Docker: failed to copy xattrs: failed to set xattr “security.selinux”

Hi every1,

I already posted my problem on StackOverflow and created a Gitlab issue but I was unable to solve it until now. I’m trying to build a docker image using Gitlab-CI for linux/arm/v7 platform but unfortunately I’m facing the following error:

[3/7] RUN apt-get update
ERROR: executor failed running [/dev/.buildkit_qemu_emulator /bin/sh -c apt-get update]: failed to copy xattrs: failed to set xattr "security.selinux" on /tmp/buildkit-qemu-emulator135475847/dev/.buildkit_qemu_emulator: operation not supported
------
 > [3/7] RUN apt-get update:
------
failed to solve: rpc error: code = Unknown desc = executor failed running [/dev/.buildkit_qemu_emulator /bin/sh -c apt-get update]: failed to copy xattrs: failed to set xattr "security.selinux" on /tmp/buildkit-qemu-emulator135475847/dev/.buildkit_qemu_emulator: operation not supported
Cleaning up file based variables
00:01
ERROR: Job failed: exit code 1

My gitlab-ci.yml looks like:

image: jdrouet/docker-with-buildx:stable

variables:
  DOCKER_HOST: tcp://docker:2375/
  DOCKER_DRIVER: overlay2

services:
  - docker:dind

build:
  stage: build
  before_script:
     - docker info
     - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
  script:
    - docker buildx create --use
    - docker buildx build --push --platform linux/arm/v7 -t $CI_REGISTRY_IMAGE .

And my Dockerfile is the following:

ARG NODE_VERSION=lts-slim

FROM --platform=linux/arm/v7 node:${NODE_VERSION}
WORKDIR /home/node

RUN apt-get update
RUN apt-get install -y build-essential python
RUN npm install --global npm node-gyp

COPY . .

ARG NODE_ENV=production
ENV NODE_ENV ${NODE_ENV}

RUN npm ci

CMD ["npm", "start"]

I’m using the free CI/CD pipelines provided by gitlab.com. Is anyone having any idea how I can fix the issue?

Hi @timvol

I think this is likely a Docker issue, not a GitLab issue. Does it work on your local machine?

Looking at the Docker engine release notes, I see 19.03 talks about turning xattrs off by default in buildkit Ignore system and security xattrs in calculation to ensure consistent COPY caching regardless of SELinux environment moby/moby#41222 – maybe useful?

Thank you very much, @snim2 Unfortunately this doesn’t solve the issue. It’s also not working on my local machine (using Docker 19.03.12 instead of 19.03.13 :smiley:). But I changed the version in the CI to Docker version 20.10.2, build 2291f61 and the same problem occurs. So I’ll create an additional ticket in the Docker issue tracker :smiley:

Good luck!

I’m not certain, but I suspect there’s a problem related to architecture. While docker can emulate different architectures,

GitLab.com shared runners all run on x86_64 machines. To build a project for arm7, I believe you’ll want to use a dedicated runner that uses ARM architecture (A Raspberry Pi, for example).