Error: BATS_TMPDIR (/tmp) is not writable

[frankpengau]

Error Message: Error: BATS_TMPDIR (/tmp) is not writable🚨 Error: The command exited with status 1

Docker-in-Docker (dind) problem, when trying to use the buildkite-plugins/docker-buildkite-plugin with the docker image generated by this repository (buildkite-plugins/buildkite-plugin-tester) for buildkite/plugin-tester

Related to new sys call (faccessat2) introduced in Linux Kernel v5.8 returning error code EPERM instead of ENOSYS, affects glibc, runc, seccomp/libseccomp, moby...etc.

PR Raised to fix problem: #55

[frankpengau]

Just a side note:

Although you can use the flags/options --privileged or --security-opt="seccomp=unconfined" as a workaround to the issue, but I don't think it's the best idea to do so. It seems like it's exposing itself to unnecessary security risk.

Hence, going to use the bats/bats:latest-no-faccessat2 image from docker hub as the workaround to the issue.

[frankpengau]

Just for completeness sake, although I wouldn't recommend it, but if required.

--privileged, with docker buildkite plugin == privileged: true

  - label: ":shell: Test using Buildkite's own Bats docker box"
    command: "bats tests/"
    plugins:
      - docker#v5.3.0:
          image: buildkite/plugin-tester:latest
          workdir: /plugin
          privileged: true
    agents:
      queue: elastic

--security-opt="seccomp=unconfined", with docker buildkite plugin == security-opts: ["seccomp=unconfined"]

  - label: ":shell: Test using Buildkite's own Bats docker box"
    command: "bats tests/"
    plugins:
      - docker#v5.3.0:
          image: buildkite/plugin-tester:latest
          workdir: /plugin
          security-opts: ["seccomp=unconfined"]
    agents:
      queue: elastic

[toote]

Just for completeness' sake, according to the original bats issue, other possible solutions involve upgrading versions of Docker (at least 20.10) or runc (at least 1.0.0-rc93) or changing the security profile to one that uses SCMP_ACT_TRACE as the default behaviour.