1845168 – buildah error lsetfilecon Operation not supported

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1845168 - buildah error lsetfilecon Operation not supported

Summary: buildah error lsetfilecon Operation not supported

Keywords:
Status:	CLOSED DUPLICATE of bug 1777502
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	rpm
Sub Component:
Version:	8.2
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Packaging Maintenance Team
QA Contact:	swm-qe
Docs Contact:
URL:
Whiteboard:
Depends On:	1772377
Blocks:
TreeView+	depends on / blocked

Reported:	2020-06-08 14:59 UTC by Derrick Ornelas
Modified:	2020-06-15 11:33 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1772377
Environment:
Last Closed:	2020-06-15 11:33:46 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	containers buildah issues 1983	0	None	closed	buildah throws lots of errors lsetfilecon Operation not supported	2020-08-18 21:01:59 UTC

Description Derrick Ornelas 2020-06-08 14:59:25 UTC

+++ This bug was initially created as a clone of Bug #1772377 +++

Description of problem:
buildah form scratch spits out a lot of errors similar to:
error: lsetfilecon: (/usr/share/man/man8/rtacct.8.gz;5dcd1986, system_u:object_r:man_t:s0) Operation not supported

setting virt_sandbox_use_fusefs on or off selinux boolean has no affect.

Version-Release number of selected component (if applicable):buildah-1.11.4-2.fc31.x86_64


How reproducible: all the time


Steps to Reproduce:
1.buildah unshare bash fedora-31-base.sh
  the buildah script is in the attachment;

Actual results:
the resulting image runs fine but the error messages are annoying and perhaps indication for missconfiguration 

Expected results:

no error messages in the output
Additional info: fresh install of f31

--- Additional comment from llegolas on 2019-11-14 04:47:40 EST ---

I am pretty sure the same script run w/o the err on f30

--- Additional comment from Daniel Walsh on 2019-11-16 16:28:25 EST ---

This looks like the issue is the dnf command is attempting to put down SELinux labels within the rootfs.  And this must be on a file system that does not support labels?

--- Additional comment from Daniel Walsh on 2019-11-16 16:28:57 EST ---

BTW this line
buildah commit $container fedora-29-base

needs to be updated in your script.

--- Additional comment from llegolas on 2019-11-16 17:59:13 EST ---

The containers/storage.conf has overlay as driver. The underlying fs (my $HOME) is ext4 but it behaves the same on XFS on my other system. Both are mounted with default fedora flags.
As for the script - indeed it needs update.

--- Additional comment from llegolas on 2019-11-21 05:02:30 EST ---

I managed to narrow it a bit down.
the script from above works fine on vanilla f29 and f30 (both updated to the latest as of today).
It breaks with f31 booted with both f30 and f31 kernels kernel-core-5.3.11-100.fc29.x86_64 and kernel-core-5.3.11-300.fc31.x86_64 respectively.

Seem like problem is somewhere in userspace.

Comment 1 Derrick Ornelas 2020-06-08 15:11:46 UTC

I'm seeing this on RHEL 8.2 as well.

# cat build.sh 
CTR=$(buildah from scratch)
CTR_ROOT=$(buildah mount $CTR)
yum install --installroot $CTR_ROOT coreutils-single glibc-minimal-langpack --releasever 8 --setopt install_weak_deps=false --setopt cachedir=/var/cache/dnf --nodocs -y
buildah config --cmd /bin/bash $CTR
buildah commit $CTR ubi8-micro
buildah rm $CTR


# ./build.sh 
[...]

  Installing       : coreutils-single-8.30-6.el8_1.1.x86_64                                                                                               18/18 
error: lsetfilecon: (/usr/bin/[;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/arch;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/b2sum;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/base32;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/base64;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/basename;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/cat;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/chcon;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/chgrp;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/chmod;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/chown;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/cksum;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/comm;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/coreutils;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/cp;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/csplit;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/cut;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/date;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/dd;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/df;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/dir;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/dircolors;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/dirname;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/du;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/echo;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/env;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/expand;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/expr;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/factor;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/false;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/fmt;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/fold;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/groups;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/head;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/hostid;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/id;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/install;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/join;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/link;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/ln;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/logname;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/ls;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/md5sum;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/mkdir;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/mkfifo;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/mknod;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/mktemp;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/mv;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/nice;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/nl;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/nohup;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/nproc;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/numfmt;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/od;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/paste;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/pathchk;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/pinky;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/pr;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/printenv;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/printf;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/ptx;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/pwd;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/readlink;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/realpath;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/rm;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/rmdir;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/runcon;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/seq;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/sha1sum;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/sha224sum;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/sha256sum;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/sha384sum;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/sha512sum;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/shred;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/shuf;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/sleep;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/sort;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/split;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/stat;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/stdbuf;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/stty;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/sum;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/sync;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/tac;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/tail;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/tee;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/test;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/timeout;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/touch;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/tr;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/true;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/truncate;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/tsort;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/tty;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/uname;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/unexpand;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/uniq;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/unlink;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/users;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/vdir;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/wc;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/who;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/whoami;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/bin/yes;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/lib/.build-id, system_u:object_r:lib_t:s0) Operation not supported
error: lsetfilecon: (/usr/lib/.build-id/62/10f9e8583f24da3f48f739f640e8f32811be56;5ede512a, system_u:object_r:lib_t:s0) Operation not supported
error: lsetfilecon: (/usr/lib/.build-id/e0/ebb8a833edea82345ef068ffa971a2d98d6122;5ede512a, system_u:object_r:lib_t:s0) Operation not supported
error: lsetfilecon: (/usr/libexec/coreutils, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/libexec/coreutils/libstdbuf.so;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/sbin/chroot;5ede512a, system_u:object_r:bin_t:s0) Operation not supported
error: lsetfilecon: (/usr/share/licenses/coreutils-single, system_u:object_r:usr_t:s0) Operation not supported
error: lsetfilecon: (/usr/share/licenses/coreutils-single/COPYING;5ede512a, system_u:object_r:usr_t:s0) Operation not supported

