STEP 10: RUN rpm-file-permissions && useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin -c "Default Application User" default && chown -R 1001:0 ${APP_ROOT} useradd: /etc/passwd.355: lock file already used useradd: cannot lock /etc/passwd; try again later. subprocess exited with status 1 subprocess exited with status 1 It works fine if i manually clone https://github.com/sclorg/s2i-base-container.git, cd into 'core' directory, and run: buildah bud --tls-verify=false --no-cache -f Dockerfile.rhel8 -t image-registry.openshift-image-registry.svc:5000/custom-images/s2i-custom-core:latest . Here is my ClusterTask for buildah: apiVersion: tekton.dev/v1alpha1 kind: ClusterTask metadata: name: buildah spec: inputs: params: - name: BUILDER_IMAGE description: The location of the buildah builder image. default: "quay.io/buildah/stable:latest" - name: TLSVERIFY description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) default: "true" - name: contextDir description: the context dir within source default: "." - name: dockerFile description: the docker file to used for building the application default: "Dockerfile" resources: - name: source type: git outputs: resources: - name: image type: image steps: - name: build image: $(inputs.params.BUILDER_IMAGE) workingDir: /workspace/source/$(inputs.params.contextDir) command: ['buildah', 'bud', '--isolation', 'chroot', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '$(inputs.params.dockerFile)', '-t', '$(outputs.resources.image.url)', '.'] volumeMounts: - name: varlibcontainers mountPath: /var/lib/containers securityContext: privileged: true - name: push image: $(inputs.params.BUILDER_IMAGE) workingDir: /workspace/source command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)'] volumeMounts: - name: varlibcontainers mountPath: /var/lib/containers securityContext: privileged: true volumes: - name: varlibcontainers emptyDir: {}