Bug 1962080

Summary:	Containers with new glibc don't see / as executable
Product:	Red Hat Enterprise Linux 7	Reporter:	Vratislav Podzimek <v.podzimek+fedora>
Component:	buildah	Assignee:	Tom Sweeney <tsweeney>
Status:	CLOSED DUPLICATE	QA Contact:	atomic-bugs <atomic-bugs>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	7.9	CC:	dwalsh, fweimer, jnovy, jpazdziora, kdudka, lsm5, nalin, tsweeney, umohnani
Target Milestone:	rc	Keywords:	Extras
Target Release:	---	Flags:	pm-rhel: mirror+
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-05-19 15:20:06 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Vratislav Podzimek 2021-05-19 09:34:56 UTC

Description of problem:

$ c=$(buildah from fedora:34)
$ buildah run $c /bin/bash
# test -x /
# echo $?
1
# exit


Version-Release number of selected component (if applicable):
buildah-1.11.6-12.el7_9.x86_64

(glibc-2.33-8.fc34.x86_64 in the container)

How reproducible:
100%

Additional info:
Please note that the 'test -x /' check is what autotools do to check if they have a "sane environment". So this breaks all autotools-based builds in new containers running on RHEL 7.

I believe this is a duplicate of #1908281, but I'm not 100% sure newer libseccomp will fix the issue on its own.

Comment 3 Florian Weimer 2021-05-19 13:49:15 UTC

The runc fix for this is here: https://github.com/opencontainers/runc/pull/2750

Comment 4 Jindrich Novy 2021-05-19 15:20:06 UTC


*** This bug has been marked as a duplicate of bug 1961206 ***