Bug 2152022

Summary: buildah: ubi8 sticky bit removed from /tmp [rhel-9.1.0.z]
Product: Red Hat Enterprise Linux 9 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: buildahAssignee: Jindrich Novy <jnovy>
Status: CLOSED ERRATA QA Contact: Joy Pu <ypu>
Severity: high Docs Contact:
Priority: unspecified    
Version: 9.2CC: atomic-bugs, bbaude, dornelas, dwalsh, fryguy9, jligon, jnovy, jwboyer, lfriedma, lsm5, mbasti, mboddu, mheon, nalin, pthomas, rseip, snanda, tsweeney, umohnani, yorgos.saslis, ypu
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: buildah-1.27.3-1.el9_1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2152001 Environment:
Last Closed: 2023-01-23 15:18:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2152001    
Bug Blocks:    

Comment 1 Tom Sweeney 2022-12-08 22:32:58 UTC
Fixed with https://github.com/containers/buildah/pull/4455 and will be contained in Buildah v1.27.3
Setting to Post and assigning to @jnovy for any further packaging and BZ needs.

Comment 8 Joy Pu 2022-12-19 08:16:43 UTC
Test with buildah-1.27.3-1.el9_1.x86_64 and the t flag still exist after build. So set this to verified.

[root@ibm-x3650m4-01-vm-07 test]# buildah bud -t sticky-test .
STEP 1/23: FROM scratch
STEP 2/23: ADD rhel-base-fs-container-8.6-2480.x86_64.tar.gz /
STEP 3/23: ADD tls-ca-bundle.pem /tmp/tls-ca-bundle.pem
STEP 4/23: ADD atomic-reactor-repos/* /etc/yum.repos.d/
STEP 5/23: LABEL maintainer="Red Hat, Inc."
STEP 6/23: LABEL com.redhat.component="ubi8-container"       name="ubi8"       version="8.6"
STEP 7/23: LABEL com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"
STEP 8/23: LABEL summary="Provides the latest release of Red Hat Universal Base Image 8."
STEP 9/23: LABEL description="The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly."
STEP 10/23: LABEL io.k8s.display-name="Red Hat Universal Base Image 8"
STEP 11/23: LABEL io.openshift.expose-services=""
STEP 12/23: LABEL io.openshift.tags="base rhel8"
STEP 13/23: ENV container oci
STEP 14/23: ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
STEP 15/23: CMD ["/bin/bash"]
STEP 16/23: RUN rm -rf /var/log/*
STEP 17/23: RUN mkdir -p /var/log/rhsm
STEP 18/23: LABEL release=1054
STEP 19/23: ADD ubi8-container-8.6-1054.json /root/buildinfo/content_manifests/ubi8-container-8.6-1054.json
STEP 20/23: ADD Dockerfile-ubi8-8.6-1054 /root/buildinfo/Dockerfile-ubi8-8.6-1054
STEP 21/23: LABEL "distribution-scope"="public" "vendor"="Red Hat, Inc." "build-date"="2022-12-19T02:04:53" "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="f1ee6e37554363ec55e0035aba1a693d3627fdeb" "io.k8s.description"="The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly." "url"="https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.6-1054"
STEP 22/23: RUN rm -f '/etc/yum.repos.d/beaker-AppStream.repo'
STEP 23/23: RUN rm -f /tmp/tls-ca-bundle.pem
COMMIT sticky-test
Getting image source signatures
Copying blob 0311e52b3df7 done  
Copying config 8450771f96 done  
Writing manifest to image destination
Storing signatures
--> 8450771f96f
Successfully tagged localhost/sticky-test:latest
8450771f96f8b33732f91dc3c53e7c13c3297617be5116a8996ec7d07c97ff0f
[root@ibm-x3650m4-01-vm-07 test]# buildah from sticky-test
sticky-test-working-container
[root@ibm-x3650m4-01-vm-07 test]# buildah run sticky-test-working-container ls -ld /tmp/
drwxrwxrwt. 2 root root 58 Dec 19 08:14 /tmp/

Comment 14 errata-xmlrpc 2023-01-23 15:18:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (buildah bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:0315