forgejo/runner
32
98
Fork
You've already forked runner
 103
Code Issues 34 Pull requests 12 Releases 92 Packages 1 Activity Actions 6

bug: LXC hostexecutor leaks #442

New issue
Closed
opened 2025-01-21 10:23:00 +00:00 by earl-warren · 2 comments
earl-warren commented 2025-01-21 10:23:00 +00:00
Contributor
Copy link

Can you reproduce the bug on the Forgejo test instance?

Yes

Description

  • Create an LXC runner
  • Run a workflow using LXC
  • See the $HOME/.cache/act/*/hostexecutor is not removed upon completion

Runner Version

All

### Can you reproduce the bug on the Forgejo test instance? Yes ### Description - Create an LXC runner - Run a workflow using LXC - See the $HOME/.cache/act/*/hostexecutor is not removed upon completion ### Runner Version All
viceice reopened this issue 2025-07-28 17:28:22 +00:00
earl-warren commented 2025-10-03 11:06:42 +00:00
Author
Contributor
Copy link
time="2025-10-03T08:24:25Z" level=error msg="Error while stop job container FORGEJO-ACTIONS-TASK-194599_WORKFLOW-b818b68f65df58a26df058d95f646db7a37ecb9928dae394fe6f92429abcdc6b_JOB-example-docker-compose: unlinkat /home/debian/.cache/act/e7ebb27720a4abd7/hostexecutor/examples/docker-build-push-action/Dockerfile: permission denied"
time="2025-10-03T08:24:36Z" level=info msg="Cleaning up network for job forgejo, and network name is: WORKFLOW-664d598f0fff03b343bcf0f75a38307e"
time="2025-10-03T08:25:51Z" level=info msg="Cleaning up services for job build and test"
time="2025-10-03T08:25:51Z" level=info msg="Cleaning up network for job build and test, and network name is: WORKFLOW-076ec84a291908fce59db9ba60cf233a"
time="2025-10-03T08:25:53Z" level=info msg="task 194615 repo is forgejo/runner https://code.forgejo.org https://code.forgejo.org"
time="2025-10-03T08:25:55Z" level=info msg="task 194616 repo is forgejo/runner https://code.forgejo.org https://code.forgejo.org"
time="2025-10-03T08:26:19Z" level=error msg="Error while stop job container FORGEJO-ACTIONS-TASK-194615_WORKFLOW-3d3393aed31ee2ff02f6682fbe2e7f9ca8c21ab1117eb2485209a0cf81dfb574_JOB-runner-exec-tests: unlinkat /home/debian/.cache/act/7c1f40baabd74d5a/hostexecutor/examples/docker-build-push-action/Dockerfile: permission denied"
time="2025-10-03T08:29:46Z" level=error msg="Error while stop job container FORGEJO-ACTIONS-TASK-194602_WORKFLOW-0b05dcfd929f32e68a7830bc0cfbeddd2aec61d06e56536a9a9250f7d3f81cef_JOB-example-lxc-systemd: unlinkat /home/debian/.cache/act/b2d1556eae1cfafb/hostexecutor/examples/docker-build-push-action/Dockerfile: permission denied"
time="2025-10-03T08:31:51Z" level=error msg="Error while stop job container FORGEJO-ACTIONS-TASK-194616_WORKFLOW-afe33dd8512a2ef16b89da4a4e04b4abd937d604dd00a5647aa9e1b06ac5ee13_JOB-runner-integration-tests: unlinkat /home/debian/.cache/act/7fa22e0e88777668/hostexecutor/examples/docker-build-push-action/Dockerfile: permission denied"
time="2025-10-03T08:36:52Z" level=error msg="Error while stop job container FORGEJO-ACTIONS-TASK-194606_WORKFLOW-02470b3025b358b7f22ec6ea32e6d39bcf80d51705895feff2e0cdcb9fbce708_JOB-integration-tests: unlinkat /home/debian/.cache/act/e95054374afd827b/hostexecutor/examples/docker-build-push-action/Dockerfile: permission denied"
time="2025-10-03T08:39:56Z" level=info msg="runner: runner shutdown initiated, waiting [runner].shutdown_timeout=3h0m0s for running jobs to complete before shutting down"
time="2025-10-03T08:39:56Z" level=info msg="[poller 4] shutdown"
time="2025-10-03T08:39:56Z" level=info msg="[poller 5] shutdown"
time="2025-10-03T08:39:56Z" level=info msg="[poller 1] shutdown"
time="2025-10-03T08:39:56Z" level=info msg="[poller 3] shutdown"
time="2025-10-03T08:39:56Z" level=info msg="[poller 7] shutdown"
time="2025-10-03T08:39:56Z" level=info msg="[poller 6] shutdown"
time="2025-10-03T08:39:56Z" level=info msg="[poller 0] shutdown"
time="2025-10-03T08:59:03Z" level=info msg="Cleaning up network for job forgejo, and network name is: WORKFLOW-012157855f0978bcf734d904ed25712f"
time="2025-10-03T08:59:03Z" level=info msg="[poller 2] shutdown"

