Description of problem: skoepo inspect used to work without any problem for unprivileged user. But it fails now Version-Release number of selected component (if applicable): sh-5.0$ rpm -q skopeo skopeo-0.1.36-18.dev.git0fa335c.fc31.x86_64 How reproducible: deterministic Steps to Reproduce: 1. dnf install -y skopeo jq 2. id -u 3. skopeo inspect docker://docker.io/fedora:29 | jq . Actual results: sh-5.0$ rpm -q skopeo skopeo-0.1.36-18.dev.git0fa335c.fc31.x86_64 sh-5.0$ id -u 1000 sh-5.0$ skopeo inspect docker://docker.io/fedora:29 | jq .Labels ERRO[0000] error reading allowed ID mappings: error reading subuid mappings for user "user" and subgid mappings for group "user": No subuid ranges found for user "user" in /etc/subuid Expected results: The same as with older version sh-5.0$ id -u 1000 sh-5.0$ skopeo inspect docker://docker.io/fedora:29 | jq .Labels { "maintainer": "Clement Verna <cverna>" }
It works well on f30 [test@69fccc314fa6 ~]$ rpm -q skopeo skopeo-0.1.36-8.dev.gitd93a581.fc30.x86_64 [test@69fccc314fa6 ~]$ id -u 1000 [test@69fccc314fa6 ~]$ skopeo inspect docker://docker.io/fedora:30 | jq .Labels { "maintainer": "Clement Verna <cverna>" }
The problem is skopeo is now attempting to enter the user namespace even though it does not need to when doing an inspect or most of its other commands. We need to stop entering the UserNamespace when we are not using containers/storage.
there is PR upstream: https://github.com/containers/skopeo/pull/653
There's a fix upstream that will soon be merged and be part of the next release.
(In reply to Giuseppe Scrivano from comment #3) > there is PR upstream: https://github.com/containers/skopeo/pull/653 PR seems to be merged unless my eyes are cheating :-) Could we have a fixed version in rawhide?
FEDORA-2019-e2637b6f18 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2637b6f18
skopeo-0.1.37-0.gite079f9d.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2637b6f18
skopeo-0.1.37-0.gite079f9d.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-96f06abcec
Neither f29 nor f30 was affected by this BZ. Just rawhide. And there is not any fixed build for rawhide in koji.
skopeo-0.1.37-0.gite079f9d.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
skopeo-0.1.37-0.gite079f9d.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Neither Fedora 30 not fedora 29 wwere affected by BZ1710798. So I do not understand why it was included in bodhi updates. Moreover my coomments + negative karma was ignored.
It was a mistake to include this Bugzilla.
(In reply to Daniel Walsh from comment #13) > It was a mistake to include this Bugzilla. And is there any blocker for new build in rawhide? It would be really good to fix after a month.
I just kicked off a new build. I thought these were autobuilt, but obviously skopeo is not. I will ping Lokesh to see if he can fix this. Fixed in skopeo-0.1.38-1.dev.git565dbf3.fc31
(In reply to Daniel Walsh from comment #15) > Fixed in skopeo-0.1.38-1.dev.git565dbf3.fc31 > Thank you very much.