Missing FCAP I fail to install `httpd` into Fedora 33 container in `build-using-dockerfile` #3071

praiskup · 2021-03-09T07:36:42Z

With this dockerfile (on Fedora 34):

FROM fedora:33
RUN dnf install -y httpd

I run buildah bud ., and I see:

  Installing       : httpd-2.4.46-9.fc33.x86_64                         187/207
Error unpacking rpm package httpd-2.4.46-9.fc33.x86_64
 
error: unpacking of archive failed on file /usr/sbin/suexec;604723c1: cpio: cap_set_file failed - Inappropriate ioctl for device
error: httpd-2.4.46-9.fc33.x86_64: install failed
...
Failed:
  httpd-2.4.46-9.fc33.x86_64                                                    

Error: Transaction failed

Output of rpm -q buildah or apt list buildah:

buildah-1.20.0-0.12.dev.git7f340f9.fc34.x86_64

Output of buildah version:

Version:         1.20.0-dev
Go Version:      go1.16beta1
Image Spec:      1.0.1-dev
Runtime Spec:    1.0.2-dev
CNI Spec:        0.4.0
libcni Version:  
image Version:   5.10.1
Git Commit:      
Built:           Thu Jan  1 01:00:00 1970
OS/Arch:         linux/amd64

Output of podman version if reporting a podman build issue:

Version:      3.0.1
API Version:  3.0.0
Go Version:   go1.16
Built:        Mon Feb 22 15:08:57 2021
OS/Arch:      linux/amd64

Output of cat /etc/*release:

Fedora release 34 (Thirty Four)
NAME=Fedora
VERSION="34 (Thirty Four Prerelease)"
ID=fedora
VERSION_ID=34
VERSION_CODENAME=""
PLATFORM_ID="platform:f34"
PRETTY_NAME="Fedora 34 (Thirty Four Prerelease)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:34"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/34/system-administrators-guide/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=34
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=34
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
Fedora release 34 (Thirty Four)
Fedora release 34 (Thirty Four)

Output of uname -a:

Linux raiskup 5.11.3-300.fc34.x86_64 #1 SMP Thu Mar 4 19:03:18 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Output of cat /etc/containers/storage.conf:

$ cat /etc/containers/storage.conf  | grep -v -e ^# -e ^$
[storage]
driver = "overlay"
runroot = "/var/run/containers/storage"
graphroot = "/var/lib/containers/storage"
[storage.options]
additionalimagestores = [
]
[storage.options.overlay]
mountopt = "nodev,metacopy=on"
[storage.options.thinpool]

The text was updated successfully, but these errors were encountered:

praiskup · 2021-03-09T07:37:18Z

Similar older issue.

praiskup · 2021-03-09T07:38:48Z

FTR, this regressed back at least 3 times during last two years. It would be awesome if I could
help you to install some test-case for this (install the httpd package to the latest stable Fedora
container).

praiskup · 2021-03-09T07:42:03Z

Also, using the podman run --rm -ti fedora:33 environment - I can install the httpd package,
so that gives me CAP_SETFCAP. Using buidah bud --cap-add=CAP_SETFCAP has no effect.

praiskup · 2021-03-09T09:27:41Z

I tried to update skopeo and container-common:
sudo dnf update https://kojipkgs.fedoraproject.org//packages/skopeo/1.2.2/22.fc34/x86_64/skopeo-1.2.2-22.fc34.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/containers-common/1/11.fc34/noarch/containers-common-1-11.fc34.noarch.rpm

From the blocked update:
https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e76477662

And neither that helped.

praiskup · 2021-03-09T09:48:17Z

Fixed by (manually built in mock fedora-34-x86_64) buildah-1.20.0-0.26.dev.gitfd48180.fc34.x86_64 from rawhide.

praiskup · 2021-03-09T15:09:54Z

Ok, no, I'm lost :-( I built the image only once today so I thought it is fixed - but no. I can't built it again. I can't swear I haven't hit a cached layer before on successful build, but I think it is unlikely because I would notice that (it rather appears to be some randomly appearing problem, as before in the old issue podman#5364).

