Drone-ecr plugin and volume for docker data: operation not permitted


I tried to have a simple cache between my docker builds, following the ideas here: How to enable Docker Layer Caching with 1.0

Here is what I tried:

  - name: Prepare caches
    image: busybox
      - mkdir -p /cache/${DRONE_REPO}/docker/ecrstorage
      - chown -R 100:101 /cache/${DRONE_REPO}/docker
      - chmod 777 /cache/${DRONE_REPO}/docker
      - chmod -R ug+rwX /cache/${DRONE_REPO}/docker
      - name: cache
        path: /cache

  - name: build container
    image: plugins/ecr
      repo: testimage
      registry: 9999.dkr.ecr.eu-west-3.amazonaws.com
      region: eu-west-3
      create_repository: true
      debug: true
      launch_debug: true
      storage_path: /cache/${DRONE_REPO}/docker
      storage_driver: overlay2
        from_secret: aws_access_key_id
        from_secret: aws_secret_access_key
      - name: cache
        path: /cache
      - Prepare caches

  - name: cache
      path: /var/cache/drone

…and the error in the logs:

time="2022-02-08T15:47:22.569049336Z" level=error msg="failed to mount overlay: operation not permitted" storage-driver=overlay2

On my build server, the directories are created, but whatever the rights given at step prepare the docker directory rights are reset at step ecr:

drwx--x--- 7 root root 4096 Feb  8 15:51 /var/cache/drone/myrepo/citests/docker/

Docker tree is created in this directory:

drwx--x--x 3 root root 4096 Feb  8 15:51 containerd
drwx--x--- 2 root root 4096 Feb  8 15:51 containers
drwx------ 4 root root 4096 Feb  8 15:51 plugins
drwx------ 2 root root 4096 Feb  8 15:51 runtimes
drwx------ 2 root root 4096 Feb  8 15:51 tmp

But then, what is the problem when trying to create the overlay storage ?
Why does it work in the default /var/lib/docker directory, but not on a volume ?

I also tried to mount my volume in /var/lib/docker (that was actually my first try), but it fails the same way.
I also tried to set a different storage_path with no volume, but it fails also. I guess because the target directory does not exist.

Here are some relevant links:


Thanks for the links!.
Apart from the privileged setting I have not found anything new in these topics…

I worked it around by using the Drone workdir for my docker-storage, ie:

storage_path: /drone/src/docker-cache