Bug 2094875

Summary: podman not being able to mount devices during podman build
Product: Red Hat Enterprise Linux 8 Reporter: Harsh Modi <hmodi>
Component: podmanAssignee: Jindrich Novy <jnovy>
Status: CLOSED ERRATA QA Contact: Joy Pu <ypu>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 8.5CC: arajan, bbaude, dornelas, dwalsh, jligon, jnovy, lsm5, mbasti, mheon, pkopriva, pthomas, tsweeney, umohnani, ypu
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: podman-4.1.1-6.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-11-08 09:15:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Harsh Modi 2022-06-08 14:12:26 UTC 
Description of problem:
Podman is not able to mount devices for `podman build` however it does so for `podman run`. In OSBS 2.0 we need `podman-remote build` to be able to mount devices for supporting flatpak builds.

We filed https://github.com/containers/buildah/issues/4002 to get the problem fix and it is fixed upstream we need to get it backported to RHEL 8 so that we can use it for our builders that run on RHEL 8.

Version-Release number of selected component (if applicable):
podman-3.4.2

How reproducible:
Always

Steps to Reproduce:
1.Try `podman build --no-cache --device=/dev/null:/var/tmp/flatpak-build/dev/null`
2.
3.

Actual results:
Renaming devices is not allowed for rootless containers. Device not available at `/var/tmp/flatpak-build/dev/null`

Expected results:
Device available at `/var/tmp/flatpak-build/dev/null`

Additional info:
Previous we built using docker which had higher privileges and we were able to `cp -a /dev/null /var/tmp/flatpak-build/dev/null` but in rootless podman it's not possible so we need to mount it.

We also tried mounting the devices using ``podman build --no-cache --volume=/dev/null:/var/tmp/flatpak-build/dev/null` but that doesn't work for use since we build for different architectures using `podman-remote` and `podman-remote` doesn't do anything for `podman-remote --remote --connection podman-connection build --no-cache --volume=/dev/null:/var/tmp/flatpak-build/dev/null`.
Comment 1 Tom Sweeney 2022-06-08 20:09:51 UTC 
This will be fixed in Podman v4.1.1, which will be available in RHEL 8.6.0.2 in early August.  @dornelas thoughts on doing a backport?  At this point with RHEL 8.5, I think we could only do a hotfix and, if so, we'd need a strong business reason for doing so.
Comment 20 Joy Pu 2022-07-22 15:19:37 UTC 
Can reproduce podman-4.1.0-3.module+el8.7.0+15271+4011683a.x86_64:
[test@kvm-04-guest03 ~]$ podman build --no-cache --device=/dev/null:/var/tmp/flatpak-build/dev/null .
Error: error creating build executor: Renaming device /dev/null to /var/tmp/flatpak-build/dev/null is not supported in rootless containers

And test with podman-4.1.1-6.module+el8.7.0+15895+a6753917.x86_64. It works as expected. So set this to verified. Details:
[test@dell-per430-27 ~]$ podman build --no-cache --device=/dev/null:/var/tmp/flatpak-build/dev/null .
STEP 1/3: FROM quay.io/libpod/busybox
STEP 2/3: RUN ls -l /var/tmp/flatpak-build/dev/
total 0
crw-rw-rw-    1 nobody   nobody      1,   3 Jul 19 12:23 null
--> 56ca0e7f4d3
STEP 3/3: RUN echo hello > /var/tmp/flatpak-build/dev/null
COMMIT
--> 5cbc2e31b92
5cbc2e31b928401445190a7af44777c55b1988235f284f276415deee5449331d
Comment 22 errata-xmlrpc 2022-11-08 09:15:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: container-tools:rhel8 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7457