Control: fixed -1 2.2.0+dfsg1-1 Control: forwarded -1 https://github.com/containers/podman/issues/7747
Thanks for the clarification. With this, I was able to reproduce the issue in unstable, and confirm its absence with the podma 2.2 package in experimental. I've found a patch on the github issue that resolves the issue in 2.1. thanks again for your help! -rt On Sat, Dec 19, 2020 at 3:09 PM adamo <adamosw...@protonmail.com> wrote: > Hi Reinhard, > > > I was intending to open a bug report after contacting you earlier but > someone appears to have beaten me to it! > > > I'm still able to reproduce this on my end with the following. > > --------------------------------------------------------------- > root@podman:~# podman run docker.io/alpine /bin/echo "Hello" > Hello > root@podman:~# adduser --uid 1010 bugtest --gecos "" --no-create-home > --disabled-login --disabled-password > Adding user `bugtest' ... > Adding new group `bugtest' (1010) ... > Adding new user `bugtest' (1010) with group `bugtest' ... > Not creating home directory `/home/bugtest'. > root@podman:~# podman run --user 1010 docker.io/alpine /bin/echo "Hello" > Error: container_linux.go:370: starting container process caused: apply > caps: operation not permitted: OCI runtime permission denied error > --------------------------------------------------------------- > > This is a fresh image I've pulled and still occurs when running as the > user 'nobody' as per your example. > > I've also tried the steps taken in your example (with an additional step > to run the container) and managed to reproduce the error. > > ----------------------------- > root@podman:~# cat Dockerfile > FROM docker.io/debian > USER nobody > RUN id > root@podman:~# podman rm -a > root@podman:~# podman build -f Dockerfile > STEP 1: FROM docker.io/debian > Getting image source signatures > Copying blob 6c33745f49b4 done > Copying config 6d6b00c222 done > Writing manifest to image destination > Storing signatures > STEP 2: USER nobody > --> de292136a39 > STEP 3: RUN id > uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup) > STEP 4: COMMIT > --> b08e47fc955 > b08e47fc955ccfe7a3c164e9fbd2068758ee145e39ffcc1a5c95d4a53ad4144d > root@podman:~# podman run > b08e47fc955ccfe7a3c164e9fbd2068758ee145e39ffcc1a5c95d4a53ad4144d /bin/echo > "Hello" > Error: container_linux.go:370: starting container process caused: apply > caps: operation not permitted: OCI runtime permission denied error > ----------------------------- > > While I don't think it's relevant, I've had this issue with both a VM on > Linode (which I've upgraded from Debian 10 to bullseye) and on a local VM > which was created directly from a "testing" iso. > > ------------------------------------------ > root@podman:~# cat /etc/os-release > PRETTY_NAME="Debian GNU/Linux bullseye/sid" > NAME="Debian GNU/Linux" > ID=debian > HOME_URL="https://www.debian.org/"; > SUPPORT_URL="https://www.debian.org/support"; > BUG_REPORT_URL="https://bugs.debian.org/"; > ------------------------------------------ > > As mentioned, this appears to have been discussed in the issue > https://github.com/containers/podman/issues/7747 on Github. > > If you need any more information from my end, please let me know. > > Thanks for your help with this. > > Regards, > Adam. > > -- regards, Reinhard
