Bug 1990734 - user podman does not work any more: Error: cannot setup namespace using newuidmap: exit status 1 (broken /etc/sub[ug]id)
Summary: user podman does not work any more: Error: cannot setup namespace using newui...
Keywords:
Status: CLOSED DUPLICATE of bug 1990653
Alias: None
Product: Fedora
Classification: Fedora
Component: shadow-utils
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Iker Pedrosa
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-08-06 05:42 UTC by Martin Pitt
Modified: 2021-08-06 13:57 UTC (History)
15 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2021-08-06 13:57:00 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Martin Pitt 2021-08-06 05:42:06 UTC 
Description of problem: cockpit-podman's rawhide packit tests started to regress [1] very early in the setup when it tries to initialize user podman.

Version-Release number of selected component (if applicable):

podman-3.3.0-0.26.rc1.fc35.x86_64
crun-0.20.1.9-0.18.git60de767.fc35.x86_64
containers-common-1-24.fc35.noarch
kernel-core-5.14.0-0.rc4.20210804gitd5ad8ec3cfb5.36.fc35.x86_64
setup-2.13.9.1-2.fc35.noarch


How reproducible: Always


Steps to Reproduce:
1. Start a rawhide cloud image. E.g. like this:

IMG=$(curl -s -L https://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Cloud/x86_64/images/ | grep -o 'Fedora-Cloud-Base-Rawhide[^"]*qcow2' | head -n1)
curl -L -o rawhide.qcow2 https://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Cloud/x86_64/images/$IMG

# nothing fancy, just admin:foobar and root:foobar users
curl -L -O https://github.com/cockpit-project/bots/raw/main/machine/cloud-init.iso

# run VM with SSH port redirection
qemu-system-x86_64 -cpu host -enable-kvm -nographic -m 2048 -drive file=rawhide.qcow2,if=virtio -snapshot -cdrom cloud-init.iso -net nic,model=virtio -net user,hostfwd=tcp::2201-:22

# comfortable login (password "foobar")
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no -p 2201 root@localhost


2. Try to use podman as "fedora" user (standard user on cloud images):

loginctl enable-linger fedora
su - -c 'podman info' fedora


Actual results:

  Error: cannot setup namespace using newuidmap: exit status 1


Expected results:

  host:
    arch: amd64
  [...]
  (succeeds)


Additional info:

This is not related to the lingering setup or using `su`. You can `passwd fedora` and log into the serial console to get a "proper" login session, and it fails the same way.

The root cause is that /etc/sub[ug]id are broken. On fedora 34:

# cat /etc/subuid
admin:100000:65536
fedora:165536:65536

On rawhide:

# cat /etc/subuid
admin:0:0
fedora:0:0

When fixing both files, user podman works fine.

I don't know what exactly creates these sub[ug]id entries on user creation, so please assign to the correct package. Thank you!

[1] http://artifacts.dev.testing-farm.io/3354ff10-0faf-4951-a3e7-5f91339b30fb/
Comment 1 Matthew Heon 2021-08-06 13:19:49 UTC 
Reassigning to shadow-utils, given Podman does not manage these files.
Comment 2 Iker Pedrosa 2021-08-06 13:57:00 UTC 
Closing it as a duplicate of #1990653

*** This bug has been marked as a duplicate of bug 1990653 ***
Note You need to log in before you can comment on or make changes to this bug.