Description of problem: The installation of filesystem-3.12-1.fc31 fails on unpacking. Version-Release number of selected component (if applicable): toolbox-0.0.10-1.fc30.noarch How reproducible: always Steps to Reproduce: 1.enter into rawhide container 2.dnf install filesystem 3. Actual results: $ sudo dnf install filesystem Last metadata expiration check: 1:13:14 ago on Mon 24 Jun 2019 04:33:28 AM UTC. Dependencies resolved. ======================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================== Installing: filesystem x86_64 3.12-1.fc31 rawhide 1.1 M Transaction Summary ======================================================================================================================== Install 1 Package Total download size: 1.1 M Installed size: 0 Is this ok [y/N]: y Downloading Packages: filesystem-3.12-1.fc31.x86_64.rpm 303 kB/s | 1.1 MB 00:03 ------------------------------------------------------------------------------------------------------------------------ Total 217 kB/s | 1.1 MB 00:05 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Running scriptlet: filesystem-3.12-1.fc31.x86_64 1/1 Preparing : 1/1 Installing : filesystem-3.12-1.fc31.x86_64 1/1 Error unpacking rpm package filesystem-3.12-1.fc31.x86_64 error: unpacking of archive failed on file /media: cpio: chown Verifying : filesystem-3.12-1.fc31.x86_64 1/1 Failed: filesystem-3.12-1.fc31.x86_64 Error: Transaction failed Expected results: no errors happens. Additional info:
What does /etc/subuid and /etc/subgid say on your host?
$ cat /etc/subuid tagoh:100000:65536 test:165536:65536 $ cat /etc/subgid tagoh:100000:65536 test:165536:65536
(In reply to Akira TAGOH from comment #0) > Error unpacking rpm package filesystem-3.12-1.fc31.x86_64 > error: unpacking of archive failed on file /media: cpio: chown I had a chat with Giuseppe in #podman, and this is caused by the package trying to chown /media, which is owned by nobody:nobody, inside the container. It's nobody:nobody because it's bind mounted in from the host, where it's owned by the real root on the host, which isn't available inside the container. Looking at the error message, it looks pretty obvious now. Silly me. Sadly this is an unsolved problem at the moment. You will have this problem in any rootless OCI container where an RPM tries to chown such a directory. :(
See also bug 1548403 - is it only Rawhide??
(In reply to Jens Petersen from comment #4) > See also bug 1548403 - is it only Rawhide?? Rootless Docker became a reality very recently. So if that's what's being used there, the problem looks the same.
Reassigning to Podman because it's really an underlying container tooling issue. One idea that Giuseppe had was to get Podman to use seccomp and ebpf to intercept select system calls to avoid failures like these.
there is not much we can do at the moment. As Debarshi said, rpm tries to chown files that are owned by root on the host and that is not allowed by the kernel. You could file a bug with rpm. It could skip chowning /proc and /sys when running in a user namespace.
This message is a reminder that Fedora 32 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 32 on 2021-05-25. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '32'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 32 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 32 changed to end-of-life (EOL) status on 2021-05-25. Fedora 32 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.
> You could file a bug with rpm. It could skip chowning /proc and /sys when running in a user namespace. How does one detect running in a user namespace?
$ cat /proc/self/uid_map 0 0 4294967295 $ cat /proc/self/gid_map 0 0 4294967295 If the content of these files is different than "0 0 4294967295" then you are running in a user namespace where the root user is not mapped to root in the initial user namespace.
This was fixed recently in toolbox >= 0.0.99.3 in Fedora >= 34.