Bug 1879092 - Missing fixes in 2.0-8.3.0 of container-tools present in 2.0-8.2.0 branch.
Summary: Missing fixes in 2.0-8.3.0 of container-tools present in 2.0-8.2.0 branch.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: podman
Version: 8.3
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: rc
: 8.0
Assignee: Jindrich Novy
QA Contact: atomic-bugs@redhat.com
URL:
Whiteboard:
Depends On:
Blocks: 1878822
TreeView+ depends on / blocked
 
Reported: 2020-09-15 12:34 UTC by Jindrich Novy
Modified: 2021-09-03 15:22 UTC (History)
14 users (show)

Fixed In Version: podman-1.6.4-22.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-11-04 03:45:29 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:4770 0 None None None 2020-11-04 03:46:09 UTC

Description Jindrich Novy 2020-09-15 12:34:46 UTC
There are fixes present in 2.0-8.2.0 branch of container-tools which are missing in 2.0-8.3.0. In order to not to cause a regression we need to apply these fixes also in 2.0-8.3.0 branch.

Related bugzillas:
https://bugzilla.redhat.com/show_bug.cgi?id=1834346
https://bugzilla.redhat.com/show_bug.cgi?id=1867447

This was found by Lon Hohberger while testing OSP 17 on RHEL 8.3.

Comment 8 Daniel Walsh 2020-09-15 20:30:36 UTC
Lon are you saying the podman 2.0 no longer allows seccomp options external to the --privileged flag?

Comment 9 Lon Hohberger 2020-09-16 14:22:58 UTC
yes.

The patches are missing from the 2.0 branch in RHEL 8.3.0

Comment 17 Joy Pu 2020-09-23 08:15:27 UTC
Test with podman-1.6.4-22.module+el8.3.0+8150+b1766c57.x86_64 and the test steps of those two bugs are all works as expect. So set this to verified. Details:
For buildah-container
# modprobe fuse
# podman run --rm --device /dev/fuse -it registry.redhat.io/rhel8/buildah /bin/bash
[root@cf45c9ad1b98 /]# buildah --storage-opt=overlay.mount_program=/usr/bin/fuse-overlayfs from registry.access.redhat.com/ubi8
Getting image source signatures
Copying blob c4d668e229cd done  
Copying blob ec1681b6a383 done  
Copying config ecbc6f53bb done  
Writing manifest to image destination
Storing signatures
ubi8-working-container
[root@cf45c9ad1b98 /]# buildah --storage-opt=overlay.mount_program=/usr/bin/fuse-overlayfs run  --isolation=chroot ubi8-working-container ls /
bin  boot  dev	etc  home  lib	lib64  lost+found  media  mnt  opt  proc  root	run  sbin  srv	sys  tmp  usr  var

For healthcheck log
# podman run -dt --name hc --healthcheck-start-period 2m --healthcheck-retries 5 --healthcheck-command "CMD-SHELL curl http://localhost  || exit 1" quay.io/libpod/alpine_nginx:latest
Trying to pull quay.io/libpod/alpine_nginx:latest...
Getting image source signatures
Copying blob a3ed95caeb02 done
Copying blob a3ed95caeb02 done
Copying blob a3ed95caeb02 done
Copying blob a3ed95caeb02 skipped: already exists
Copying blob 4fe2ade4980c done
Copying blob ee08fa06e364 done
Copying blob 7ecd51378d2e done
Writing manifest to image destination
Storing signatures
74c1707e511dcd5afd2b2ea1d58ba01a0c3f606b2100d6064fd222d1550ae437
]# ls /var/run/containers/storage/overlay-containers/74c1707e511dcd5afd2b2ea1d58ba01a0c3f606b2100d6064fd222d1550ae437/healthcheck.log 
/var/run/containers/storage/overlay-containers/74c1707e511dcd5afd2b2ea1d58ba01a0c3f606b2100d6064fd222d1550ae437/healthcheck.log

Comment 25 errata-xmlrpc 2020-11-04 03:45:29 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (container-tools:2.0 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4770


Note You need to log in before you can comment on or make changes to this bug.