This test is currently failing due to a regression in buildah: containers/buildah#3071

This test is currently failing on f34+ due to a regression in buildah: containers/buildah#3071

jlebon · 2021-03-09T16:16:42Z

We're also hitting this regression in FCOS on f34+: coreos/fedora-coreos-config#883. The test script is here: https://github.com/coreos/fedora-coreos-config/blob/8dbd6fa4878ec0b9a07bc035d05df0ed5bc39997/tests/kola/podman/rootless-systemd.

rhatdan · 2021-03-09T21:48:16Z

The regression is probably in containers.conf. Can you compare /usr/share/containers/containers.conf on F34 to f33?

rhatdan · 2021-03-09T21:48:38Z

Specifically on CAP_SETFCAP.

praiskup · 2021-03-10T07:32:21Z

The option is there, I checked before ... same as I tried --cap-add=CAP_SETFCAP explicitly.
I don't have manual edits in that config file, and the only difference is that in the default F34
config there's a missing [engine.volume_plugins] section (which is anyway empty on F33).

rhatdan · 2021-03-10T13:38:17Z

@giuseppe Ideas?

rhatdan · 2021-03-10T13:38:49Z

Anything in /var/log/audit/audit.log for SELinux or SECCOMP?

giuseppe · 2021-03-10T14:30:25Z

could also be related fuse-overlayfs.

Is this running as root or rootless?

This test is currently failing on f34+ due to a regression in buildah: containers/buildah#3071

jlebon · 2021-03-10T16:03:51Z

Is this running as root or rootless?

In the case of FCOS, rootless. I linked to the exact test script used there (you should be able to just run that script directly in an F34 system).

praiskup · 2021-03-10T17:28:46Z

Anything in /var/log/audit/audit.log for SELinux or SECCOMP?

Nothing obvious.

Is this running as root or rootless?

rootless

giuseppe · 2021-03-10T18:13:01Z

could also be related fuse-overlayfs.

I could reproduce without fuse-overlayfs, so it should be something related to capabilities

rhatdan · 2021-03-10T18:21:51Z

Could be a kernel issue?

giuseppe · 2021-03-10T18:41:22Z

possibly. I am still troubleshooting what is going wrong, podman and buildah behave differently

giuseppe · 2021-03-10T18:41:40Z

it works if I run a "podman run" and attempt the dnf install from there

giuseppe · 2021-03-10T20:42:15Z

it looks like a regression in the kernel, simple reproducer:

Fedora 33:

$ uname -a
Linux lithium 5.10.14-200.fc33.x86_64 #1 SMP Sun Feb 7 19:59:31 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ unshare -r unshare -r sh -c 'touch /tmp/setxattr-test; setcap "cap_setuid=ep" /tmp/setxattr-test' && echo ok
ok

Fedora 34

$ uname -a
Linux localhost.localdomain 5.11.3-300.fc34.x86_64 #1 SMP Thu Mar 4 19:03:18 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ unshare -r unshare -r sh -c 'touch /tmp/setxattr-test; setcap "cap_setuid=ep" /tmp/setxattr-test' && echo ok
Failed to set capabilities on file `/tmp/setxattr-test' (Invalid argument)
usage: setcap [-h] [-q] [-v] [-n <rootid>] (-r|-|<caps>) <filename> [ ... (-r|-|<capsN>) <filenameN> ]

 Note <filename> must be a regular (non-symlink) file.
 -r          remove capability from file
 -           read capability text from stdin
 <capsN>     cap_from_text(3) formatted file capability

 -h          this message and exit status 0
 -q          quietly
 -v          validate supplied capability matches file
 -n <rootid> write a user namespace limited capability
 --license   display the license info

The same issue happens on Rawhide

rhatdan · 2021-03-10T21:17:19Z

Can you open a bugzilla on this?

ebiederm · 2021-03-10T23:09:45Z

it looks like a regression in the kernel, simple reproducer:

Fedora 33:

$ uname -a
Linux lithium 5.10.14-200.fc33.x86_64 #1 SMP Sun Feb 7 19:59:31 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ unshare -r unshare -r sh -c 'touch /tmp/setxattr-test; setcap "cap_setuid=ep" /tmp/setxattr-test' && echo ok

Fedora 34:

$ uname -a
Linux localhost.localdomain 5.11.3-300.fc34.x86_64 #1 SMP Thu Mar 4 19:03:18 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ unshare -r unshare -r sh -c 'touch /tmp/setxattr-test; setcap "cap_setuid=ep" /tmp/setxattr-test' && echo ok
Failed to set capabilities on file `/tmp/setxattr-test' (Invalid argument)

I would agree this appears to be a kernel regression. If I am reading the reproducer correctly the change was deliberate
so I want to ask are we doing such silly things deliberately.

