Bug 2152001
| Summary: | buildah: ubi8 sticky bit removed from /tmp | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Tom Sweeney <tsweeney> | |
| Component: | buildah | Assignee: | Jindrich Novy <jnovy> | |
| Status: | CLOSED ERRATA | QA Contact: | Joy Pu <ypu> | |
| Severity: | high | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 9.2 | CC: | atomic-bugs, bbaude, dornelas, dwalsh, fryguy9, jligon, jnovy, jwboyer, lfriedma, lsm5, mbasti, mboddu, mheon, nalin, pthomas, rseip, tsweeney, umohnani, yorgos.saslis, ypu | |
| Target Milestone: | rc | Keywords: | Triaged, ZStream | |
| Target Release: | --- | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | buildah-1.28.2-2.el9 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | 2141452 | |||
| : | 2152022 (view as bug list) | Environment: | ||
| Last Closed: | 2023-05-09 07:39:04 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 2141452 | |||
| Bug Blocks: | 2138434, 2152022, 2152023 | |||
|
Comment 2
Tom Sweeney
2022-12-08 21:14:56 UTC
Setting to post and assigning to @jnovy@jnovy for any further packaging or BZ needs. Test with buildah-1.28.2-2.el9.x86_64, the flag "t" exist after build, so move this to verified. [root@ibm-x3650m4-01-vm-02 test]# buildah bud -t sticky-test . STEP 1/23: FROM scratch STEP 2/23: ADD rhel-base-fs-container-8.6-2480.x86_64.tar.gz / STEP 3/23: ADD tls-ca-bundle.pem /tmp/tls-ca-bundle.pem STEP 4/23: ADD atomic-reactor-repos/* /etc/yum.repos.d/ STEP 5/23: LABEL maintainer="Red Hat, Inc." STEP 6/23: LABEL com.redhat.component="ubi8-container" name="ubi8" version="8.6" STEP 7/23: LABEL com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" STEP 8/23: LABEL summary="Provides the latest release of Red Hat Universal Base Image 8." STEP 9/23: LABEL description="The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly." STEP 10/23: LABEL io.k8s.display-name="Red Hat Universal Base Image 8" STEP 11/23: LABEL io.openshift.expose-services="" STEP 12/23: LABEL io.openshift.tags="base rhel8" STEP 13/23: ENV container oci STEP 14/23: ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin STEP 15/23: CMD ["/bin/bash"] STEP 16/23: RUN rm -rf /var/log/* STEP 17/23: RUN mkdir -p /var/log/rhsm STEP 18/23: LABEL release=1054 STEP 19/23: ADD ubi8-container-8.6-1054.json /root/buildinfo/content_manifests/ubi8-container-8.6-1054.json STEP 20/23: ADD Dockerfile-ubi8-8.6-1054 /root/buildinfo/Dockerfile-ubi8-8.6-1054 STEP 21/23: LABEL "distribution-scope"="public" "vendor"="Red Hat, Inc." "build-date"="2022-12-19T02:04:53" "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="f1ee6e37554363ec55e0035aba1a693d3627fdeb" "io.k8s.description"="The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly." "url"="https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.6-1054" STEP 22/23: RUN rm -f '/etc/yum.repos.d/beaker-AppStream.repo' STEP 23/23: RUN rm -f /tmp/tls-ca-bundle.pem COMMIT sticky-test Getting image source signatures Copying blob 9d0d989baa4f done Copying config bbc9d0b721 done Writing manifest to image destination Storing signatures --> bbc9d0b721c Successfully tagged localhost/sticky-test:latest bbc9d0b721c79883b4c5b999615eab93846803406e09a438adb7ecaef4f90e1b [root@ibm-x3650m4-01-vm-02 test]# buildah from sticky-test sticky-test-working-container [root@ibm-x3650m4-01-vm-02 test]# buildah run sticky-test-working-container ls -ld /tmp/ drwxrwxrwt. 2 root root 58 Dec 29 03:17 /tmp/ Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: buildah security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:2253 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: buildah security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:2253 |