I can't install packages inside the container created by fedora-toolbox:
edwin@bolt:~ % SHELL=/bin/bash fedora-toolbox -v enter 🔹[edwin@toolbox ~]$ sudo dnf sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? 🔹[edwin@toolbox ~]$ dnf install vim Error: This command has to be run under the root user.
I'm running the latest packages from rpm-ostree:
edwin@bolt:~ % rpm-ostree status State: idle Warning: failed to query journal: address not available AutomaticUpdates: stage; rpm-ostreed-automatic.timer: last run 5h 1min ago Deployments: ● ostree://fedora-workstation:fedora/29/x86_64/silverblue Version: 29.20181216.0 (2018-12-16T00:57:21Z) BaseCommit: 9e79f2d859ceebec1e07db8eb2dc3d120f45a46260df530d173ef2a6c3d058d7 GPGSignature: Valid signature by 5A03B4DD8254ECA02FDA1637A20AA56B429476B4 LayeredPackages: ansible bcc-tools chromium dconf-editor evince evolution fedora-toolbox gnome-photos gnome-tweak-tool kernel-tools latencytop libreoffice mesa-vulkan-drivers.i686 mozilla-ublock-origin neovim pass perf python3-psutil ripgrep stow tig weston zsh ostree://fedora-workstation:fedora/29/x86_64/silverblue Version: 29.20181214.0 (2018-12-14T10:52:14Z) BaseCommit: 2c3e9279d3ebc2f46ad2b9daf270d884b2f40f056a3404a0e0d51f764b7da047 GPGSignature: Valid signature by 5A03B4DD8254ECA02FDA1637A20AA56B429476B4 LayeredPackages: ansible bcc-tools chromium dconf-editor evince evolution fedora-toolbox gnome-photos gnome-tweak-tool kernel-tools latencytop libreoffice mesa-vulkan-drivers.i686 mozilla-ublock-origin neovim pass perf python3-psutil ripgrep stow tig weston zsh edwin@bolt:~ % podman --version podman version 0.12.1.1 edwin@bolt:~ % buildah --version buildah version 1.5 (image-spec 1.0.0, runtime-spec 1.0.0)
Also tried the --sudo flag but that failed in a different way:
--sudo
fedora-toolbox --sudo -v create error reading image "fedora-toolbox-edwin:29": error reading image: error locating image "fedora-toolbox-edwin:29" for importing settings: error locating image with name "fedora-toolbox-edwin:29": image not known Error determining manifest MIME type for docker://localhost/fedora-toolbox:29: pinging docker registry returned: Get https://localhost/v2/: dial tcp [::1]:443: connect: connection refused Getting image source signatures Copying blob sha256:af19ce19de5ee70d1ca852c65f9927fab6ba09de2864af2acdf18d60774bffbd 85.70 MiB / 85.70 MiB [===================================================] 15s Copying blob sha256:6df1bfffa76ae08ebcb61de2ae28fbf5f8a84079b6cb316d095cdf4cb5e2bdbb 182.56 MiB / 182.56 MiB [=================================================] 29s Copying config sha256:032b427fbbf72ac22336638af319ef989a2b99e038ca087743c132ab71445ed8 2.69 KiB / 2.69 KiB [======================================================] 0s Writing manifest to image destination Storing signatures passwd: Note: deleting a password also unlocks the password. passwd: Note: deleting a password also unlocks the password. Getting image source signatures Skipping fetch of repeat blob sha256:8080f9aa6262000ad12d3d7e55331d275d412faa730b75c41bbf444b4ce056e9 Skipping fetch of repeat blob sha256:d399ea65472cbad41d640ec2a09724c2f11ac7fa52636b6cec6905e8fa490865 Copying blob sha256:080bbdcce425af12a424a190521c874cb1f8e46546a95698b7cb44a9bb2cdfaa 1.95 KiB / 1.95 KiB [======================================================] 0s Copying config sha256:cb6e83d458a67a5aece6b5505d25e2a83b168b3f87250990d87fcd08c0c15f44 1.43 KiB / 1.43 KiB [======================================================] 0s Writing manifest to image destination Storing signatures error looking up container "fedora-toolbox-edwin:29": no container with name or ID fedora-toolbox-edwin:29 found: no such container error creating container storage: error creating ID-mapped copy of layer "8042eb3a896959439cf57f9e6c964552292c90a8540048fa2efb80cef5d5feec": exit status 1: error during chown: storage-chown-by-maps: chown("usr/bin/ping"): no data available /usr/bin/fedora-toolbox: failed to create container fedora-toolbox-edwin:29
I've noticed that the permissions on some directories inside the container are wrong, e.g. for /tmp (and if something as fundamental as /tmp gets its permissions wrong, there are likely more things wrong with podman created images):