It was observed that under certain circumstances it is possible to set a file capability that works as a file capability
in an ancestor user namespace of the user namespace the file capability was set it. This happens if two user namespaces
have the same uid for their root users so the v3 file capabilities can not tell them apart.

Unless I am mistake that is exactly what is happening in the reproducer posted above.

Are you deliberately trying to create a file capability that works outside of the user namespace that created it?

I am trying to figure out if we want to treat this as a security enhancement or a regression. A consequence of a security enhancement is that we would ask you not to nest user namespaces with the same root user if you care about file capabilities.

If it really makes sense to do such nesting then we can treat this as a regression and revert the change.

I believe the commit that caused this in the kernel is:
95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities")

Can someone revert that commit and verify that it fixes the original issue?

giuseppe · 2021-03-11T09:27:58Z

thanks for helping us.

I've tried reverting 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") and that solves the issue I've seen.

With rootless containers, we always create an outer user namespace where the unprivileged user is mapped to 0 and any additional ID from /etc/sub?id is mapped starting at 1.
All the containers/user namespaces are created inside the outer namespace. We need this for a couple of reasons: 1) setting up the storage with multiple IDs available before launching the container 2) have a way to share namespaces among containers, e.g. containers in a pod share the network namespace.

From the outer namespace, a pod/container can be confined further with its own user namespace and sometimes it is useful that the root in the inner namespace is mapped back to the initial unprivileged user.

There is also the case when the unprivileged user has no access to additional IDs, so the outer namespace is limited to have just one ID mapped. Even in this configuration it could be useful to create sub-user namespaces. If each container runs in their own user namespace, they won't own or have access to namespaces used by other containers.

There's a regression in 5.10.20+ which breaks rootless podman: containers/buildah#3071 (This is the same regression which prompted coreos#883 but for the production streams, let's try to avoid exposing the regression to users for now while it gets sorted out.)

…capabilities") BugLink: https://bugs.launchpad.net/bugs/1920246 commit 3b0c2d3 upstream. It turns out that there are in fact userspace implementations that care and this recent change caused a regression. containers/buildah#3071 As the motivation for the original change was future development, and the impact is existing real world code just revert this change and allow the ambiguity in v3 file caps. Cc: [email protected] Fixes: 95ebabd ("capabilities: Don't allow writing ambiguous v3 file capabilities") Signed-off-by: Eric W. Biederman <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Kamal Mostafa <[email protected]> Signed-off-by: Kelsey Skunberg <[email protected]>

…file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace implementations that care and this recent change caused a regression. containers/buildah#3071 As the motivation for the original change was future development, and the impact is existing real world code just revert this change and allow the ambiguity in v3 file caps. Cc: [email protected] Fixes: 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") Signed-off-by: Eric W. Biederman <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>

