Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1921863

Summary: rebuild of buildah-container 8.3
Product: Red Hat Enterprise Linux 8 Reporter: Ferdinand bot (Userspace containerization team) <cyborg-bugzilla>
Component: buildah-containerAssignee: Jindrich Novy <jnovy>
Status: CLOSED ERRATA QA Contact: Alex Jia <ajia>
Severity: unspecified Docs Contact: Michelle Bearer <mbearer>
Priority: unspecified    
Version: 8.3CC: ajia
Target Milestone: rcKeywords: Triaged
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: buildah-container-8.3-24 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-16 15:40:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ferdinand bot (Userspace containerization team) 2021-01-28 18:13:53 UTC 
Hello,

this bug has been created by bot Ferdinand
in order to be able to create Errata advisory for batch RHEL-8.3.1.2-Containers which is due 2021-02-16 (the GA date may change).

With regards,
Ferdinand, member of the bot family,
Userspace Containerization Team, <user-cont>
Comment 4 Alex Jia 2021-01-29 10:42:55 UTC 
Please also see https://bugzilla.redhat.com/show_bug.cgi?id=1918554#c3
Comment 5 Alex Jia 2021-02-01 04:12:41 UTC 
Need to upgrade fuse-overlayfs to 1.4.0-2 version inside the buildah-container-8.3-* image.

[root@kvm-06-guest09 ~]# podman run --name rhel8-buildah --rm --device /dev/fuse -it registry-proxy.engineering.redhat.com/rh-osbs/rhel8-buildah:8.3-21 /bin/bash
[root@b6c110f4ca2f /]# rpm -q buildah fuse-overlayfs
buildah-1.16.7-3.module+el8.3.1+9380+85743958.x86_64
fuse-overlayfs-1.3.0-1.module+el8.3.1+9380+85743958.x86_64
[root@b6c110f4ca2f /]# buildah info|grep -iA4 graphoption
        "GraphOptions": [
            "overlay.imagestore=/var/lib/shared",
            "overlay.mount_program=/usr/bin/fuse-overlayfs",
            "overlay.mountopt=nodev,metacopy=on"
        ],
[root@b6c110f4ca2f /]# buildah from registry.access.redhat.com/ubi8
Getting image source signatures
Copying blob d9e72d058dc5 done
Copying blob cca21acb641a done
Copying config 3269c37eae done
Writing manifest to image destination
Storing signatures
ubi8-working-container
[root@b6c110f4ca2f /]# buildah run --isolation=chroot ubi8-working-container ls /
error running subprocess: error bind mounting /dev from host into mount namespace: mkdir /var/tmp/buildah319081709/mnt/rootfs/dev: operation not permitted
                                                                                                                                                          exit status 1
ERRO exit status 1
[root@b6c110f4ca2f /]# curl -LO http://XXX/fuse-overlayfs-1.4.0-2.el8.x86_64.rpm
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 70860  100 70860    0     0  4324k      0 --:--:-- --:--:-- --:--:-- 4324k
[root@b6c110f4ca2f /]# rpm -Uvh fuse-overlayfs-1.4.0-2.el8.x86_64.rpm
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:fuse-overlayfs-1.4.0-2.el8       ################################# [ 50%]
Cleaning up / removing...
   2:fuse-overlayfs-1.3.0-1.module+el8################################# [100%]
[root@b6c110f4ca2f /]# buildah run --isolation=chroot ubi8-working-container ls /
bin  boot  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
Comment 6 Alex Jia 2021-02-09 06:48:58 UTC 
(In reply to Alex Jia from comment #5)
> Need to upgrade fuse-overlayfs to 1.4.0-2 version inside the
> buildah-container-8.3-* image.
> 
> [root@b6c110f4ca2f /]# buildah run --isolation=chroot ubi8-working-container
> ls /
> error running subprocess: error bind mounting /dev from host into mount
> namespace: mkdir /var/tmp/buildah319081709/mnt/rootfs/dev: operation not
> permitted
>                                                                             
> exit status 1
> ERRO exit status 1

This bug hasn't been fixed on fuse-overlayfs-1.3.0-2 both on rhel8-buildah:8.3-21.

