2152027 – podman: ubi8 sticky bit removed from /tmp [rhel-8.7.0.z]

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2152027 - podman: ubi8 sticky bit removed from /tmp [rhel-8.7.0.z]

Summary: podman: ubi8 sticky bit removed from /tmp [rhel-8.7.0.z]

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	podman
Sub Component:
Version:	8.6
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Jindrich Novy
QA Contact:	Joy Pu
Docs Contact:
URL:
Whiteboard:
Depends On:	2138434
Blocks:
TreeView+	depends on / blocked

Reported:	2022-12-08 23:14 UTC by RHEL Program Management Team
Modified:	2023-01-12 09:26 UTC (History)
CC List:	19 users (show)
Fixed In Version:	podman-4.2.0-6.el8_7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	2138434
Environment:
Last Closed:	2023-01-12 09:24:07 UTC
Type:	---
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	containers podman pull 16802	None	open	[v4.2-rhel] Bump Buildah to v1.27.3	2022-12-10 10:36:08 UTC
Red Hat Issue Tracker	RHELPLAN-141731	None	None	None	2022-12-08 23:21:36 UTC
Red Hat Product Errata	RHBA-2023:0115	None	None	None	2023-01-12 09:24:21 UTC

Comment 2 Tom Sweeney 2022-12-09 22:21:26 UTC

PR with fix: https://github.com/containers/podman/pull/16802

Setting to Post and assigning to @jnovy for any further packaging and BZ needs.

Comment 6 Joy Pu 2022-12-19 07:16:29 UTC

Test with podman-4.2.0-6.module+el8.7.0+17498+a7f63b89.x86_64, the t flag is still exist after build, so it fit the request of the bug. 
[root@ibm-x3650m4-02-vm-05 test]# podman build -t test .
STEP 1/23: FROM scratch
STEP 2/23: ADD rhel-base-fs-container-8.6-2480.x86_64.tar.gz /
--> d2bb304d262
STEP 3/23: ADD tls-ca-bundle.pem /tmp/tls-ca-bundle.pem
--> a1a18d2e2d7
STEP 4/23: ADD atomic-reactor-repos/* /etc/yum.repos.d/
--> 2026ec4f0d6
STEP 5/23: LABEL maintainer="Red Hat, Inc."
--> f986ee0fe25
STEP 6/23: LABEL com.redhat.component="ubi8-container"       name="ubi8"       version="8.6"
--> 70a8c4285a5
STEP 7/23: LABEL com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"
--> b9010f34e89
STEP 8/23: LABEL summary="Provides the latest release of Red Hat Universal Base Image 8."
--> 869861546a2
STEP 9/23: LABEL description="The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly."
--> 4a48bb2ffbb
STEP 10/23: LABEL io.k8s.display-name="Red Hat Universal Base Image 8"
--> 22a017ae426
STEP 11/23: LABEL io.openshift.expose-services=""
--> bdadcd6ed84
STEP 12/23: LABEL io.openshift.tags="base rhel8"
--> 3662aff515c
STEP 13/23: ENV container oci
--> 7b87d10576f
STEP 14/23: ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
--> 7b49f792f58
STEP 15/23: CMD ["/bin/bash"]
--> 43b3498bdbd
STEP 16/23: RUN rm -rf /var/log/*
--> 61ea8d5cf32
STEP 17/23: RUN mkdir -p /var/log/rhsm
--> 9ddd9734a2a
STEP 18/23: LABEL release=1054
--> 7d5956b534a
STEP 19/23: ADD ubi8-container-8.6-1054.json /root/buildinfo/content_manifests/ubi8-container-8.6-1054.json
--> 7d07c47ee99
STEP 20/23: ADD Dockerfile-ubi8-8.6-1054 /root/buildinfo/Dockerfile-ubi8-8.6-1054
--> 1a6c074b098
STEP 21/23: LABEL "distribution-scope"="public" "vendor"="Red Hat, Inc." "build-date"="2022-12-19T02:04:53" "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="f1ee6e37554363ec55e0035aba1a693d3627fdeb" "io.k8s.description"="The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly." "url"="https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.6-1054"
--> 54608cabf99
STEP 22/23: RUN rm -f '/etc/yum.repos.d/beaker-AppStream.repo'
--> ee6250a2da7
STEP 23/23: RUN rm -f /tmp/tls-ca-bundle.pem
COMMIT test
--> 0762c39e3c7
Successfully tagged localhost/test:latest
0762c39e3c77ba1b0090f6d28acba4827a0956da5e37bdb994e9505c9dc3ccc2
[root@ibm-x3650m4-02-vm-05 test]# podman run test ls -ld /tmp/
drwxrwxrwt. 1 root root 31 Dec 19 06:58 /tmp/

Comment 10 errata-xmlrpc 2023-01-12 09:24:07 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (container-tools:rhel8 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:0115

Note You need to log in before you can comment on or make changes to this bug.