BugLink: https://bugs.launchpad.net/bugs/1928850 [ Upstream commit db2e718 ] cap_setfcap is required to create file capabilities. Since commit 8db6c34 ("Introduce v3 namespaced file capabilities"), a process running as uid 0 but without cap_setfcap is able to work around this as follows: unshare a new user namespace which maps parent uid 0 into the child namespace. While this task will not have new capabilities against the parent namespace, there is a loophole due to the way namespaced file capabilities are represented as xattrs. File capabilities valid in userns 1 are distinguished from file capabilities valid in userns 2 by the kuid which underlies uid 0. Therefore the restricted root process can unshare a new self-mapping namespace, add a namespaced file capability onto a file, then use that file capability in the parent namespace. To prevent that, do not allow mapping parent uid 0 if the process which opened the uid_map file does not have CAP_SETFCAP, which is the capability for setting file capabilities. As a further wrinkle: a task can unshare its user namespace, then open its uid_map file itself, and map (only) its own uid. In this case we do not have the credential from before unshare, which was potentially more restricted. So, when creating a user namespace, we record whether the creator had CAP_SETFCAP. Then we can use that during map_write(). With this patch: 1. Unprivileged user can still unshare -Ur ubuntu@caps:~$ unshare -Ur root@caps:~# logout 2. Root user can still unshare -Ur ubuntu@caps:~$ sudo bash root@caps:/home/ubuntu# unshare -Ur root@caps:/home/ubuntu# logout 3. Root user without CAP_SETFCAP cannot unshare -Ur: root@caps:/home/ubuntu# /sbin/capsh --drop=cap_setfcap -- root@caps:/home/ubuntu# /sbin/setcap cap_setfcap=p /sbin/setcap unable to set CAP_SETFCAP effective capability: Operation not permitted root@caps:/home/ubuntu# unshare -Ur unshare: write failed /proc/self/uid_map: Operation not permitted Note: an alternative solution would be to allow uid 0 mappings by processes without CAP_SETFCAP, but to prevent such a namespace from writing any file capabilities. This approach can be seen at [1]. Background history: commit 95ebabd ("capabilities: Don't allow writing ambiguous v3 file capabilities") tried to fix the issue by preventing v3 fscaps to be written to disk when the root uid would map to the same uid in nested user namespaces. This led to regressions for various workloads. For example, see [2]. Ultimately this is a valid use-case we have to support meaning we had to revert this change in 3b0c2d3 ("Revert 95ebabd ("capabilities: Don't allow writing ambiguous v3 file capabilities")"). Link: https://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux.git/log/?h=2021-04-15/setfcap-nsfscaps-v4 [1] Link: containers/buildah#3071 [2] Signed-off-by: Serge Hallyn <[email protected]> Reviewed-by: Andrew G. Morgan <[email protected]> Tested-by: Christian Brauner <[email protected]> Reviewed-by: Christian Brauner <[email protected]> Tested-by: Giuseppe Scrivano <[email protected]> Cc: Eric Biederman <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Kamal Mostafa <[email protected]> Signed-off-by: Stefan Bader <[email protected]>

…file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace implementations that care and this recent change caused a regression. containers/buildah#3071 As the motivation for the original change was future development, and the impact is existing real world code just revert this change and allow the ambiguity in v3 file caps. Cc: [email protected] Fixes: 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") Signed-off-by: Eric W. Biederman <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>

…capabilities") commit 3b0c2d3 upstream. It turns out that there are in fact userspace implementations that care and this recent change caused a regression. containers/buildah#3071 As the motivation for the original change was future development, and the impact is existing real world code just revert this change and allow the ambiguity in v3 file caps. Cc: [email protected] Fixes: 95ebabd ("capabilities: Don't allow writing ambiguous v3 file capabilities") Signed-off-by: Eric W. Biederman <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> (cherry picked from commit 47a5d1b) Signed-off-by: Jack Vogel <[email protected]>

Kernel 5.11+ seems to fix this based on the comments in containers/buildah#3071 (comment) Indeed, when I run the test against a rawhide build it passes. This reverts commit f12a513.