[root@kvm-03-guest13 ~]# podman run --name rhel8-buildah --rm --device /dev/fuse -it registry-proxy.engineering.redhat.com/rh-osbs/rhel8-buildah:8.3-21 /bin/bash
XXX
[root@abea1a98384c /]# rpm -q fuse-overlayfs buildah
fuse-overlayfs-1.3.0-2.module+el8.3.1+9748+5702ca09.x86_64
buildah-1.16.7-1.module+el8.3.1+9107+df0d2892.x86_64
[root@abea1a98384c /]# buildah run --isolation=chroot ubi8-working-container ls /
error running subprocess: error bind mounting /dev from host into mount namespace: mkdir /var/tmp/buildah731538065/mnt/rootfs/dev: operation not permitted
                                                                                                                                                          exit status 1
ERRO exit status 1
Comment 7 Alex Jia 2021-02-10 05:18:03 UTC 
[root@728070a37dfd /]# rpm -q fuse-overlayfs buildah
fuse-overlayfs-1.3.0-2.module+el8.3.1+9857+68fb1526.x86_64
buildah-1.16.7-3.module+el8.3.1+9380+85743958.x86_64

[root@728070a37dfd /]# rpm -qf /usr/share/containers/seccomp.json
containers-common-1.2.0-9.module+el8.3.1+9380+85743958.x86_64

[root@728070a37dfd /]# buildah run --isolation=chroot ubi8-working-container ls /
error running subprocess: error bind mounting /dev from host into mount namespace: mkdir /var/tmp/buildah535557409/mnt/rootfs/dev: operation not permitted
                                                                                                                                                          exit status 1
ERRO exit status 1
Comment 9 Alex Jia 2021-02-11 02:17:22 UTC 
The libseccomp is 2.4.3-1 both on newest RHEL-8.3 and RHEL-8.4, and 
the fuse-overlayfs is 1.3.0-2 inside the buildah-container-8.3-22,
this bug hasn't been fixed yet.

[root@kvm-07-guest35 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.3 (Ootpa)

[root@kvm-07-guest35 ~]# rpm -q libseccomp podman runc
libseccomp-2.4.3-1.el8.x86_64
podman-2.2.1-7.module+el8.3.1+9857+68fb1526.x86_64
runc-1.0.0-70.rc92.module+el8.3.1+9857+68fb1526.x86_64

[root@kvm-07-guest35 ~]# podman pull registry-proxy.engineering.redhat.com/rh-osbs/rhel8-buildah:8.3-22
Trying to pull registry-proxy.engineering.redhat.com/rh-osbs/rhel8-buildah:8.3-22...
Getting image source signatures
Copying blob 6b536614e8f8 done
Copying blob fdb393d8227c done
Copying blob 7bd57215fc95 done
Copying config 2ac1d7d21c done
Writing manifest to image destination
Storing signatures
2ac1d7d21cb497085a0e937d11e2dba35c885a57a9f20889bbc65c1126dbc2ac
[root@kvm-07-guest35 ~]# podman run --name rhel8-buildah --rm --device /dev/fuse -it registry-proxy.engineering.redhat.com/rh-osbs/rhel8-buildah:8.3-22 /bin/bash
[root@aec63aecb7a1 /]# rpm -q buildah fuse-overlayfs containers-common
buildah-1.16.7-4.module+el8.3.1+9857+68fb1526.x86_64
fuse-overlayfs-1.3.0-2.module+el8.3.1+9857+68fb1526.x86_64
containers-common-1.2.0-9.module+el8.3.1+9857+68fb1526.x86_64
[root@aec63aecb7a1 /]# buildah info|grep -iA4 graphoption
        "GraphOptions": [
            "overlay.imagestore=/var/lib/shared",
            "overlay.mount_program=/usr/bin/fuse-overlayfs",
            "overlay.mountopt=nodev,metacopy=on"
        ],
[root@aec63aecb7a1 /]# buildah from registry.access.redhat.com/ubi8
Getting image source signatures
Copying blob cca21acb641a done
Copying blob d9e72d058dc5 done
Copying config 3269c37eae done
Writing manifest to image destination
Storing signatures
ubi8-working-container
[root@aec63aecb7a1 /]# buildah run --isolation=chroot ubi8-working-container ls /
error running subprocess: error bind mounting /dev from host into mount namespace: mkdir /var/tmp/buildah396083642/mnt/rootfs/dev: operation not permitted
                                                                                                                                                          exit status 1
ERRO exit status 1


[root@kvm-07-guest32 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.4 Beta (Ootpa)
[root@kvm-07-guest32 ~]# rpm -q libseccomp podman runc
libseccomp-2.4.3-1.el8.x86_64
podman-3.0.0-0.38rc2.module+el8.4.0+9804+5385893b.x86_64
runc-1.0.0-70.rc92.module+el8.4.0+9804+5385893b.x86_64