The cleanup fails because the runner does not have permission, it runs as a regular user while the files may belong to root. This is not caught by the tests because they run on the same user and do not actually run a workflow.

``` time="2025-10-03T08:24:25Z" level=error msg="Error while stop job container FORGEJO-ACTIONS-TASK-194599_WORKFLOW-b818b68f65df58a26df058d95f646db7a37ecb9928dae394fe6f92429abcdc6b_JOB-example-docker-compose: unlinkat /home/debian/.cache/act/e7ebb27720a4abd7/hostexecutor/examples/docker-build-push-action/Dockerfile: permission denied" time="2025-10-03T08:24:36Z" level=info msg="Cleaning up network for job forgejo, and network name is: WORKFLOW-664d598f0fff03b343bcf0f75a38307e" time="2025-10-03T08:25:51Z" level=info msg="Cleaning up services for job build and test" time="2025-10-03T08:25:51Z" level=info msg="Cleaning up network for job build and test, and network name is: WORKFLOW-076ec84a291908fce59db9ba60cf233a" time="2025-10-03T08:25:53Z" level=info msg="task 194615 repo is forgejo/runner https://code.forgejo.org https://code.forgejo.org" time="2025-10-03T08:25:55Z" level=info msg="task 194616 repo is forgejo/runner https://code.forgejo.org https://code.forgejo.org" time="2025-10-03T08:26:19Z" level=error msg="Error while stop job container FORGEJO-ACTIONS-TASK-194615_WORKFLOW-3d3393aed31ee2ff02f6682fbe2e7f9ca8c21ab1117eb2485209a0cf81dfb574_JOB-runner-exec-tests: unlinkat /home/debian/.cache/act/7c1f40baabd74d5a/hostexecutor/examples/docker-build-push-action/Dockerfile: permission denied" time="2025-10-03T08:29:46Z" level=error msg="Error while stop job container FORGEJO-ACTIONS-TASK-194602_WORKFLOW-0b05dcfd929f32e68a7830bc0cfbeddd2aec61d06e56536a9a9250f7d3f81cef_JOB-example-lxc-systemd: unlinkat /home/debian/.cache/act/b2d1556eae1cfafb/hostexecutor/examples/docker-build-push-action/Dockerfile: permission denied" time="2025-10-03T08:31:51Z" level=error msg="Error while stop job container FORGEJO-ACTIONS-TASK-194616_WORKFLOW-afe33dd8512a2ef16b89da4a4e04b4abd937d604dd00a5647aa9e1b06ac5ee13_JOB-runner-integration-tests: unlinkat /home/debian/.cache/act/7fa22e0e88777668/hostexecutor/examples/docker-build-push-action/Dockerfile: permission denied" time="2025-10-03T08:36:52Z" level=error msg="Error while stop job container FORGEJO-ACTIONS-TASK-194606_WORKFLOW-02470b3025b358b7f22ec6ea32e6d39bcf80d51705895feff2e0cdcb9fbce708_JOB-integration-tests: unlinkat /home/debian/.cache/act/e95054374afd827b/hostexecutor/examples/docker-build-push-action/Dockerfile: permission denied" time="2025-10-03T08:39:56Z" level=info msg="runner: runner shutdown initiated, waiting [runner].shutdown_timeout=3h0m0s for running jobs to complete before shutting down" time="2025-10-03T08:39:56Z" level=info msg="[poller 4] shutdown" time="2025-10-03T08:39:56Z" level=info msg="[poller 5] shutdown" time="2025-10-03T08:39:56Z" level=info msg="[poller 1] shutdown" time="2025-10-03T08:39:56Z" level=info msg="[poller 3] shutdown" time="2025-10-03T08:39:56Z" level=info msg="[poller 7] shutdown" time="2025-10-03T08:39:56Z" level=info msg="[poller 6] shutdown" time="2025-10-03T08:39:56Z" level=info msg="[poller 0] shutdown" time="2025-10-03T08:59:03Z" level=info msg="Cleaning up network for job forgejo, and network name is: WORKFLOW-012157855f0978bcf734d904ed25712f" time="2025-10-03T08:59:03Z" level=info msg="[poller 2] shutdown" ``` The cleanup fails because the runner does not have permission, it runs as a regular user while the files may belong to root. This is not caught by the tests because they run on the same user and do not actually run a workflow.
earl-warren commented 2025-10-03 11:16:57 +00:00
Author
Contributor
Copy link

It runs a workflow and it should fail. Only this is a special case: the directory is created by the user and since no files are created in it, the test is a false positive.

