drone.io: containerd: write /proc/14/oom_score_adj: permission denied

Question

I am trying to reverse engineer the drone.io docker plugin and understand how to run the docker daemon in a pipeline step (DinD).

drone.io uses the library github.com/cncd/pipeline to compile and execute .drone.yml files.

The first thing the plugins/docker does is to start the docker daemon:

+ /usr/local/bin/dockerd -g /var/lib/docker

This works if fine in the official plugin, but I cannot get it to work with my own image where I do the same:

pipeline.yml

workspace:
  base: /go
  path: src/github.com/fnbk/hello

pipeline:
  test:
    image: fnbk/drone-daemon

fnbk/drone-daemon/run.sh

#!/bin/sh

/usr/local/bin/dockerd     # <= ERROR: containerd: write /proc/17/oom_score_adj: permission denied

# ...

It will give me the following error:

containerd: write /proc/14/oom_score_adj: permission denied

The full example can be found on github: https://github.com/cncd/pipeline/pull/45

Any suggestions are highly appreciated.

score 1 · Accepted Answer · answered Jul 03 '18 at 19:22

1

You need to add your plugin to a whitelist via the DRONE_ESCALATE environment variable, which is passed to the server. This is the default value:

DRONE_ESCALATE=plugins/docker,plugins/gcr,plugins/ecr

So you would pass something like this:

-DRONE_ESCALATE=plugins/docker,plugins/gcr,plugins/ecr
+DRONE_ESCALATE=plugins/docker,plugins/gcr,plugins/ecr,fnbk/my-custom-plugin

Note that this should be the image name only. It must not include the tag.

answered Jul 03 '18 at 19:22

Brad Rydzewski

It works! Thank you for pointing me in the right direction :-) – Florian Boehmak Jul 04 '18 at 08:27

1 Answers1