Bug 1475214

Summary: package update filesystem-3.2-21.el7.x86_64 fails in el7 nspawn container because of readonly /sys
Product: Red Hat Enterprise Linux 7 Reporter: Christoph Sievers <christoph.sievers>
Component: filesystemAssignee: Ondrej Vasik <ovasik>
Status: CLOSED NOTABUG QA Contact: qe-baseos-daemons
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: christoph.sievers, mosonkonrad
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-05-14 21:12:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christoph Sievers 2017-07-26 08:07:26 UTC 
Description of problem:

trying to update filesystem-3.2-21.el7.x86_64 fails in a nspawn el7 container because of readonly /sys

Version-Release number of selected component (if applicable):

filesystem-3.2-21.el7.x86_64

How reproducible:

start nspawn container, try to yum update filesystem in that el7 container


Actual results:

  Updating   : filesystem-3.2-21.el7.x86_64                                                                                                                                                                      1/2 
Error unpacking rpm package filesystem-3.2-21.el7.x86_64
error: unpacking of archive failed on file /sys: cpio: chmod
filesystem-3.2-20.el7.x86_64 was supposed to be removed but is not!

Failed:
 filesystem.x86_64 0:3.2-20.el7 filesystem.x86_64 0:3.2-21.el7

Expected results:

updating cleanly :-)


Additional info:
Comment 2 Ondrej Vasik 2017-08-10 14:05:32 UTC 
Just as a confirmation of duplicate - is that on RHEL 6 host?
/sys is controlled by kernel - and kernel in containers is used from the host. Unfortunately, mode set by kernel changed between RHEL 6 and RHEL 7 (see #1037862) - so there is no good solution for this. It will be either broken on RHEL 6 host or on RHEL 7 host - or if I make this directory ghosted, it would show as "permissions modified" on one or other ghost - which is not perfect as well - could scare admin.
Btw. https://bugzilla.redhat.com/show_bug.cgi?id=1116516 is similar report.
Comment 3 Christoph Sievers 2017-09-18 17:00:22 UTC 
It is a rhel 7 guest but I think I caused the problem myself. I'm using nsenter and remount parts of /sys to be able to set some settings using sysctl (I know it's bad) in the container - then remounting it ro but for some reason that changes the permissions on that directory like this

drwxr-xr-x. 9 root root 180 Jul 26 15:55 /sys
Comment 4 Konrad MosoĊ„ 2018-05-14 13:11:38 UTC 
We went into same problem on "CentOS Linux release 7.5.1804 (Core)" when doing 'yum update -y' in Docker container.
Comment 5 Ondrej Vasik 2018-05-14 21:12:12 UTC 
I'll close this bz, I don't think this is an issue with filesystem package. Filesystem only owns the sys directory, it is actually being handled by kernel - 555 is now default from kernel (see #1037862).