Closed
Description
Transferring from #3407.... as noted by @nathanweeks
(This is probably an separate issue) It appears that if XDG_RUNTIME_DIR is unset, the singularity-buildkitd unix domain socket is created in /run/singularity-buildkitd/ by default, which would fail in the rootless case (as on a multi-tenant HPC cluster):
$ singularity --debug build --oci test.oci-sif Dockerfile
DEBUG [U=1000,P=3154663]persistentPreRun() Singularity version: 3.7.3+3035-g82588d19a
...
INFO [U=0,P=3154678] ensureBuildkitd() Did not find usable system buildkitd daemon. Starting built-in singularity-buildkitd.
WARNING [U=0,P=3154678] startBuildkitd() ~/.singularity filesystem does not support buildkit. Using temporary directory /tmp/singularity-buildkitd-2111004501. Layers will not be cached for future builds.
DEBUG [U=0,P=3154678] startBuildkitd() starting /home/user/local/singularity/libexec/singularity/bin/singularity-buildkitd [--root=/tmp/singularity-buildkitd-2111004501 --socket=unix:///run/singularity-buildkitd/singularity-buildkitd-3154678.sock]
FATAL: singularity-buildkitd: permission denied
...
Setting XDG_RUNTIME_DIR to a user-writable path (which may be nonexistent before running singularity build) allows the build to succeed:
$ XDG_RUNTIME_DIR=/tmp/container-user-$UID singularity build --oci test.oci-sif Dockerfile
...
INFO: Did not find usable system buildkitd daemon. Starting built-in singularity-buildkitd.
WARNING: ~/.singularity filesystem does not support buildkit. Using temporary directory /tmp/singularity-buildkitd-4245275241. Layers will not be cached for future builds.
INFO: singularity-buildkitd: running server on /tmp/container-user-1000/singularity-buildkitd/singularity-buildkitd-3155637.sock
...
WARNING: removing singularity-buildkitd temporary directory /tmp/singularity-buildkitd-4245275241
INFO: Build complete: test.oci-sif