Bug 1710798 - skopeo inspect does not work for unprivileged user
Summary: skopeo inspect does not work for unprivileged user
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: skopeo
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Giuseppe Scrivano
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-05-16 10:54 UTC by Lukas Slebodnik
Modified: 2019-07-10 14:16 UTC (History)
8 users (show)

Fixed In Version: skopeo-0.1.37-0.gite079f9d.fc30 skopeo-0.1.37-0.gite079f9d.fc29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-07-10 14:16:00 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Lukas Slebodnik 2019-05-16 10:54:16 UTC
Description of problem:
skoepo inspect used to work without any problem for unprivileged user.
But it fails now


Version-Release number of selected component (if applicable):
sh-5.0$ rpm -q skopeo
skopeo-0.1.36-18.dev.git0fa335c.fc31.x86_64

How reproducible:
deterministic

Steps to Reproduce:
1. dnf install -y skopeo jq
2. id -u
3. skopeo inspect docker://docker.io/fedora:29 | jq .

Actual results:
sh-5.0$ rpm -q skopeo
skopeo-0.1.36-18.dev.git0fa335c.fc31.x86_64
sh-5.0$ id -u
1000
sh-5.0$ skopeo inspect docker://docker.io/fedora:29 | jq .Labels
ERRO[0000] error reading allowed ID mappings: error reading subuid mappings for user "user" and subgid mappings for group "user": No subuid ranges found for user "user" in /etc/subuid

Expected results:
The same as with older version

sh-5.0$ id -u 
1000
sh-5.0$ skopeo inspect docker://docker.io/fedora:29 | jq .Labels
{
  "maintainer": "Clement Verna <cverna>"
}

Comment 1 Lukas Slebodnik 2019-05-16 10:59:27 UTC
It works well on f30

[test@69fccc314fa6 ~]$ rpm -q skopeo
skopeo-0.1.36-8.dev.gitd93a581.fc30.x86_64

[test@69fccc314fa6 ~]$ id -u
1000

[test@69fccc314fa6 ~]$ skopeo inspect docker://docker.io/fedora:30 | jq .Labels
{
  "maintainer": "Clement Verna <cverna>"
}

Comment 2 Daniel Walsh 2019-05-16 15:15:04 UTC
The problem is skopeo is now attempting to enter the user namespace even though it does not need to when doing an inspect
or most of its other commands.

We need to stop entering the UserNamespace when we are not using containers/storage.

Comment 3 Giuseppe Scrivano 2019-05-16 15:19:15 UTC
there is PR upstream: https://github.com/containers/skopeo/pull/653

Comment 4 Valentin Rothberg 2019-05-16 15:19:38 UTC
There's a fix upstream that will soon be merged and be part of the next release.

Comment 5 Lukas Slebodnik 2019-06-06 18:54:42 UTC
(In reply to Giuseppe Scrivano from comment #3)
> there is PR upstream: https://github.com/containers/skopeo/pull/653

PR seems to be merged unless my eyes are cheating :-)

Could we have a fixed version in rawhide?

Comment 6 Fedora Update System 2019-06-15 14:12:10 UTC
FEDORA-2019-e2637b6f18 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2637b6f18

Comment 7 Fedora Update System 2019-06-16 00:54:23 UTC
skopeo-0.1.37-0.gite079f9d.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2637b6f18

Comment 8 Fedora Update System 2019-06-16 01:14:43 UTC
skopeo-0.1.37-0.gite079f9d.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-96f06abcec

Comment 9 Lukas Slebodnik 2019-06-17 08:35:26 UTC
Neither f29 nor f30 was affected by this BZ. Just rawhide.
And there is not any fixed build for rawhide in koji.

Comment 10 Fedora Update System 2019-06-24 00:56:41 UTC
skopeo-0.1.37-0.gite079f9d.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2019-06-24 10:39:45 UTC
skopeo-0.1.37-0.gite079f9d.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 12 Lukas Slebodnik 2019-06-24 12:37:50 UTC
Neither Fedora 30  not fedora 29 wwere affected by BZ1710798.
So I do not understand why it was included in bodhi updates.
Moreover my coomments + negative karma was ignored.

Comment 13 Daniel Walsh 2019-06-24 16:16:51 UTC
It was a mistake to include this Bugzilla.

Comment 14 Lukas Slebodnik 2019-06-24 17:36:27 UTC
(In reply to Daniel Walsh from comment #13)
> It was a mistake to include this Bugzilla.

And is there any blocker for new build in rawhide?
It would be really good to fix after a month.

Comment 15 Daniel Walsh 2019-06-24 18:00:01 UTC
I just kicked off a new build.  I thought these were autobuilt, but obviously skopeo is not.  I will ping Lokesh to see if he can fix this.


Fixed in skopeo-0.1.38-1.dev.git565dbf3.fc31

Comment 16 Lukas Slebodnik 2019-06-24 18:15:02 UTC
(In reply to Daniel Walsh from comment #15)
> Fixed in skopeo-0.1.38-1.dev.git565dbf3.fc31
>

Thank you very much.


Note You need to log in before you can comment on or make changes to this bug.