RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1803495 - useradd and groupadd fail under rootless Buildah and podman [stream-container-tools-rhel8-rhel-8.1.1]
Summary: useradd and groupadd fail under rootless Buildah and podman [stream-container...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: fuse-overlayfs
Version: 8.1
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: 8.1
Assignee: Jindrich Novy
QA Contact: atomic-bugs@redhat.com
URL:
Whiteboard:
Depends On:
Blocks: 1186913 1734578 1802907
TreeView+ depends on / blocked
 
Reported: 2020-02-16 12:40 UTC by Jindrich Novy
Modified: 2023-09-07 21:53 UTC (History)
11 users (show)

Fixed In Version: fuse-overlayfs-0.7.2-5.module+el8.1.1+6114+953c5a57
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-07 10:31:28 UTC
Type: ---
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
patch for stream-container-tools-rhel8-rhel-8.1.1 (7.79 KB, patch)
2020-03-25 15:43 UTC, Giuseppe Scrivano 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:1379 0 None None None 2020-04-07 10:31:51 UTC

Description Jindrich Novy 2020-02-16 12:40:39 UTC 
This is a tracking bug assuring the fix for bug #1802907 gets applied in stream-container-tools-rhel8-rhel-8.1.1 branch of fuse-overlayfs.
Comment 2 Laurie Friedman 2020-02-17 14:24:27 UTC 
Setting exception+ because everything that goes into 8.1.1 / 8.1.1.z requires exception plus.  It is before 8.1.1.3 dev freeze so it is OK to add this bug fix.
Comment 3 Laurie Friedman 2020-02-17 14:27:23 UTC 
Clearing ITR.  This fix is going into 8.1.1.3 so only ZTR should be set.
Comment 17 Alex Jia 2020-03-25 10:56:25 UTC 
Still failed in fuse-overlayfs-0.7.2-4.module+el8.1.1+6101+69ae647f.x86_64

[foo@hpe-dl380pgen8-02-vm-10 ~]$ buildah bud -t sleepy:rhel8.1 sleepy-container
---------------------8<---------------------
STEP 10: ADD sleepy /usr/local/bin
STEP 11: ADD sleepy.conf /etc
STEP 12: RUN groupadd -r ${SRVGRP} || true
groupadd: /etc/group.6: lock file already used
groupadd: cannot lock /etc/group; try again later.
STEP 13: RUN useradd -r -g ${SRVGRP} ${SRVUSR} || true
useradd: group 'sleepy' does not exist
STEP 14: RUN chmod +x /usr/local/bin/sleepy || true
STEP 15: RUN chown root:${SRVGRP} /etc/sleepy.conf ; chmod 640 /etc/sleepy.conf || true
chown: invalid group: 'root:sleepy'
STEP 16: RUN mkdir /var/local/sleepy
STEP 17: RUN chmod 2750 /var/local/sleepy && chown ${SRVUSR}:${SRVGRP} /var/local/sleepy || true
chown: invalid user: 'sleepy:sleepy'
STEP 18: RUN ${YUM} install procps-ng iproute nmap-ncat
---------------------8<---------------------

[foo@hpe-dl380pgen8-02-vm-10 ~]$ rpm -q fuse-overlayfs buildah
fuse-overlayfs-0.7.2-4.module+el8.1.1+6101+69ae647f.x86_64
buildah-1.11.6-6.module+el8.1.1+5865+cc793d95.x86_64
Comment 20 Tom Sweeney 2020-03-25 15:38:13 UTC 
Giuseppe to provide new patch shortly.
Comment 21 Giuseppe Scrivano 2020-03-25 15:43:51 UTC 
Created attachment 1673560 [details]
patch for stream-container-tools-rhel8-rhel-8.1.1
Comment 23 Alex Jia 2020-03-27 05:15:05 UTC 
Verified in fuse-overlayfs-0.7.2-5.module+el8.1.1+6114+953c5a57.x86_64.

[ajia@atomic-host-test-4109 ~]$ buildah bud -t sleepy:rhel8.1 sleepy-container
STEP 1: FROM registry.access.redhat.com/ubi8/ubi
Getting image source signatures
Copying blob 941e1e2b31a8 done
Copying blob 0bb54aa5e977 done
Copying config 0c46e5c7a8 done
Writing manifest to image destination
Storing signatures
STEP 2: USER root
STEP 3: ENV SRVUSR=sleepy
STEP 4: ENV SRVGRP=sleepy
STEP 5: LABEL maintainer="Me <me>"
STEP 6: LABEL description="A trivial Dockerfile to reproduce failure to add service users in rootless buildah/podman"
STEP 7: LABEL io.k8s.description="A trivial Dockerfile to reproduce failure to add service users in rootless buildah/podman"
STEP 8: LABEL io.k8s.dispaly-name="User fail on RHEL UBI 8"
STEP 9: ENV YUM="yum -y --disablerepo=rhel*"
STEP 10: ADD sleepy /usr/local/bin
STEP 11: ADD sleepy.conf /etc
STEP 12: RUN groupadd -r ${SRVGRP} || true
STEP 13: RUN useradd -r -g ${SRVGRP} ${SRVUSR} || true
STEP 14: RUN chmod +x /usr/local/bin/sleepy || true
STEP 15: RUN chown root:${SRVGRP} /etc/sleepy.conf ; chmod 640 /etc/sleepy.conf || true
STEP 16: RUN mkdir /var/local/sleepy
STEP 17: RUN chmod 2750 /var/local/sleepy && chown ${SRVUSR}:${SRVGRP} /var/local/sleepy || true
---------------------8<---------------------

[ajia@atomic-host-test-4109 ~]$ podman run -dt --rm --name sleepy sleepy:rhel8.1
76c39498dc8b6eb036bc2f4c537544234b53254423dbeda8cf897bae8de2033a

[ajia@atomic-host-test-4109 ~]$ podman ps
CONTAINER ID  IMAGE                     COMMAND  CREATED        STATUS            PORTS  NAMES
76c39498dc8b  localhost/sleepy:rhel8.1           4 seconds ago  Up 3 seconds ago         sleepy
STEP 18: RUN ${YUM} install procps-ng iproute nmap-ncat

[ajia@atomic-host-test-4109 ~]$ rpm -q fuse-overlayfs buildah podman
fuse-overlayfs-0.7.2-5.module+el8.1.1+6114+953c5a57.x86_64
buildah-1.11.6-6.module+el8.1.1+5865+cc793d95.x86_64
podman-1.6.4-4.module+el8.1.1+5885+44006e55.x86_64
Comment 25 errata-xmlrpc 2020-04-07 10:31:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1379
Note You need to log in before you can comment on or make changes to this bug.