Bug 1765469
Summary: | rootless buildah does not work with UID in /etc/subuid | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Christoph Karl <christoph.karl> |
Component: | buildah | Assignee: | Giuseppe Scrivano <gscrivan> |
Status: | CLOSED ERRATA | QA Contact: | atomic-bugs <atomic-bugs> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 7.7 | CC: | ahogbin, ajia, ddarrah, dornelas, dwalsh, gscrivan, jnovy, lsm5, nalin, pthomas, tsweeney, umohnani, ypu |
Target Milestone: | rc | Keywords: | Extras |
Target Release: | 7.8 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | buildah-1.11.3-1 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-01 00:26:38 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1186913, 1744505 |
Description
Christoph Karl
2019-10-25 07:46:24 UTC
Cristoph thanks for the BZ. As you surmised we're currently only supporting a username/groupname in those files and not UID/GID. We'll take a look at fixing that. Works in upstream $ buildah version Version: 1.11.3 Go Version: go1.13 Image Spec: 1.0.1-dev Runtime Spec: 1.0.1-dev CNI Spec: 0.4.0 libcni Version: Git Commit: Built: Wed Dec 31 19:00:00 1969 OS/Arch: linux/amd64 cat /etc/subuid 3267:100000:65536 ashleycui:200000:65536 containers:2147483646:2147483648 test1:165536:4000 $ buildah unshare cat /proc/self/uid_map 0 3267 1 1 100000 65536 Fixed in Buildah 1.11.3 Dan or Giuseppe can you handle the name space value limits? I think those are higher than we handle, but I'm not sure. Verified in buildah-1.11.6-6.el7_8.x86_64. [ajia@kvm-08-guest07 ~]$ id uid=1001(ajia) gid=1001(ajia) groups=1001(ajia) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [ajia@kvm-08-guest07 ~]$ buildah unshare cat /proc/self/uid_map 0 1001 1 1 165536 65536 [ajia@kvm-08-guest07 ~]$ cat /etc/subuid test:100000:65536 ajia:165536:65536 [ajia@kvm-08-guest07 ~]$ buildah from ubi8 Getting image source signatures Copying blob eae5d284042d done Copying blob ff6f434a470a done Copying config fd73e6738a done Writing manifest to image destination Storing signatures ubi8-working-container [ajia@kvm-08-guest07 ~]$ buildah images|grep ubi8 registry.access.redhat.com/ubi8 latest fd73e6738a95 4 weeks ago 239 MB [ajia@kvm-08-guest07 ~]$ buildah containers CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME 182b99ea0005 * fd73e6738a95 registry.access.redhat.com/ub... ubi8-working-container [ajia@kvm-08-guest07 ~]$ buildah run ubi8-working-container ls bin boot dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var [ajia@kvm-08-guest07 ~]$ buildah version Version: 1.11.6 Go Version: go1.12.12 Image Spec: 1.0.1-dev Runtime Spec: 1.0.1-dev CNI Spec: 0.4.0 libcni Version: image Version: 5.0.0 Git Commit: Built: Wed Dec 31 19:00:00 1969 OS/Arch: linux/amd64 [ajia@kvm-08-guest07 ~]$ buildah info { "host": { "CgroupVersion": "v1", "Distribution": { "distribution": "\"rhel\"", "version": "7.8" }, "MemTotal": 3973427200, "MenFree": 1819844608, "OCIRuntime": "runc", "SwapFree": 4049514496, "SwapTotal": 4160745472, "arch": "amd64", "cpus": 2, "hostname": "xxx.redhat.com", "kernel": "3.10.0-1127.el7.x86_64", "os": "linux", "rootless": true, "uptime": "120h 10m 9.49s (Approximately 5.00 days)" }, "store": { "ContainerStore": { "number": 1 }, "GraphDriverName": "overlay", "GraphOptions": [ "overlay.mount_program=/usr/bin/fuse-overlayfs" ], "GraphRoot": "/home/ajia/.local/share/containers/storage", "GraphStatus": { "Backing Filesystem": "xfs", "Native Overlay Diff": "false", "Supports d_type": "true", "Using metacopy": "false" }, "ImageStore": { "number": 4 }, "RunRoot": "/run/user/1001" } } Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1231 |