  Running scriptlet: filesystem-3.8-2.el8.x86_64                                                                                                          18/18 
  Running scriptlet: glibc-common-2.28-101.el8.x86_64                                                                                                     18/18 
  Verifying        : filesystem-3.8-2.el8.x86_64                                                                                                           1/18 
  Verifying        : libattr-2.4.48-3.el8.x86_64                                                                                                           2/18 
  Verifying        : ncurses-libs-6.1-7.20180224.el8.x86_64                                                                                                3/18 
  Verifying        : ncurses-base-6.1-7.20180224.el8.noarch                                                                                                4/18 
  Verifying        : libacl-2.2.53-1.el8.x86_64                                                                                                            5/18 
  Verifying        : basesystem-11-5.el8.noarch                                                                                                            6/18 
  Verifying        : pcre2-10.32-1.el8.x86_64                                                                                                              7/18 
  Verifying        : bash-4.4.19-10.el8.x86_64                                                                                                             8/18 
  Verifying        : libsepol-2.9-1.el8.x86_64                                                                                                             9/18 
  Verifying        : glibc-2.28-101.el8.x86_64                                                                                                            10/18 
  Verifying        : coreutils-single-8.30-6.el8_1.1.x86_64                                                                                               11/18 
  Verifying        : libcap-2.26-3.el8.x86_64                                                                                                             12/18 
  Verifying        : glibc-common-2.28-101.el8.x86_64                                                                                                     13/18 
  Verifying        : libselinux-2.9-3.el8.x86_64                                                                                                          14/18 
  Verifying        : glibc-minimal-langpack-2.28-101.el8.x86_64                                                                                           15/18 
  Verifying        : setup-2.12.2-5.el8.noarch                                                                                                            16/18 
  Verifying        : redhat-release-8.2-1.0.el8.x86_64                                                                                                    17/18 
  Verifying        : tzdata-2020a-1.el8.noarch                                                                                                            18/18 
Installed products updated.

Installed:
  basesystem-11-5.el8.noarch              bash-4.4.19-10.el8.x86_64               coreutils-single-8.30-6.el8_1.1.x86_64      filesystem-3.8-2.el8.x86_64       
  glibc-2.28-101.el8.x86_64               glibc-common-2.28-101.el8.x86_64        glibc-minimal-langpack-2.28-101.el8.x86_64  libacl-2.2.53-1.el8.x86_64        
  libattr-2.4.48-3.el8.x86_64             libcap-2.26-3.el8.x86_64                libselinux-2.9-3.el8.x86_64                 libsepol-2.9-1.el8.x86_64         
  ncurses-base-6.1-7.20180224.el8.noarch  ncurses-libs-6.1-7.20180224.el8.x86_64  pcre2-10.32-1.el8.x86_64                    redhat-release-8.2-1.0.el8.x86_64 
  setup-2.12.2-5.el8.noarch               tzdata-2020a-1.el8.noarch              

Complete!
Getting image source signatures
Copying blob c63e36daa48b done
Copying config 9ce59738e7 done
Writing manifest to image destination
Storing signatures
9ce59738e75e3719c9007e41df93acf60224280d818e7ef15d814222834fc639
595817c3f61b765625da2c302e0f48048a26d9707076ab6441fa768f9921e345




As https://github.com/containers/buildah/issues/1983 mentions, adding '--setopt tsflags=nocontexts' to yum/dnf avoids the errors.  I'm not sure when I'll have time to spin up a new test system to confirm, but I'm fairly sure I did not see this with 8.0/8.1.

Comment 2 Derrick Ornelas 2020-06-08 15:14:19 UTC

Moving this to yum to get their opinion.  It was under buildah, because that's where the current Fedora BZ is assigned.

Comment 3 Jaroslav Mracek 2020-06-15 11:10:33 UTC

In comment 2 there is a note that the issue is resolved by '--setopt tsflags=nocontexts'. In dnf we only add `RPMTRANS_FLAG_NOCONTEXTS` into rpm transaction, therefore I suggest that the issue is not related to DNF. Probably RPM team could know something more.

Comment 4 Panu Matilainen 2020-06-15 11:33:46 UTC


*** This bug has been marked as a duplicate of bug 1777502 ***

Note You need to log in before you can comment on or make changes to this bug.