Bug 1272143 - Can't start containers that use supplemental groups but lack /etc/groups
Can't start containers that use supplemental groups but lack /etc/groups
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: docker (Show other bugs)
7.1
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Lokesh Mandvekar
atomic-bugs@redhat.com
: Extras
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-15 10:47 EDT by Lokesh Mandvekar
Modified: 2016-05-12 11:16 EDT (History)
11 users (show)

See Also:
Fixed In Version: docker-1.8.2-7.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1270529
Environment:
Last Closed: 2016-05-12 11:16:52 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lokesh Mandvekar 2015-10-15 10:47:18 EDT
+++ This bug was initially created as a clone of Bug #1270529 +++

Description of problem:

Docker can't start containers that use supplemental groups but do not have an /etc/groups file in their filesystem.  

The bug has been fixed in runc:

https://github.com/opencontainers/runc/pull/313

And there is a patch for the Red Hat docker:

https://github.com/rhatdan/docker/pull/127

Version-Release number of selected component (if applicable):

1.8

How reproducible:

Create a busybox container and set supplemental groups on it:

docker run --group-add=[123] -it busybox id -G

Actual results:

Container fails

Expected results:

Container starts and prints '123'

--- Additional comment from Fedora Update System on 2015-10-15 09:36:46 CDT ---

docker-io-1.8.2-2.gitcb216be.fc21 has been submitted as an update to Fedora 21. https://bodhi.fedoraproject.org/updates/FEDORA-2015-891d60ea2b
Comment 2 Luwen Su 2015-10-25 06:05:46 EDT
In docker-1.8.2-7.el7.x86_64,

# docker run --group-add=123 -it busybox id -G
0 10 123

move to verified
Comment 4 errata-xmlrpc 2016-05-12 11:16:52 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-1034.html

Note You need to log in before you can comment on or make changes to this bug.