BugLink: https://bugs.launchpad.net/bugs/1929132 [ Upstream commit db2e718 ] cap_setfcap is required to create file capabilities. Since commit 8db6c34 ("Introduce v3 namespaced file capabilities"), a process running as uid 0 but without cap_setfcap is able to work around this as follows: unshare a new user namespace which maps parent uid 0 into the child namespace. While this task will not have new capabilities against the parent namespace, there is a loophole due to the way namespaced file capabilities are represented as xattrs. File capabilities valid in userns 1 are distinguished from file capabilities valid in userns 2 by the kuid which underlies uid 0. Therefore the restricted root process can unshare a new self-mapping namespace, add a namespaced file capability onto a file, then use that file capability in the parent namespace. To prevent that, do not allow mapping parent uid 0 if the process which opened the uid_map file does not have CAP_SETFCAP, which is the capability for setting file capabilities. As a further wrinkle: a task can unshare its user namespace, then open its uid_map file itself, and map (only) its own uid. In this case we do not have the credential from before unshare, which was potentially more restricted. So, when creating a user namespace, we record whether the creator had CAP_SETFCAP. Then we can use that during map_write(). With this patch: 1. Unprivileged user can still unshare -Ur ubuntu@caps:~$ unshare -Ur root@caps:~# logout 2. Root user can still unshare -Ur ubuntu@caps:~$ sudo bash root@caps:/home/ubuntu# unshare -Ur root@caps:/home/ubuntu# logout 3. Root user without CAP_SETFCAP cannot unshare -Ur: root@caps:/home/ubuntu# /sbin/capsh --drop=cap_setfcap -- root@caps:/home/ubuntu# /sbin/setcap cap_setfcap=p /sbin/setcap unable to set CAP_SETFCAP effective capability: Operation not permitted root@caps:/home/ubuntu# unshare -Ur unshare: write failed /proc/self/uid_map: Operation not permitted Note: an alternative solution would be to allow uid 0 mappings by processes without CAP_SETFCAP, but to prevent such a namespace from writing any file capabilities. This approach can be seen at [1]. Background history: commit 95ebabd ("capabilities: Don't allow writing ambiguous v3 file capabilities") tried to fix the issue by preventing v3 fscaps to be written to disk when the root uid would map to the same uid in nested user namespaces. This led to regressions for various workloads. For example, see [2]. Ultimately this is a valid use-case we have to support meaning we had to revert this change in 3b0c2d3 ("Revert 95ebabd ("capabilities: Don't allow writing ambiguous v3 file capabilities")"). Link: https://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux.git/log/?h=2021-04-15/setfcap-nsfscaps-v4 [1] Link: containers/buildah#3071 [2] Signed-off-by: Serge Hallyn <[email protected]> Reviewed-by: Andrew G. Morgan <[email protected]> Tested-by: Christian Brauner <[email protected]> Reviewed-by: Christian Brauner <[email protected]> Tested-by: Giuseppe Scrivano <[email protected]> Cc: Eric Biederman <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Kamal Mostafa <[email protected]> Signed-off-by: Kelsey Skunberg <[email protected]>

Kernel 5.11+ seems to fix this based on the comments in containers/buildah#3071 (comment) Indeed, when I run the test against a rawhide build it passes. This reverts commit f12a513.

…capabilities") commit 3b0c2d3 upstream. It turns out that there are in fact userspace implementations that care and this recent change caused a regression. containers/buildah#3071 As the motivation for the original change was future development, and the impact is existing real world code just revert this change and allow the ambiguity in v3 file caps. Cc: [email protected] Fixes: 95ebabd ("capabilities: Don't allow writing ambiguous v3 file capabilities") Signed-off-by: Eric W. Biederman <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> (cherry picked from commit f95ea27037e279d51d1d515c4dd3bc59198eb88a)

…file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace implementations that care and this recent change caused a regression. containers/buildah#3071 As the motivation for the original change was future development, and the impact is existing real world code just revert this change and allow the ambiguity in v3 file caps. Cc: [email protected] Fixes: 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") Signed-off-by: Eric W. Biederman <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>

…file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace implementations that care and this recent change caused a regression. containers/buildah#3071 As the motivation for the original change was future development, and the impact is existing real world code just revert this change and allow the ambiguity in v3 file caps. Cc: [email protected] Fixes: 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") Signed-off-by: Eric W. Biederman <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: John Vincent <[email protected]>

…file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace implementations that care and this recent change caused a regression. containers/buildah#3071 As the motivation for the original change was future development, and the impact is existing real world code just revert this change and allow the ambiguity in v3 file caps. Cc: [email protected] Fixes: 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") Signed-off-by: Eric W. Biederman <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>

jlebon added a commit to jlebon/fedora-coreos-config that referenced this issue Mar 9, 2021

kola-denylist.yaml: add ext.config.podman.rootless-systemd

3c3a1ad

This test is currently failing due to a regression in buildah: containers/buildah#3071

jlebon added a commit to jlebon/fedora-coreos-config that referenced this issue Mar 9, 2021

kola-denylist.yaml: add ext.config.podman.rootless-systemd

4285b64

This test is currently failing on f34+ due to a regression in buildah: containers/buildah#3071

jlebon mentioned this issue Mar 9, 2021

kola-denylist.yaml: add ext.config.podman.rootless-systemd coreos/fedora-coreos-config#883

