Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/initContainer: Avoid RPM failures due to unexpected file owners #640

Merged
merged 1 commit into from
Nov 17, 2021
Merged

cmd/initContainer: Avoid RPM failures due to unexpected file owners #640

merged 1 commit into from
Nov 17, 2021

Conversation

debarshiray
Copy link
Member

@debarshiray debarshiray commented Dec 2, 2020
edited
Loading

When running rootless, files and directories bind mounted from the
host operating system can have their ownership listed as
nobody:nobody. This is because the UIDs and GIDs that actually own
those locations are not available inside the container.

Some distribution packages are particular about the file ownerships of
some of these locations. eg., Fedora's filesystem RPM. Encountering
nobody:nobody as the owner can fail package management transactions
involving such packages leading to unforeseen consequences.

Therefore, configure RPM to leave these locations alone.

@softwarefactory-project-zuul
Copy link

Build failed.

HarryMichal
HarryMichal requested changes Dec 2, 2020
View reviewed changes
Copy link
Member

@HarryMichal HarryMichal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a comment with a proposed change. Apart from that, looks good to me. Did not test locally, yet. Great work!

src/cmd/initContainer.go Outdated Show resolved Hide resolved
debarshiray added a commit to debarshiray/toolbox that referenced this pull request Dec 2, 2020
@debarshiray
cmd/initContainer: Avoid RPM failures due to unexpected file owners
4bca04f 
When running rootless, files and directories bind mounted from the
host operating system can have their ownership listed as
nobody:nobody. This is because the UIDs and GIDs that actually own
those locations are not available inside the container.

Some distribution packages are particular about the file ownerships of
some of these locations. eg., Fedora's filesystem RPM. Encountering
nobody:nobody as the owner can fail package management transactions
involving such packages leading to unforeseen consequences.

Therefore, configure RPM to leave these locations alone.

containers#640
@debarshiray
Copy link
Member Author

Note that this doesn't seem to be working as I thought it would.

@softwarefactory-project-zuul
Copy link

Build succeeded.

praiskup
praiskup reviewed Dec 15, 2020
View reviewed changes
src/cmd/initContainer.go Outdated Show resolved Hide resolved
@debarshiray debarshiray mentioned this pull request Dec 18, 2020
Closed
@HarryMichal HarryMichal added this to the Release 0.2.0 milestone Feb 26, 2021
@HarryMichal HarryMichal added 2. Container Realm The issue is related to what happens inside of a toolbox container 3. Bugfix Fixes a bug 6. Minor Change Should not cause breakage labels Feb 26, 2021
@debarshiray debarshiray mentioned this pull request Mar 15, 2021
Open
Base automatically changed from master to main March 25, 2021 22:25
debarshiray added a commit to debarshiray/toolbox that referenced this pull request Nov 17, 2021
@debarshiray
cmd/initContainer: Avoid RPM failures due to unexpected file owners
d9ba7ca 
When running rootless, files and directories bind mounted from the
host operating system can have their ownership listed as
nobody:nobody. This is because the UIDs and GIDs that actually own
those locations are not available inside the container.

Some distribution packages are particular about the file ownerships of
some of these locations. eg., Fedora's filesystem and libvirt-libs
RPMs. Encountering nobody:nobody as the owner can fail package
management transactions involving such packages leading to unforeseen
consequences.

Therefore, configure RPM to leave these locations alone.

containers#640
@debarshiray
cmd/initContainer: Avoid RPM failures due to unexpected file owners
7542f5f 
When running rootless, files and directories bind mounted from the
host operating system can have their ownership listed as
nobody:nobody. This is because the UIDs and GIDs that actually own
those locations are not available inside the container.

Some distribution packages are particular about the file ownerships of
some of these locations. eg., Fedora's filesystem, flatpak and
libvirt-libs RPMs. Encountering nobody:nobody as the owner can fail
package management transactions involving such packages leading to
unforeseen consequences.

Therefore, configure RPM to leave these locations alone.

containers#640
@debarshiray
Copy link
Member Author

This fixes the filesystem, flatpak and libvirt-libs RPMs.

We might have to tweak the list of paths in %_netsharedpath over time as Toolbox evolves and problems with other RPMs come to light.

@softwarefactory-project-zuul
Copy link

Build failed.

@debarshiray debarshiray merged commit 7542f5f into containers:main Nov 17, 2021
@debarshiray debarshiray deleted the wip/rishi/netsharedpath branch November 17, 2021 02:18
@juhp
Copy link
Contributor

juhp commented Nov 17, 2021

This is really great news!

@fedelibre fedelibre mentioned this pull request Nov 25, 2021
Open
allisonkarlitskaya added a commit to allisonkarlitskaya/lisbox that referenced this pull request Dec 10, 2021
@allisonkarlitskaya
Add workaround for containers/toolbox#640
58ab0b2
allisonkarlitskaya added a commit to allisonkarlitskaya/lisbox that referenced this pull request Dec 10, 2021
@allisonkarlitskaya
Add workaround for containers/toolbox#640
4df7b90
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@praiskup praiskup praiskup left review comments

@HarryMichal HarryMichal HarryMichal requested changes

Assignees
No one assigned
Labels
2. Container Realm The issue is related to what happens inside of a toolbox container 3. Bugfix Fixes a bug 6. Minor Change Should not cause breakage
Projects
None yet
Milestone
Release 0.1.0
Development

Successfully merging this pull request may close these issues.
4 participants
@debarshiray @juhp @praiskup @HarryMichal