWIW it was already included in my message:

[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildStep] Running Quarkus native-image plugin on MANDREL 23.1.1.0 JDK 21.0.1+12-LTS
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildRunner] podman run --env LANG=C --rm --user 110378:110378 -v /home/yrodiere/workspaces/testcases/quarkus-playground/target/code-with-quarkus-1.0.0-SNAPSHOT-native-image-source-jar:/project:z --name build-native-Efwzj quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 -J-Djava.util.logging.manager=org.jboss.logmanager.LogManager -J-DCoordinatorEnvironmentBean.transactionStatusManagerEnable=false -J-Dsun.nio.ch.maxUpdateArraySize=100 -J-Dlogging.initial-configurator.min-level=500 -J-Dvertx.logger-delegate-factory-class-name=io.quarkus.vertx.core.runtime.VertxLogDelegateFactory -J-Dvertx.disableDnsResolver=true -J-Dio.netty.leakDetection.level=DISABLED -J-Dio.netty.allocator.maxOrder=3 -J-Duser.language=en -J-Duser.country=US -J-Dfile.encoding=UTF-8 --features=io.quarkus.jdbc.postgresql.runtime.graal.SQLXMLFeature,io.quarkus.hibernate.orm.runtime.graal.DisableLoggingFeature,io.quarkus.runner.Feature,io.quarkus.runtime.graal.DisableLoggingFeature,org.hibernate.graalvm.internal.GraalVMStaticFeature,io.quarkus.caffeine.runtime.graal.CacheConstructorsFeature -J--add-exports=java.security.jgss/sun.security.krb5=ALL-UNNAMED -J--add-opens=java.base/java.text=ALL-UNNAMED -J--add-opens=java.base/java.io=ALL-UNNAMED -J--add-opens=java.base/java.lang.invoke=ALL-UNNAMED -J--add-opens=java.base/java.util=ALL-UNNAMED -H:+UnlockExperimentalVMOptions -H:BuildOutputJSONFile=code-with-quarkus-1.0.0-SNAPSHOT-runner-build-output-stats.json -H:-UnlockExperimentalVMOptions --strict-image-heap -H:+UnlockExperimentalVMOptions -H:+AllowFoldMethods -H:-UnlockExperimentalVMOptions -J-Djava.awt.headless=true --no-fallback --link-at-build-time -H:+UnlockExperimentalVMOptions -H:+ReportExceptionStackTraces -H:-UnlockExperimentalVMOptions -H:-AddAllCharsets --enable-url-protocols=http,https --enable-monitoring=heapdump -H:+UnlockExperimentalVMOptions -H:-UseServiceLoaderFeature -H:-UnlockExperimentalVMOptions -J--add-exports=org.graalvm.nativeimage/org.graalvm.nativeimage.impl=ALL-UNNAMED --exclude-config io\.netty\.netty-codec /META-INF/native-image/io\.netty/netty-codec/generated/handlers/reflect-config\.json --exclude-config io\.netty\.netty-handler /META-INF/native-image/io\.netty/netty-handler/generated/handlers/reflect-config\.json code-with-quarkus-1.0.0-SNAPSHOT-runner -jar code-with-quarkus-1.0.0-SNAPSHOT-runner.jar

zakkak · 2023-12-07T10:24:41Z

@yrodiere thanks for catching this. It should be fixed in #37576

FWIW it was already included in my message:

Ooops 🤦, sorry for that.

Treat Docker Desktop as "rootless" since the way it binds mounts does not transparently map the host user ID and GID see https://docs.docker.com/desktop/faqs/linuxfaqs/#how-do-i-enable-file-sharing Closes quarkusio#37193

johnmanko added area/native-image kind/bug Something isn't working labels Nov 18, 2023

zakkak self-assigned this Nov 21, 2023

zakkak mentioned this issue Nov 21, 2023

Support Docker Desktop for building native executables #37242

Merged

gsmet closed this as completed in #37242 Nov 21, 2023

quarkus-bot bot added this to the 3.7 - main milestone Nov 21, 2023

gsmet modified the milestones: 3.7 - main, 3.6.0 Nov 21, 2023

yrodiere mentioned this issue Dec 7, 2023

Fix smallrye ConfigValidationException not being handled properly at Quarkus startup #37543

Merged

yrodiere mentioned this issue Dec 7, 2023

Fix ContainerRuntimeUtil.ContainerRuntime#isPodman check #37576

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AccessDeniedException error with build using native image on linux with Docker Desktop #37193

AccessDeniedException error with build using native image on linux with Docker Desktop #37193

johnmanko commented Nov 18, 2023

quarkus-bot bot commented Nov 18, 2023

galderz commented Nov 21, 2023

zakkak commented Nov 21, 2023

johnmanko commented Nov 21, 2023

yrodiere commented Dec 7, 2023 •

edited

Loading

zakkak commented Dec 7, 2023

zakkak commented Dec 7, 2023

yrodiere commented Dec 7, 2023

zakkak commented Dec 7, 2023

AccessDeniedException error with build using native image on linux with Docker Desktop #37193

AccessDeniedException error with build using native image on linux with Docker Desktop #37193

Comments

johnmanko commented Nov 18, 2023

Describe the bug

Expected behavior

Actual behavior

How to Reproduce?

Output of uname -a or ver

Output of java -version

Mandrel or GraalVM version (if different from Java)

Quarkus version or git rev

Build tool (ie. output of mvnw --version or gradlew --version)

Additional information

quarkus-bot bot commented Nov 18, 2023

galderz commented Nov 21, 2023

zakkak commented Nov 21, 2023

johnmanko commented Nov 21, 2023

yrodiere commented Dec 7, 2023 • edited Loading

zakkak commented Dec 7, 2023

zakkak commented Dec 7, 2023

yrodiere commented Dec 7, 2023

zakkak commented Dec 7, 2023

Output of `uname -a` or `ver`

Output of `java -version`

Build tool (ie. output of `mvnw --version` or `gradlew --version`)

yrodiere commented Dec 7, 2023 •

edited

Loading