Bug 1962080

Summary: Containers with new glibc don't see / as executable
Product: Red Hat Enterprise Linux 7 Reporter: Vratislav Podzimek <v.podzimek+fedora>
Component: buildahAssignee: Tom Sweeney <tsweeney>
Status: CLOSED DUPLICATE QA Contact: atomic-bugs <atomic-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.9CC: dwalsh, fweimer, jnovy, jpazdziora, kdudka, lsm5, nalin, tsweeney, umohnani
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-19 15:20:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vratislav Podzimek 2021-05-19 09:34:56 UTC 
Description of problem:

$ c=$(buildah from fedora:34)
$ buildah run $c /bin/bash
# test -x /
# echo $?
1
# exit


Version-Release number of selected component (if applicable):
buildah-1.11.6-12.el7_9.x86_64

(glibc-2.33-8.fc34.x86_64 in the container)

How reproducible:
100%

Additional info:
Please note that the 'test -x /' check is what autotools do to check if they have a "sane environment". So this breaks all autotools-based builds in new containers running on RHEL 7.

I believe this is a duplicate of #1908281, but I'm not 100% sure newer libseccomp will fix the issue on its own.
Comment 3 Florian Weimer 2021-05-19 13:49:15 UTC 
The runc fix for this is here: https://github.com/opencontainers/runc/pull/2750
Comment 4 Jindrich Novy 2021-05-19 15:20:06 UTC 

*** This bug has been marked as a duplicate of bug 1961206 ***