podman build -t footest . STEP 1: FROM fedora:29 STEP 2: RUN dnf install -y sudo passwd Fedora Modular 29 - x86_64 359 kB/s | 1.5 MB 00:04 Fedora Modular 29 - x86_64 - Updates 443 kB/s | 1.8 MB 00:04 Fedora 29 - x86_64 - Updates 1.9 MB/s | 17 MB 00:09 Fedora 29 - x86_64 2.0 MB/s | 62 MB 00:31 Last metadata expiration check: 0:00:01 ago on Sun Dec 16 18:31:25 2018. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: sudo x86_64 1.8.25-1.fc29 updates 826 k passwd x86_64 0.80-4.fc29 fedora 107 k Installing dependencies: libuser x86_64 0.62-18.fc29 fedora 378 k Transaction Summary ================================================================================ Install 3 Packages Total download size: 1.3 M Installed size: 5.5 M Downloading Packages: (1/3): sudo-1.8.25-1.fc29.x86_64.rpm 661 kB/s | 826 kB 00:01 (2/3): passwd-0.80-4.fc29.x86_64.rpm 85 kB/s | 107 kB 00:01 (3/3): libuser-0.62-18.fc29.x86_64.rpm 273 kB/s | 378 kB 00:01 -------------------------------------------------------------------------------- Total 288 kB/s | 1.3 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installed: libuser-0.62-18.fc29.x86_64 Installing : libuser-0.62-18.fc29.x86_64 1/3 Running scriptlet: libuser-0.62-18.fc29.x86_64 1/3 Installed: libuser-0.62-18.fc29.x86_64 Installed: passwd-0.80-4.fc29.x86_64 Installing : passwd-0.80-4.fc29.x86_64 2/3 Installed: passwd-0.80-4.fc29.x86_64 Installed: sudo-1.8.25-1.fc29.x86_64 Installing : sudo-1.8.25-1.fc29.x86_64 3/3 Running scriptlet: sudo-1.8.25-1.fc29.x86_64 3/3 Installed: sudo-1.8.25-1.fc29.x86_64 Verifying : sudo-1.8.25-1.fc29.x86_64 1/3 Verifying : libuser-0.62-18.fc29.x86_64 2/3 Verifying : passwd-0.80-4.fc29.x86_64 3/3 Installed: sudo-1.8.25-1.fc29.x86_64 passwd-0.80-4.fc29.x86_64 libuser-0.62-18.fc29.x86_64 Complete! --> 890e3bd2beeb0a3069e92460a20fd375d135f22dcf730e25f5a94b31a2c11494 STEP 3: FROM 890e3bd2beeb0a3069e92460a20fd375d135f22dcf730e25f5a94b31a2c11494 STEP 4: RUN ls -ld /tmp drwxr-xr-t. 2 root root 4096 Dec 16 18:32 /tmp --> 1e68f0b2835ce8dbe5837b564ba5d9b0da10fe6fd3a43154e884df9a7bf52387 STEP 5: COMMIT footest
The permissions for /tmp on the base image are fine:
podman run -ti fedora:29 bash l[root@a357d6628f5c /]# ls -ld /tmp drwxrwxrwt. 2 root root 4096 Nov 6 06:48 /tmp
Also running podman as root leaves the permissions for /tmp intact, which would seem to suggest that this is a bug in rootless podman:
sudo podman build -t footest . [sudo] password for edwin: STEP 1: FROM fedora:29 STEP 2: RUN dnf install -y sudo passwd Fedora Modular 29 - x86_64 371 kB/s | 1.5 MB 00:04 Fedora Modular 29 - x86_64 - Updates 436 kB/s | 1.8 MB 00:04 Fedora 29 - x86_64 - Updates 2.7 MB/s | 17 MB 00:06 Fedora 29 - x86_64 2.8 MB/s | 62 MB 00:22 Last metadata expiration check: 0:00:01 ago on Sun Dec 16 18:34:53 2018. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: sudo x86_64 1.8.25-1.fc29 updates 826 k passwd x86_64 0.80-4.fc29 fedora 107 k Installing dependencies: libuser x86_64 0.62-18.fc29 fedora 378 k Transaction Summary ================================================================================ Install 3 Packages Total download size: 1.3 M Installed size: 5.5 M Downloading Packages: (1/3): libuser-0.62-18.fc29.x86_64.rpm 320 kB/s | 378 kB 00:01 (2/3): sudo-1.8.25-1.fc29.x86_64.rpm 654 kB/s | 826 kB 00:01 (3/3): passwd-0.80-4.fc29.x86_64.rpm 84 kB/s | 107 kB 00:01 -------------------------------------------------------------------------------- Total 299 kB/s | 1.3 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installed: libuser-0.62-18.fc29.x86_64 Installing : libuser-0.62-18.fc29.x86_64 1/3 Running scriptlet: libuser-0.62-18.fc29.x86_64 1/3 Installed: libuser-0.62-18.fc29.x86_64 Installed: passwd-0.80-4.fc29.x86_64 Installing : passwd-0.80-4.fc29.x86_64 2/3 Installed: passwd-0.80-4.fc29.x86_64 Installed: sudo-1.8.25-1.fc29.x86_64 Installing : sudo-1.8.25-1.fc29.x86_64 3/3 Running scriptlet: sudo-1.8.25-1.fc29.x86_64 3/3 Installed: sudo-1.8.25-1.fc29.x86_64 Verifying : sudo-1.8.25-1.fc29.x86_64 1/3 Verifying : libuser-0.62-18.fc29.x86_64 2/3 Verifying : passwd-0.80-4.fc29.x86_64 3/3 Installed: sudo-1.8.25-1.fc29.x86_64 passwd-0.80-4.fc29.x86_64 libuser-0.62-18.fc29.x86_64 Complete! --> 81082c108f10cbf7bf12f6ea40fc129097202bb4b4efbf13c0ef827eeb93f4ef STEP 3: FROM 81082c108f10cbf7bf12f6ea40fc129097202bb4b4efbf13c0ef827eeb93f4ef STEP 4: RUN ls -ld /tmp drwxrwxrwt. 1 root root 4096 Dec 16 18:35 /tmp --> 5d8fb06d7cc3fef7d04eebed74a134be99367b179a4f79c85e28b49b201bf4f6 STEP 5: COMMIT footest
Opened buildah bug here: https://github.com/containers/buildah/issues/1240 and podman bug here: https://github.com/containers/libpod/issues/2015
Thanks @edwintorok - I'll follow the upstream bug reports.
Should we close this issue since it's being addressed upstream?
Metadata Update from @dustymabe: - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.