summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAchilleas Pipinellis <axil@gitlab.com>2019-06-21 14:05:03 +0000
committerMike Lewis <mlewis@gitlab.com>2019-06-21 14:05:03 +0000
commit511e67e5ab820c85ac6edb2fa7b214cdcd4bf30c (patch)
treee6e7fcef9c9352edd52c620b81d9eb1cc2c0d397
parent44db34182eb705a8a12020ade9f81f86903700da (diff)
downloadgitlab-ce-511e67e5ab820c85ac6edb2fa7b214cdcd4bf30c.tar.gz
Mention Container Scanning NFS bug and how to fix it
-rw-r--r--doc/user/application_security/container_scanning/index.md20
1 files changed, 20 insertions, 0 deletions
diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md
index a24374dff1d..4a2fb1d7190 100644
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@@ -40,6 +40,9 @@ To enable Container Scanning in your pipeline, you need:
[`kubernetes`](https://docs.gitlab.com/runner/install/kubernetes.html#running-privileged-containers-for-the-runners)
executor running in privileged mode. If you're using the shared Runners on GitLab.com,
this is enabled by default.
+- Docker `18.09.03` or higher installed on the machine where the Runners are
+ running. If you're using the shared Runners on GitLab.com, this is already
+ the case.
- To [build and push](../../../ci/docker/using_docker_build.md#container-registry-examples)
your Docker image to your project's [Container Registry](../../project/container_registry.md).
The name of the Docker image should match the following scheme:
@@ -202,3 +205,20 @@ vulnerabilities in your groups and projects. Read more about the
Once a vulnerability is found, you can interact with it. Read more on how to
[interact with the vulnerabilities](../index.md#interacting-with-the-vulnerabilities).
+
+## Troubleshooting
+
+### docker: Error response from daemon: failed to copy xattrs
+
+When the GitLab Runner uses the Docker executor and NFS is used
+(e.g., `/var/lib/docker` is on an NFS mount), Container Scanning might fail with
+an error like the following:
+
+```
+docker: Error response from daemon: failed to copy xattrs: failed to set xattr "security.selinux" on /path/to/file: operation not supported.
+```
+
+This is a result of a bug in Docker which is now [fixed](https://github.com/containerd/continuity/pull/138 "fs: add WithAllowXAttrErrors CopyOpt").
+To prevent the error, ensure the Docker version that the Runner is using is
+`18.09.03` or higher. For more information, see
+[issue #10241](https://gitlab.com/gitlab-org/gitlab-ee/issues/10241 "Investigate why Container Scanning is not working with NFS mounts").