fix(docker): Resolve liburing.so.2 loading error for non-root users #987

Merged

tcpipuk merged 1 commit from tom/fix-liburing into main 2025-09-07 13:43:45 +00:00

Conversation 1 Commits 1 Files changed 2 +42 -19

tcpipuk commented 2025-09-07 11:28:31 +00:00

Owner

Copy link

Container failed to start when running as non-root (user 1000:1000) because copied directories had restrictive 770 permissions, likely due to different umask in persistent BuildKit. Non-root users couldn't access /usr/lib to load required dynamic libraries.

Adds --chmod=755 to all COPY commands to explicitly set permissions and improves library extraction with robust lddtree processing. Also fixes workflow syntax error and removes docker/** from paths-ignore to ensure Docker changes trigger CI builds.

Container failed to start when running as non-root (user 1000:1000) because copied directories had restrictive 770 permissions, likely due to different umask in persistent BuildKit. Non-root users couldn't access /usr/lib to load required dynamic libraries. Adds `--chmod=755` to all COPY commands to explicitly set permissions and improves library extraction with robust lddtree processing. Also fixes workflow syntax error and removes `docker/**` from paths-ignore to ensure Docker changes trigger CI builds.

tcpipuk self-assigned this 2025-09-07 11:28:31 +00:00

tcpipuk added 1 commit 2025-09-07 11:28:31 +00:00

fix(docker): Include liburing runtime library for io_uring support ... c9a597a184

The lddtree step wasn't detecting liburing.so.2 as a dependency, likely
because rocksdb loads it dynamically at runtime. Add explicit detection
and copying of liburing libraries to ensure they're available in the
final runtime image.

tcpipuk added 1 commit 2025-09-07 11:33:24 +00:00

fix(ci): Repair release-image workflow and improve library detection ... 869f22c6d8

Remove syntax error in build args and enable workflow to trigger on docker
changes. Improve Dockerfile library detection script robustness with better
error handling and command construction.

tcpipuk added 1 commit 2025-09-07 12:11:04 +00:00

fix(docker): Set proper permissions for non-root container execution ... d7e4348234

Adds --chmod=755 to all COPY commands in the scratch image to ensure
directories and files are readable by non-root users. This fixes the
liburing.so.2 loading error when running as user 1000:1000.

Also reorders COPY layers for better caching: libraries, binaries, then SBOM.

tcpipuk force-pushed tom/fix-liburing from d7e4348234 to a9c1d165d7 2025-09-07 12:22:15 +00:00 Compare

tcpipuk changed title from fix(docker): Include liburing runtime library for io_uring support to fix(docker): Resolve liburing.so.2 loading error for non-root users 2025-09-07 12:23:37 +00:00

tcpipuk force-pushed tom/fix-liburing from a9c1d165d7 to d92da9d8e6 2025-09-07 12:38:13 +00:00 Compare

tcpipuk force-pushed tom/fix-liburing from d92da9d8e6 to 7b3055be37 2025-09-07 12:54:16 +00:00 Compare

tcpipuk force-pushed tom/fix-liburing from 7b3055be37 to 0d9a9aa388 2025-09-07 12:56:57 +00:00 Compare

tcpipuk force-pushed tom/fix-liburing from 0d9a9aa388 to 4dd1cbc803 2025-09-07 12:58:27 +00:00 Compare

tcpipuk force-pushed tom/fix-liburing from 4dd1cbc803 to fff9629b0f 2025-09-07 13:13:26 +00:00 Compare

tcpipuk commented 2025-09-07 13:27:51 +00:00

Author

Owner

Copy link

It was fun resolving this permission issue... COPY --chmod in Docker apparently only modifies the files, not the directories, so I've added a little prepper stage between the builder and the scratch output so it can organise the files into "layers" and set the mode correctly before copying the layers into the final scratch for export.

I can confirm this has resolved the permissions issue for me, either way!

It was fun resolving this permission issue... `COPY --chmod` in Docker apparently only modifies the files, not the directories, so I've added a little `prepper` stage between the `builder` and the scratch output so it can organise the files into "layers" and set the mode correctly before copying the layers into the final scratch for export. I can confirm this has resolved the permissions issue for me, either way!

tcpipuk merged commit fff9629b0f into main 2025-09-07 13:43:45 +00:00

tcpipuk deleted branch tom/fix-liburing 2025-09-07 13:43:45 +00:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

Bug

Something isn't working as intended

  

Cherry-picking

Commits picked from other conduit projects

  

Database

This requires or includes changes to the database

  

Dependencies

Something dependency related

  

Dependencies/Renovate

Automatic dependency upgrades by Renovate

  

Difficulty

Easy

Low difficulty to implement - touches few parts of the codebase, low complexity

  

Difficulty

Hard

High difficulty to implement - touches many parts of the codebase, high complexity

  

Difficulty

Medium

Medium difficulty to implement - touches more parts of the codebase, higher complexity

  

Documentation

Improvements or additions to documentation

  

Enhancement

New feature or request

  

Good first issue

Good for newcomers

  

Help wanted

Additional eyes and keyboards are required for this one

  

Inherited

Issues that have been inhereted from the project pre-fork

  

Matrix/Administration

Features pertaining to homeserver administration

  

Matrix/Appservices

Features pertaining to the appservice API

  

Matrix/Auth

Features pertaining to authentication

  

Matrix/Client

Features pertaining to client-to-server interactions

  

Matrix/Core

  

Matrix/Federation

Features pertaining to server-to-server interactions

  

Matrix/MSC

Features pertaining to unstable matrix features

  

Matrix/Media

Features pertaining to media interactions

  

Meta

Related to housekeeping, maintenance, or other repo-meta.

  

Meta/Packaging

Packaging

  

Priority

Blocking

This issue is blocking the next release

  

Priority

High

This issue is very important

  

Priority

Low

This issue is of a rather low priority

  

Security

This item is related to general security

  

Status

Confirmed

  

Status

Duplicate

This issue or pull request already exists

  

Status

Invalid

This issue doesn't seem right

  

Status

Needs Investigation

This issue needs further investigation

  

To-Merge

  

Wont fix

This will not be worked on

  

old/ci/cd

Ci/CD

Archived

  

old/rust

Pull requests that update Rust code

Archived

No labels

Bug

Cherry-picking

Database

Dependencies

Dependencies/Renovate

Difficulty

Easy

Difficulty

Hard

Difficulty

Medium

Documentation

Enhancement

Good first issue

Help wanted

Inherited

Matrix/Administration

Matrix/Appservices

Matrix/Auth

Matrix/Client

Matrix/Core

Matrix/Federation

Matrix/MSC

Matrix/Media

Meta

Meta/Packaging

Priority

Blocking

Priority

High

Priority

Low

Security

Status

Confirmed

Status

Duplicate

Status

Invalid

Status

Needs Investigation

To-Merge

Wont fix

old/ci/cd

old/rust

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

tcpipuk

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: continuwuation/continuwuity#987

No description provided.