Merged

jlebon added a commit to coreos/fedora-coreos-config that referenced this issue Mar 10, 2021

kola-denylist.yaml: add ext.config.podman.rootless-systemd

f12a513

This test is currently failing on f34+ due to a regression in buildah: containers/buildah#3071

jlebon mentioned this issue Mar 10, 2021

rootless-systemd: update packages before installing httpd coreos/fedora-coreos-config#886

Merged

jlebon mentioned this issue Mar 11, 2021

overrides: pin to kernel-5.10.19-200.fc33 for rootless podman coreos/fedora-coreos-config#889

Merged

dustymabe mentioned this issue Jul 1, 2021

Revert "kola-denylist.yaml: add ext.config.podman.rootless-systemd" coreos/fedora-coreos-config#1081

Merged

github-actions bot added the locked - please file new issue/PR label Sep 6, 2023

github-actions bot locked as resolved and limited conversation to collaborators Sep 6, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Missing FCAP I fail to install `httpd` into Fedora 33 container in `build-using-dockerfile` #3071

Missing FCAP I fail to install `httpd` into Fedora 33 container in `build-using-dockerfile` #3071

praiskup commented Mar 9, 2021

praiskup commented Mar 9, 2021

praiskup commented Mar 9, 2021

praiskup commented Mar 9, 2021

praiskup commented Mar 9, 2021

praiskup commented Mar 9, 2021

praiskup commented Mar 9, 2021

jlebon commented Mar 9, 2021

rhatdan commented Mar 9, 2021

rhatdan commented Mar 9, 2021

praiskup commented Mar 10, 2021

rhatdan commented Mar 10, 2021

rhatdan commented Mar 10, 2021

giuseppe commented Mar 10, 2021

jlebon commented Mar 10, 2021

praiskup commented Mar 10, 2021

giuseppe commented Mar 10, 2021

rhatdan commented Mar 10, 2021

giuseppe commented Mar 10, 2021

giuseppe commented Mar 10, 2021

giuseppe commented Mar 10, 2021

rhatdan commented Mar 10, 2021

ebiederm commented Mar 10, 2021

giuseppe commented Mar 11, 2021 •

edited

Loading

Missing FCAP I fail to install httpd into Fedora 33 container in build-using-dockerfile #3071

Missing FCAP I fail to install httpd into Fedora 33 container in build-using-dockerfile #3071

Comments

praiskup commented Mar 9, 2021

praiskup commented Mar 9, 2021

praiskup commented Mar 9, 2021

praiskup commented Mar 9, 2021

praiskup commented Mar 9, 2021

praiskup commented Mar 9, 2021

praiskup commented Mar 9, 2021

jlebon commented Mar 9, 2021

rhatdan commented Mar 9, 2021

rhatdan commented Mar 9, 2021

praiskup commented Mar 10, 2021

rhatdan commented Mar 10, 2021

rhatdan commented Mar 10, 2021

giuseppe commented Mar 10, 2021

jlebon commented Mar 10, 2021

praiskup commented Mar 10, 2021

giuseppe commented Mar 10, 2021

rhatdan commented Mar 10, 2021

giuseppe commented Mar 10, 2021

giuseppe commented Mar 10, 2021

giuseppe commented Mar 10, 2021

rhatdan commented Mar 10, 2021

ebiederm commented Mar 10, 2021

giuseppe commented Mar 11, 2021 • edited Loading

Missing FCAP I fail to install `httpd` into Fedora 33 container in `build-using-dockerfile` #3071

Missing FCAP I fail to install `httpd` into Fedora 33 container in `build-using-dockerfile` #3071

giuseppe commented Mar 11, 2021 •

edited

Loading