Bug 1764152

Summary: Cannot run `ls -l` in docker container with new coreutils
Product: [Fedora] Fedora Reporter: Matej Marušák <mmarusak>
Component: coreutilsAssignee: Kamil Dudka <kdudka>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 30CC: admiller, jamartis, jarodwilson, kdudka, kzak, mpitt, ooprala, ovasik, p, sebastian.kisela, svashisht, twaugh
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: coreutils-8.31-6.fc30 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-25 17:01:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matej Marušák 2019-10-22 11:26:29 UTC
Description of problem:
Using docker in centos7/rhel7 and trying to run image that only uses base Fedora 30 image and updates coreutils, fails with `Operation not permitted` on coreutils executables (like `ls` or `stat`).

Note: I am not sure if this is Fedora coreutils problem or rhel docker problem. If it belongs somewhere else, I'll gladly move it to rhel.

Version-Release number of selected component (if applicable):
On the system: `docker-1.13.1-103.git7f2769b.el7.centos.x86_64`
In the container: `coreutils-8.31-5.fc30.x86_64`


How reproducible:
Prepare simple docker image on CentOs7, run as simple command as `ls /`.
The same is also reproducible on RHEL 7 machine (same version of Docker).


Steps to Reproduce:
1.
$ cat Dockerfile 
FROM fedora:30
RUN dnf -y update coreutils
2. sudo docker build
3. sudo docker run -it --rm <build image> ls /

Actual results:
ls: cannot access '/': Operation not permitted


Expected results:
Just list all in `/`


Additional info:
Interestingly enough, `ls` without any arguments works just fine. `ls /` and `ls .` do not, even though that `ls` == `ls /` == `ls .` `ls -l` has some weird output.
```
sudo docker run -it --rm def0f9545f98 ls -l
ls: cannot access 'bin': Operation not permitted
ls: cannot access 'boot': Operation not permitted
ls: cannot access 'dev': Operation not permitted
ls: cannot access 'etc': Operation not permitted
ls: cannot access 'home': Operation not permitted
ls: cannot access 'lib': Operation not permitted
ls: cannot access 'lib64': Operation not permitted
ls: cannot access 'lost+found': Operation not permitted
ls: cannot access 'media': Operation not permitted
ls: cannot access 'mnt': Operation not permitted
ls: cannot access 'opt': Operation not permitted
ls: cannot access 'proc': Operation not permitted
ls: cannot access 'root': Operation not permitted
ls: cannot access 'run': Operation not permitted
ls: cannot access 'sbin': Operation not permitted
ls: cannot access 'srv': Operation not permitted
ls: cannot access 'sys': Operation not permitted
ls: cannot access 'tmp': Operation not permitted
ls: cannot access 'usr': Operation not permitted
ls: cannot access 'var': Operation not permitted
total 0
l????????? ? ? ? ?            ? bin
d????????? ? ? ? ?            ? boot
d????????? ? ? ? ?            ? dev
d????????? ? ? ? ?            ? etc
d????????? ? ? ? ?            ? home
l????????? ? ? ? ?            ? lib
l????????? ? ? ? ?            ? lib64
d????????? ? ? ? ?            ? lost+found
d????????? ? ? ? ?            ? media
d????????? ? ? ? ?            ? mnt
d????????? ? ? ? ?            ? opt
d????????? ? ? ? ?            ? proc
d????????? ? ? ? ?            ? root
d????????? ? ? ? ?            ? run
l????????? ? ? ? ?            ? sbin
d????????? ? ? ? ?            ? srv
d????????? ? ? ? ?            ? sys
d????????? ? ? ? ?            ? tmp
d????????? ? ? ? ?            ? usr
d????????? ? ? ? ?            ? var
```

Comment 1 Kamil Dudka 2019-10-22 13:52:09 UTC
Thank you for reporting the bug!  This change that triggered it is already reverted in coreutils-8.31-6.fc30.

Comment 2 Fedora Update System 2019-10-22 13:52:35 UTC
FEDORA-2019-566ad52d5e has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-566ad52d5e

Comment 3 Fedora Update System 2019-10-25 17:01:41 UTC
coreutils-8.31-6.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.