Hello everyone. Thank you for the quick reply and patch.
I will switch the test system to unstable/experimental and will test as soon as a new podman package arrives. So long, Andreas. On Sat Dec 19, 2020 at 15:37:15PM -0500, Reinhard Tartler wrote: > Control: fixed -1 2.2.0+dfsg1-1 > Control: forwarded -1 https://github.com/containers/podman/issues/7747 > > Thanks for the clarification. With this, I was able to reproduce the issue > in unstable, and confirm its absence with the podma 2.2 package in > experimental. I've found a patch on the github issue that resolves the > issue in 2.1. > > thanks again for your help! > -rt > > On Sat, Dec 19, 2020 at 3:09 PM adamo <adamosw...@protonmail.com> wrote: > > > Hi Reinhard, > > > > > > I was intending to open a bug report after contacting you earlier but > > someone appears to have beaten me to it! > > > > > > I'm still able to reproduce this on my end with the following. > > > > --------------------------------------------------------------- > > root@podman:~# podman run docker.io/alpine /bin/echo "Hello" > > Hello > > root@podman:~# adduser --uid 1010 bugtest --gecos "" --no-create-home > > --disabled-login --disabled-password > > Adding user `bugtest' ... > > Adding new group `bugtest' (1010) ... > > Adding new user `bugtest' (1010) with group `bugtest' ... > > Not creating home directory `/home/bugtest'. > > root@podman:~# podman run --user 1010 docker.io/alpine /bin/echo "Hello" > > Error: container_linux.go:370: starting container process caused: apply > > caps: operation not permitted: OCI runtime permission denied error > > --------------------------------------------------------------- > > > > This is a fresh image I've pulled and still occurs when running as the > > user 'nobody' as per your example. > > > > I've also tried the steps taken in your example (with an additional step > > to run the container) and managed to reproduce the error. > > > > ----------------------------- > > root@podman:~# cat Dockerfile > > FROM docker.io/debian > > USER nobody > > RUN id > > root@podman:~# podman rm -a > > root@podman:~# podman build -f Dockerfile > > STEP 1: FROM docker.io/debian > > Getting image source signatures > > Copying blob 6c33745f49b4 done > > Copying config 6d6b00c222 done > > Writing manifest to image destination > > Storing signatures > > STEP 2: USER nobody > > --> de292136a39 > > STEP 3: RUN id > > uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup) > > STEP 4: COMMIT > > --> b08e47fc955 > > b08e47fc955ccfe7a3c164e9fbd2068758ee145e39ffcc1a5c95d4a53ad4144d > > root@podman:~# podman run > > b08e47fc955ccfe7a3c164e9fbd2068758ee145e39ffcc1a5c95d4a53ad4144d /bin/echo > > "Hello" > > Error: container_linux.go:370: starting container process caused: apply > > caps: operation not permitted: OCI runtime permission denied error > > ----------------------------- > > > > While I don't think it's relevant, I've had this issue with both a VM on > > Linode (which I've upgraded from Debian 10 to bullseye) and on a local VM > > which was created directly from a "testing" iso. > > > > ------------------------------------------ > > root@podman:~# cat /etc/os-release > > PRETTY_NAME="Debian GNU/Linux bullseye/sid" > > NAME="Debian GNU/Linux" > > ID=debian > > HOME_URL="https://www.debian.org/"; > > SUPPORT_URL="https://www.debian.org/support"; > > BUG_REPORT_URL="https://bugs.debian.org/"; > > ------------------------------------------ > > > > As mentioned, this appears to have been discussed in the issue > > https://github.com/containers/podman/issues/7747 on Github. > > > > If you need any more information from my end, please let me know. > > > > Thanks for your help with this. > > > > Regards, > > Adam. > > > > > > -- > regards, > Reinhard -- "Things that try to look like things often do look more like things than things. Well-known fact." Granny Weatherwax - "Wyrd sisters"
