RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1877699 - podman does not use $TMPDIR loading a tar file.
Summary: podman does not use $TMPDIR loading a tar file.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: podman
Version: 7.8
Hardware: Unspecified
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: Jindrich Novy
QA Contact: Martin Jenner
URL:
Whiteboard:
: 1877700 (view as bug list)
Depends On:
Blocks: 1186913 1845974
TreeView+ depends on / blocked
 
Reported: 2020-09-10 08:44 UTC by hasuzuki
Modified: 2024-03-25 16:28 UTC (History)
10 users (show)

Fixed In Version: podman-1.6.4-25.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-11-10 13:54:23 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 5413281 0 None None None 2020-09-17 09:43:41 UTC
Red Hat Product Errata RHSA-2020:5056 0 None None None 2020-11-10 13:54:53 UTC

Description hasuzuki 2020-09-10 08:44:41 UTC 
Description of problem:

podman does not use $TMPDIR loading an tar file.
Podman load command fail on systems with small /var/tmp partition.



Version-Release number of selected component (if applicable):
podman-1.6.4-18.el7_8.x86_64 (latest version in RHEL7)


How reproducible:
100%

Steps to Reproduce:
1. Set /var/tmp small small size.
   # mount -t tmpfs -o size=1M tmpfs /var/tmp
2. Set environment variable to /tmp.
   # export TMPDIR=/tmp
3. Execute podman load command.

# podman load -i ./redhat.tar
Getting image source signatures
Copying blob 22415211085f skipped: already exists  
Copying blob 063d4ba31922 skipped: already exists  
Copying blob 0a0f017f8754 [======>-------------------------------] 92.3MiB / 523.1MiB
  write /var/tmp/storage071747019/1: no space left on device
Error: error pulling "": unable to pull dir:./redhat.tar: error determining pull goal for image "dir:./redhat.tar": error parsing dest reference name "localhost/./redhat.tar": error parsing named reference "localhost/./redhat.tar": invalid reference format


Actual results:
podman load command use /var/tmp directory.

Expected results:
podman load command use /tmp directory.

Additional info:

I think, following patch fix the issue.

  https://github.com/containers/podman/pull/5412


3 cmd/podman/load.go
@@ -10,6 +10,7 @@ import (
	"github.com/containers/libpod/cmd/podman/cliconfig"
	"github.com/containers/libpod/cmd/podman/shared/parse"
	"github.com/containers/libpod/pkg/adapter"
	"github.com/containers/libpod/pkg/util"
	"github.com/pkg/errors"
	"github.com/spf13/cobra"
	"golang.org/x/crypto/ssh/terminal"
@@ -75,7 +76,7 @@ func loadCmd(c *cliconfig.LoadValues) error {
		if terminal.IsTerminal(int(os.Stdin.Fd())) {
			return errors.Errorf("cannot read from terminal. Use command-line redirection or the --input flag.")
		}
		outFile, err := ioutil.TempFile("/var/tmp", "podman")     <==
		outFile, err := ioutil.TempFile(util.Tmpdir(), "podman")
		if err != nil {
			return errors.Errorf("error creating file %v", err)
		}


This patch is not yet backported to our podman.
podman/load.go in podman-1.6.4-18.el7_8.src.rpm
///
     75                 if terminal.IsTerminal(int(os.Stdin.Fd())) {
     76                         return errors.Errorf("cannot read from terminal. Use command-line redirection or the --input flag        .")
     77                 }
     78                 outFile, err := ioutil.TempFile("/var/tmp", "podman")              <==
     79                 if err != nil {
     80                         return errors.Errorf("error creating file %v", err)
     81                 }
     82                 defer os.Remove(outFile.Name())
     83                 defer outFile.Close()
     84 
     85                 _, err = io.Copy(outFile, os.Stdin)
     86                 if err != nil {
     87                         return errors.Errorf("error copying file %v", err)
     88                 }
     89 
     90                 c.Input = outFile.Name()
     91         }

Could you backport the patch to our podman?


The issue looks like following bugzilla for rhel8.
https://bugzilla.redhat.com/show_bug.cgi?id=1769918

Thanks
Hayato Suzuki
Comment 2 Derrick Ornelas 2020-09-10 14:23:13 UTC 
*** Bug 1877700 has been marked as a duplicate of this bug. ***
Comment 4 Tom Sweeney 2020-09-10 15:04:47 UTC 
Assigning to Matt as he handled the other related backports for this issue.
Comment 5 Jindrich Novy 2020-09-11 09:01:40 UTC 
If we talk about https://github.com/containers/image/commit/81308749f70d6c40c6b0fea39ffe767bfe50da38.patch

then this patch was already in as part of fixing CVE-2020-8945:

* Fri Apr 03 2020 Jindrich Novy <jnovy> - 1.6.4-18
- fix "CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull"
- Resolves: #1806940

Matt, do we need to do anything else on top of this?
Comment 6 Matthew Heon 2020-09-11 13:30:04 UTC 
I think we need one more commit in Podman itself to actually use the support that c/image added - 2c328f94b61116bfa7d1d46525d854678f94c9f3 appears to be the one
Comment 12 Joy Pu 2020-10-20 08:22:51 UTC 
Test with podman-1.6.4-26.el7_9.x86_64 and it works as expect. So set this to verified. Details:
# mount -t tmpfs -o size=1M tmpfs /var/tmp
# export TMPDIR=/tmp
# podman pull ubi8
Trying to pull registry.access.redhat.com/ubi8...
Getting image source signatures
Copying blob c4d668e229cd done  
Copying blob ec1681b6a383 done  
Copying config ecbc6f53bb done  
Writing manifest to image destination
Storing signatures
ecbc6f53bba0d1923ca9e92b3f747da8353a070fccbae93625bd8b47dbee772e
Comment 14 errata-xmlrpc 2020-11-10 13:54:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: podman security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5056
Comment 15 Red Hat Bugzilla 2023-09-18 00:22:24 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days
Note You need to log in before you can comment on or make changes to this bug.