Cannot give secret to container running in user namespace #12779
Labels
kind/bug
Categorizes issue or PR as related to a bug.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
I cannot give a secret (via file) to a container that shall be executed in a new user namespace. The steps to reproduce are executed as root.
Steps to reproduce the issue:
printf my-test-secret | podman secret create my_secret -
podman run --rm -it --secret my_secret --userns=auto alpine cat /run/secrets/my_secret
Describe the results you received:
podman run
errors out withDescribe the results you expected:
I expected the secret mechanism to work with containers running in user namespaces.
Additional information you deem important (e.g. issue happens only occasionally):
Passing the secret via an environment variable works.
SELinux is enabled but the problem persists also after
setenforce 0
.Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
Runs in a QEMU/KVM virtual machine.
The text was updated successfully, but these errors were encountered: