We have a bug report in s2i-base-container repository reporting that there are different permissions on /tmp folder than usual and it turned out to come from the base Fedora image.
Rawhide:
[root@915226ba7517 /]# ls -la /tmp/ total 8 drwxr-xr-x. 2 root root 4096 Mar 11 08:27 .z dr-xr-xr-x. 18 root root 4096 Mar 25 08:32 ..
F34:
[root@f4effff8169a /]# ls -la /tmp/ total 8 drwxr-xr-x. 2 root root 4096 Mar 23 10:24 . dr-xr-xr-x. 18 root root 4096 Mar 25 08:34 ..
But F33 has different permissions.
[root@df3f780c1404 /]# ls -la /tmp/ total 12 drwxrwxrwt. 2 root root 4096 Jan 6 07:48 . dr-xr-xr-x. 18 root root 4096 Mar 25 08:40 .. -rwx------. 1 root root 757 Jan 6 07:48 ks-script-ai1xyg9g
Do you know why there is such a difference?
AFAIK we don't do anything special with the filesystem in the container image. /tmp/ is provided by filesystem package and there was not major difference between f33 and f34.
/tmp/
filesystem
~ [cverna@localhost] $ podman run -it --rm fedora:33 rpm -q --whatprovides /tmp/ filesystem-3.14-3.fc33.x86_64 ~ [cverna@localhost] $ podman run -it --rm fedora:34 rpm -q --whatprovides /tmp/ filesystem-3.14-5.fc34.x86_64
And the spec file seems to do the correct thing https://src.fedoraproject.org/rpms/filesystem/blob/rawhide/f/filesystem.spec#_226
I am not sure, what could be changing the permission on /tmp/ :confused:
You are right that the package itself seems to be correct. But something has to change the permissions. If I try to reinstall the package, it solves the problem:
$ podman pull fedora:34 … Storing signatures e7f6aaa22ed8e888fcdfb0f349f746ae8bc6fed5d15331f1901e92e4233c655b $ podman run --rm -it fedora:34 [root@0b29a821dab6 /]# ls -la /tmp/ total 8 drwxr-xr-x. 2 root root 4096 Apr 1 10:21 . dr-xr-xr-x. 18 root root 4096 Apr 2 10:31 .. [root@0b29a821dab6 /]# dnf reinstall -y filesystem … Reinstalled: filesystem-3.14-5.fc34.x86_64 Complete! [root@0b29a821dab6 /]# ls -la /tmp/ total 8 drwxrwxrwt. 2 root root 4096 Apr 2 10:33 . dr-xr-xr-x. 18 root root 4096 Apr 2 10:33 ..
Do you know where I can take a look or report this issue?
I've downloaded the tarballs files from https://github.com/fedora-cloud/docker-brew-fedora for f33 and f34 and the difference is there as well so it seems that the difference comes from kickstart files which are in this matter different than the definition of filesystem package specfile.
Unpacked tmp folder from the fedora-33.20210401-x86_64.tar.xz and the fedora-34.20210329-x86_64.tar.xz archives:
$ ls -la f33 total 12 drwxr-xr-x. 3 lbalhar lbalhar 4096 Apr 7 11:50 . drwxr-xr-x. 4 lbalhar lbalhar 4096 Apr 7 11:50 .. drwxrwxrwt. 2 lbalhar lbalhar 4096 Apr 1 09:48 tmp $ ls -la f34 total 12 drwxr-xr-x. 3 lbalhar lbalhar 4096 Apr 7 11:50 . drwxr-xr-x. 4 lbalhar lbalhar 4096 Apr 7 11:50 .. drwxr-xr-x. 2 lbalhar lbalhar 4096 Mar 29 12:19 tmp
@cverna do you have an idea where I can report this? Cc @pkubat @phracek
What about asking the package maintainer of the filesystem package? Maybe some slight changes were there, just guessing.
I'd have said something is broken with the image build process since the permissions in the image didn't match what's in the RPM.
I just checked today's fedora:34 image and the problem seems to have fixed itself.
The package is correct and it always was. Reinstalling the package fixed the issue in the broken containers. See my previous comments.
I'd have said something is broken with the image build process since the permissions in the image didn't match what's in the RPM. I just checked today's fedora:34 image and the problem seems to have fixed itself.
You are right, the latest images for f34 and rawhide are correct.
$ podman run --rm -it fedora:34 [root@37c95eaf92bd /]# ls -la /tmp/ total 8 drwxrwxrwt. 2 root root 4096 Apr 7 10:26 . dr-xr-xr-x. 18 root root 4096 Apr 8 07:29 .. $ podman run --rm -it fedora:rawhide [root@f4fd72acfd8f /]# ls -la /tmp/ total 8 drwxrwxrwt. 2 root root 4096 Apr 7 08:13 . dr-xr-xr-x. 18 root root 4096 Apr 8 07:30 ..
I think that this issue can be closed now.
This is odd indeed, must have been something with the build system :confused: .
Closing now and let's see if that happen again
Metadata Update from @cverna: - Issue status updated to: Closed (was: Open)
something must have changed on the build system, as the kickstarts and RPM sets are identical between when the issue was present and the next day when it was fixed:
[user@localhost ~]$ diff -u <(podman run --rm 459e9501f929 cat /root/original-ks.cfg) <(podman run --rm 89a6681bb295 cat /root/original-ks.cfg) --- /dev/fd/63 2021-04-08 19:30:53.539826700 -0400 +++ /dev/fd/62 2021-04-08 19:30:53.540826705 -0400 @@ -11,8 +11,8 @@ # Network information network --bootproto=dhcp --device=link --activate # Use network installation -url --url="https://kojipkgs.fedoraproject.org/compose/branched/Fedora-34-20210406.n.0/compose/Everything/x86_64/os" -repo --name="koji-override-0" --baseurl=https://kojipkgs.fedoraproject.org/compose/branched/Fedora-34-20210406.n.0/compose/Everything/x86_64/os +url --url="https://kojipkgs.fedoraproject.org/compose/branched/Fedora-34-20210407.n.0/compose/Everything/x86_64/os" +repo --name="koji-override-0" --baseurl=https://kojipkgs.fedoraproject.org/compose/branched/Fedora-34-20210407.n.0/compose/Everything/x86_64/os # System timezone timezone Etc/UTC --utc --nontp [user@localhost ~]$ diff -u <(podman run --rm 459e9501f929 ls -ld /tmp) <(podman run --rm 89a6681bb295 ls -ld /tmp) --- /dev/fd/63 2021-04-08 19:31:09.757905870 -0400 +++ /dev/fd/62 2021-04-08 19:31:09.758905875 -0400 @@ -1 +1 @@ -drwxr-xr-x. 2 root root 4096 Apr 6 10:23 /tmp +drwxrwxrwt. 2 root root 4096 Apr 7 10:26 /tmp [user@localhost ~]$ diff -u <(podman run --rm 459e9501f929 rpm -qa | sort -u) <(podman run --rm 89a6681bb295 rpm -qa | sort -u) [user@localhost ~]$
Login to comment on this ticket.