#1054/files

This reproduces the problem in a trivial way: just by creating sub-directories owned by root.

It runs a workflow and it should fail. Only this is a special case: the directory is created by the user and since no files are created in it, the test is a false positive. https://code.forgejo.org/forgejo/runner/pulls/1054/files This reproduces the problem in a trivial way: just by creating sub-directories owned by root.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
renovate/github.com-docker-go-connections-0.x
renovate/go-github.com-docker-cli-vulnerability
renovate/forgejo-lxc-13.x
validate-1460
chore/testing-trixie
chore/testing-bookworm
expand-reusable-workflows-working-branch
feat-default_actions_url-on-step
2023-05-22-main-before-force-push
2023-04-30-main-before-force-push
v12.11.0
v12.10.2
v12.10.1
v12.10.0
v12.9.0
v12.8.2
v12.8.1
v12.8.0
v12.7.3
v12.7.2
v12.7.1
v12.7.0
v12.6.4
v12.6.3
v12.6.2
v12.6.1
v12.6.0
v12.5.3
v12.5.2
v12.5.1
v12.5.0
v12.4.0
v12.3.1
v12.3.0
v12.2.0
v12.1.2
v12.1.1
v12.1.0
v12.0.1
v12.0.0
v11.3.1
v11.3.0
v11.2.0
v11.1.2
v11.1.1
v11.1.0
v11.0.0
v10.0.1
v10.0.0
v9.1.1
v9.1.0
v9.0.3
v9.0.2
v9.0.1
v9.0.0
v8.0.1
v8.0.0
v7.0.0
v6.4.0
v6.3.1
v6.3.0
v6.2.2
v6.2.1
v6.2.0
v6.1.0
v6.0.1
v6.0.0
v5.0.4
v5.0.3
v5.0.2
v5.0.1
v5.0.0
v4.0.1
v4.0.0
v3.5.1
v3.5.0
v3.4.1
v3.4.0
v3.3.0
v3.2.0
v3.1.0
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.5.0
v2.4.0
v2.3.0
v2.2.0
v2.1.0
v2.0.4
v2.0.3
v2.0.2
v1.5.0
v2.0.1
v2.0.0
v1.8.1
v1.8.0
v1.7.0
v1.6.0
v1.4.3
v1.4.2
v1.4.1
v1.3.1
v1.4.0
v1.3.0
v1.2.0
v1.1.0
v0.0.1
v1.0.1
v1.0.0
Labels
Clear labels   
FreeBSD

   
Kind/Breaking
Breaking change that won't be backward compatible

  
Kind/Bug
Something is not working

  
Kind/Chore
It is no fun but it needs to be done, this is a chore.

  
Kind/DependencyUpdate
for pull requests that are created by renovate when updating a dependency

  
Kind/Documentation
Documentation changes

  
Kind/Enhancement
Improve existing functionality

  
Kind/Feature
New functionality

  
Kind/Security
This is security issue

  
Kind/Testing
Issue or pull request related to testing

  
Priority
Critical
 The priority is critical

  
Priority
High
 The priority is high

  
Priority
Low
 The priority is low

  
Priority
Medium
 The priority is medium

  
Reviewed
Confirmed
 Issue has been confirmed

  
Reviewed
Duplicate
 This issue or pull request already exists

  
Reviewed
Invalid
 Invalid issue

  
Reviewed
Won't Fix
 This issue won't be fixed

  
Status
Abandoned
 Somebody has started to work on this but abandoned work

  
Status
Blocked
 Something is blocking this issue or pull request

  
Status
Need More Info
 Feedback is required to reproduce issue or to continue work

  
Windows
Windows ports is an independent project, see https://github.com/Crown0815/Forgejo-runner-windows-builder

  
linux-powerpc64le
powerpc64le

  
linux-riscv64

   
linux-s390x

   
run-end-to-end-tests
Run https://code.forgejo.org/forgejo/end-to-end with a runner compiled from this pull request

  
run-forgejo-tests
Run https://codeberg.org/forgejo/forgejo tests importing the runner from this pull request

  
run-multi-platform-tests
Label a PR for automatic execution of test suite on arm64 architecture.

No labels
FreeBSD
Kind/Breaking
Kind/Bug
Kind/Chore
Kind/DependencyUpdate
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Security
Kind/Testing
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Reviewed
Confirmed
Reviewed
Duplicate
Reviewed
Invalid
Reviewed
Won't Fix
Status
Abandoned
Status
Blocked
Status
Need More Info
Windows
linux-powerpc64le
linux-riscv64
linux-s390x
run-end-to-end-tests
run-forgejo-tests
run-multi-platform-tests
Milestone
Clear milestone
No items
No milestone
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo/runner#442
No description provided.