Not able to build arm64 ubuntu image with sudo access on amd64

[gaganyaan2]

I'm trying to build ubuntu image where i can give sudo access to ubuntu user but it's fails when i build it buildx

FROM ubuntu:20.04 as build
RUN apt update
RUN apt install curl xz-utils sudo -y
RUN useradd -m ubuntu -s /bin/bash
RUN echo 'ubuntu ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers
USER ubuntu
RUN sudo ls

docker buildx build --platform=linux/arm64 -t ubuntu-sudo -f Dockerfile .

i get below error "sudo: effective uid is not 0"

 => CACHED [5/6] RUN echo 'ubuntu ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers                                                                0.0s
 => ERROR [6/6] RUN sudo ls                                                                                                                  0.4s
------
 > [6/6] RUN sudo ls:
#0 0.287 sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
------
arm64.Dockerfile:7
--------------------
   5 |     RUN echo 'ubuntu ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers
   6 |     USER ubuntu
   7 | >>> RUN sudo ls
   8 |     
   9 |     
--------------------
error: failed to solve: process "/bin/sh -c sudo ls" did not complete successfully: exit code: 1

Note: sudo ls is just for simplicity i was trying to install nixos which requires sudo.

If i use the same Dockerfile and build it on raspberry pi4. It works without any error.

docker build -t ubuntu-sudo -f Dockerfile .

I found something here https://superuser.com/questions/1580293/sudo-effective-uid-is-not-0-is-usr-bin-sudo-on-a-file-system-with-the-nosuid to remount the filesystem but don't know how we can do it with buildx.

Please help.

[tonistiigi]

The file you posted seems to work fine for me when built for both amd64 and arm64 on M1 Docker Desktop.

[gaganyaan2]

Okay. It's seems it only works on arm64 architecture CPU as I was able to built it on raspberrypi4 and You can build it on M1.
But It doesn't work with amd64 machine(eg. i5-10500H) when built with buildx.
Fedora 35

[root@home ]# docker buildx version
github.com/docker/buildx v0.7.1-docker 05846896d149da05f3d6fd1e7770da187b52a247

Rocky Linux 8.4

[root@lp-test-1 ~]# docker buildx version
github.com/docker/buildx v0.8.2-docker 6224def4dd2c3d347eee19db595348c50d7cb491

[ynyBonfennil]

@koolwithk I had the same problem on my amd64 machine, but solved it by running the following command before docker build.

docker run --privileged multiarch/qemu-user-static:latest --reset -p yes --credential yes

The points is to use --credential yes option in multiarch/qemu-user-static.

FYI, if you clean docker build cache and run the command above with --credential no, then sudo will be unavailable in the container again.

[gaganyaan2]

After adding --credential yes it's working. thank you @ynyBonfennil