Downloading artifacts: operation not permitted - runner 13.6.0 (#27320) · Issues · GitLab.org / gitlab-runner

Downloading artifacts: operation not permitted - runner 13.6.0

### Summary After upgrading gitlab runner from 13.1.3 to 13.6.0 i got a permission problem while downloading artifacts in stage 'staging' (see below) With 13.1.3 it still works ### Steps to reproduce Just using the 13.6.0 runner ### What is the current *bug* behavior? Permission denied for artifact ### What is the expected *correct* behavior? No Permission denied like 13.1.3 ### Relevant logs and/or screenshots runners are in docker containers [gitlab-runner](/uploads/4b89e4e8a140ae66358a91d9b3a1f18c/gitlab-runner) **failing ci log** ```log Running with gitlab-runner 13.6.0 (8fa89735) on bfb1ef45e3ca woSx6n6a Preparing the "docker" executor 00:03 Using Docker executor with image registry/docker-local/debian/debian-build-base:v0.7.1 ... Pulling docker image registry/docker-local/debian/debian-build-base:v0.7.1 ... Using docker image sha256:c06be0252cc9c9fd384f919b31deba7a5bfa471f773ab0d96816c7b71a666f49 for registry/docker-local/debian/debian-build-base:v0.7.1 with digest registry/docker-local/debian/debian-build-base@sha256:decf963465c438955b745bdb933ce18652da8bbf5b8635e07e5257cd598f1be7 ... Preparing environment Running on runner-wosx6n6a-project-38-concurrent-0 via bfb1ef45e3ca... Getting source from Git repository 00:02 Fetching changes with git depth set to 50... ... ... Downloading artifacts 00:01 Downloading artifacts for buildpackage (1891)... **FATAL: open /tmp/artifacts325458500: operation not permitted ** ERROR: Job failed: exit code 1 ``` **passing ci-log** ``` Running with gitlab-runner 13.1.3 (d7a309cd) on 12e4c5a04a4c 9WhsdpH2 Preparing the "docker" executor 00:03 . . . Downloading artifacts 00:01 Downloading artifacts for buildpackage (1888)... Downloading artifacts from coordinator... ok id=1888 responseStatus=200 OK token=3zFopQiH Executing "step_script" stage of the job script ``` **.gitlab-ci.yml** ``` buildpackage: stage: buildpackage script: - ..... - cp ./build/*.deb deb.deb artifacts: name: "artifacts-deb-$CI_COMMIT_REF_NAME" expire_in: 1 week paths: - ./*.deb staging: stage: staging dependencies: - buildpackage only: - master script: - DEBIAN_PACKAGE_NAME=$(dpkg-deb --showformat="\${Package}_\${Version}_\${Architecture}.deb" -W *.deb) - DISTRIBUTION=unstable - COMPONENT=main - ARCHITECTURE=amd64 - ls -lah deb.deb ``` ### Output of checks  #### Results of GitLab environment info  <details> <summary>Expand for output related to GitLab environment info</summary> <pre> ``` System information System: Current User: git Using RVM: no Ruby Version: 2.7.2p137 Gem Version: 3.1.4 Bundler Version:2.1.4 Rake Version: 13.0.1 Redis Version: 5.0.9 Git Version: 2.29.0 Sidekiq Version:5.2.9 Go Version: unknown GitLab information Version: 13.6.1 Revision: 1b6a590b197 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 11.9 URL: http://xyz HTTP Clone URL: http://lxyz/some-group/some-project.git SSH Clone URL: git@lxyz:some-group/some-project.git Using LDAP: no Using Omniauth: yes Omniauth Providers: GitLab Shell Version: 13.13.0 Repository storage paths: - default: /var/opt/gitlab/git-data/repositories GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Git: /opt/gitlab/embedded/bin/git ``` </pre> </details> #### Results of GitLab application Check  <details> <summary>Expand for output related to the GitLab application check</summary> <pre> docker exec -it gitlab gitlab-rake gitlab:check SANITIZE=true Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 13.13.0 ? ... OK (13.13.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 5/11 ... yes 5/13 ... yes 5/14 ... yes 6/15 ... yes 6/16 ... yes 4/19 ... yes 4/20 ... yes 3/22 ... yes 3/23 ... yes 4/24 ... yes 7/25 ... yes 3/27 ... yes 7/28 ... yes 7/29 ... yes 4/30 ... yes 6/32 ... yes 7/33 ... yes 6/35 ... yes 6/36 ... yes 5/37 ... yes 6/38 ... yes 6/39 ... yes 6/40 ... yes 6/41 ... yes 6/42 ... yes 6/43 ... yes 4/44 ... yes 6/45 ... yes 6/46 ... yes 3/47 ... yes 6/48 ... yes 2/49 ... yes 10/51 ... yes 6/55 ... yes 5/56 ... yes 6/58 ... yes 4/59 ... yes 4/60 ... yes 5/61 ... yes Redis version >= 4.0.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.7.2) Git version >= 2.29.0 ? ... yes (2.29.0) Git user has default SSH configuration? ... yes Active users: ... 6 Is authorized keys file accessible? ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes Checking GitLab App ... Finished Checking GitLab subtasks ... Finished </pre> </details> ### Possible fixes

issue