[root@kvm-07-guest32 ~]# podman pull registry-proxy.engineering.redhat.com/rh-osbs/rhel8-buildah:8.3-22
Trying to pull registry-proxy.engineering.redhat.com/rh-osbs/rhel8-buildah:8.3-22...
Getting image source signatures
Copying blob 6b536614e8f8 done
Copying blob fdb393d8227c done
Copying blob 7bd57215fc95 done
Copying config 2ac1d7d21c done
Writing manifest to image destination
Storing signatures
2ac1d7d21cb497085a0e937d11e2dba35c885a57a9f20889bbc65c1126dbc2ac
[root@kvm-07-guest32 ~]# podman run --name rhel8-buildah --rm --device /dev/fuse -it registry-proxy.engineering.redhat.com/rh-osbs/rhel8-buildah:8.3-22 /bin/bash
[root@fc429e519662 /]# rpm -q buildah fuse-overlayfs containers-common
buildah-1.16.7-4.module+el8.3.1+9857+68fb1526.x86_64
fuse-overlayfs-1.3.0-2.module+el8.3.1+9857+68fb1526.x86_64
containers-common-1.2.0-9.module+el8.3.1+9857+68fb1526.x86_64
[root@fc429e519662 /]# buildah info|grep -iA4 graphoption
        "GraphOptions": [
            "overlay.imagestore=/var/lib/shared",
            "overlay.mount_program=/usr/bin/fuse-overlayfs",
            "overlay.mountopt=nodev,metacopy=on"
        ],
[root@fc429e519662 /]# buildah from registry.access.redhat.com/ubi8
Getting image source signatures
Copying blob cca21acb641a done
Copying blob d9e72d058dc5 done
Copying config 3269c37eae done
Writing manifest to image destination
Storing signatures
ubi8-working-container
[root@fc429e519662 /]# buildah run --isolation=chroot ubi8-working-container ls /
error running subprocess: error bind mounting /dev from host into mount namespace: mkdir /var/tmp/buildah955304116/mnt/rootfs/dev: operation not permitted
                                                                                                                                                          exit status 1
ERRO exit status 1
Comment 10 Jindrich Novy 2021-02-11 08:27:02 UTC 
Filed https://bugzilla.redhat.com/show_bug.cgi?id=1927635 for this issue. This is not really an issue of buildah-container issue but libseccomp's.
Comment 11 Alex Jia 2021-02-14 11:39:01 UTC 
This bug has been fixed on rhel8-buildah:8.3-24.

[root@kvm-07-guest32 ~]# podman pull registry-proxy.engineering.redhat.com/rh-osbs/rhel8-buildah:8.3-24
Trying to pull registry-proxy.engineering.redhat.com/rh-osbs/rhel8-buildah:8.3-24...
Getting image source signatures
Copying blob 6b536614e8f8 done
Copying blob fdb393d8227c done
Copying blob 01635593bb47 done
Copying config dab33f863b done
Writing manifest to image destination
Storing signatures
dab33f863bc523cc932280401ccb9dc47751fce7423f1392585b40494cc7f754

[root@kvm-07-guest32 ~]# podman run --name rhel8-buildah --rm --device /dev/fuse -it registry-proxy.engineering.redhat.com/rh-osbs/rhel8-buildah:8.3-24 /bin/bash
[root@4347aeb7d4d5 /]# rpm -q buildah fuse-overlayfs libseccomp
buildah-1.16.7-4.module+el8.3.1+9857+68fb1526.x86_64
fuse-overlayfs-1.3.0-2.module+el8.3.1+9857+68fb1526.x86_64
libseccomp-2.4.3-1.el8.x86_64

[root@4347aeb7d4d5 /]# buildah from registry.access.redhat.com/ubi8
Getting image source signatures
Copying blob cca21acb641a done
Copying blob d9e72d058dc5 done
Copying config 3269c37eae done
Writing manifest to image destination
Storing signatures
ubi8-working-container

[root@4347aeb7d4d5 /]# buildah ps
CONTAINER ID  BUILDER  IMAGE ID     IMAGE NAME                       CONTAINER NAME
6ac5dcbc0768     *     3269c37eae33 registry.access.redhat.com/ub... ubi8-working-container

[root@4347aeb7d4d5 /]# buildah run --isolation=chroot ubi8-working-container ls /
bin  boot  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
Comment 14 errata-xmlrpc 2021-02-16 15:40:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel8/buildah container image update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0586