buildah "run masks" test fails with crun 1.24 #6384
Description
Issue Description
The run masks test fails with crun 1.24. It didn't fail with crun 1.22 and doesn't fail with runc. It fails both as root and rootless:
https://openqa.opensuse.org/tests/5305996/file/buildah-buildah-root.tap.txt
Steps to reproduce the issue
openQA reproducer:
https://openqa.opensuse.org/tests/5305996/file/buildah-commands.txt
Describe the results you received
not ok 867 run masks # in 633 ms
# (from function `die' in file tests/helpers.bash, line 440,
# from function `run_buildah' in file tests/helpers.bash, line 427,
# in test file tests/run.bats, line 986)
# `run_buildah run $cid ls $mask' failed
# /var/tmp/buildah/tests /var/tmp/buildah
# # [checking for: docker.io/library/alpine]
# # [restoring from cache: /var/tmp/test.wjzg9D/bats-run-4N1B6I/suite/buildah-image-cache / docker.io/library/alpine]
# Getting image source signatures
# Copying blob sha256:9d16cba9fb961d1aafec9542f2bf7cb64acfc55245f9e4eb5abecd4cdc38d749
# Copying config sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4
# Writing manifest to image destination
# # /usr/bin/buildah from --quiet --pull=false --signature-policy /var/tmp/buildah/tests/policy.json alpine
# alpine-working-container
# # /usr/bin/buildah run alpine-working-container ls /proc/acpi
# ls: can't open '/proc/acpi': Permission denied
# Error: while running runtime: exit status 1
# [ rc=1 (** EXPECTED 0 **) ]
# #/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
# #| FAIL: exit code is 1; expected 0
# #\^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Describe the results you expected
Test should pass.
buildah version output
buildah version 1.41.3 (image-spec 1.1.1, runtime-spec 1.2.1)
Other package versions:
https://openqa.opensuse.org/tests/5305996/file/buildah-rpm-qa.txtbuildah info output
{
"host": {
"CgroupVersion": "v2",
"Distribution": {
"distribution": "\"opensuse-tumbleweed\"",
"version": "20250912"
},
"MemFree": 1518747648,
"MemTotal": 2059546624,
"OCIRuntime": "crun",
"SwapFree": 2148507648,
"SwapTotal": 2148507648,
"arch": "amd64",
"cpus": 2,
"hostname": "susetest",
"kernel": "6.16.6-1-default",
"os": "linux",
"rootless": false,
"uptime": "12.73s",
"variant": ""
},
"store": {
"ContainerStore": {
"number": 0
},
"GraphDriverName": "overlay",
"GraphOptions": [
"overlay.mountopt=nodev"
],
"GraphRoot": "/var/lib/containers/storage",
"GraphStatus": {
"Backing Filesystem": "btrfs",
"Native Overlay Diff": "true",
"Supports d_type": "true",
"Supports shifting": "true",
"Supports volatile": "true",
"Using metacopy": "false"
},
"ImageStore": {
"number": 0
},
"RunRoot": "/run/containers/storage"
}
}Provide your storage.conf
[storage]
driver = "overlay"
runroot = "/run/containers/storage"
graphroot = "/var/lib/containers/storage"
[storage.options]
additionalimagestores = [
]
[storage.options.pull_options]
[storage.options.overlay]
mountopt = "nodev"Upstream Latest Release
No
Additional environment details
openSUSE Tumbleweed Build20250912 with kernel 6.16.6
crun version 1.24
commit: 54693209039e5e04cbe3c8b1cd5fe2301219f0a1
rundir: /run/user/0/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
Additional information
Storage driver is vfs and not overlay.