Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build from API or podman-remote build does not supports --userns=auto while it works with CLI #15476

Closed
flouthoc opened this issue Aug 25, 2022 · 4 comments · Fixed by #15477
Closed

build from API or podman-remote build does not supports --userns=auto while it works with CLI #15476

flouthoc opened this issue Aug 25, 2022 · 4 comments · Fixed by #15477
Labels
locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@flouthoc
Copy link
Collaborator

flouthoc commented Aug 25, 2022
edited
Loading

User trying this implementation in Podman 4.2.0. Seems its working via CLI, but API call does not work.

Dockerfile

cat << EOF > Dockerfile
FROM alpine
RUN cat /proc/self/uid_map
EOF

Works correctly via CLI

podman build -t test --userns=auto .

Does not work via API

tar -czf context.tar.gz Dockerfile
curl -s --unix-socket /run/podman/podman.sock -X POST  -H "Content-Type:application/tar"  --data-binary "@context.tar.gz"   'http://d/v4.2.0/libpod/build?userns=auto'

Originally posted by @lukasmrtvy in containers/buildah#4060 (comment)
@flouthoc flouthoc changed the title remote or build from API does not supports --userns=auto while it works with CLI build from API or podman-remote build does not supports --userns=auto while it works with CLI Aug 25, 2022
@flouthoc flouthoc mentioned this issue Aug 25, 2022
Merged
@flouthoc
Copy link
Collaborator Author

flouthoc commented Aug 25, 2022
edited
Loading

@lukasmrtvy PR #15477 should fix this issue, this was not working for remote and API and was missed because tests were automatically skipped in podman CI, reason is buildah tests which are executed in podman CI runs on environment where these tests are automatically skipped due to following condition https://github.com/containers/buildah/blob/main/tests/bud.bats#L259

As a solution new test is added in podman as well which supports right environment so hopefully this will not break in future.

@flouthoc
Copy link
Collaborator Author

Raw API usage is similar to how @giuseppe has mentioned here #15278 (comment) i.e you must populate additional idmappingoption in request payload.

flouthoc added a commit to flouthoc/podman that referenced this issue Aug 26, 2022
@flouthoc
remote: fix implementation of build with --userns=auto for API
e00272c 
`podman-remote` and Libpod API does not supports build with
`--userns=auto` since `IDMappingOptions` were not implemented for API
and bindings, following PR implements passing `IDMappingOptions` via
bindings to API.

Closes: containers#15476

Signed-off-by: Aditya R <[email protected]>
@lukasmrtvy
Copy link

lukasmrtvy commented Nov 14, 2022
edited
Loading

@flouthoc Hey, ping

From the IRC disscusion.. Podman 4.3.0 has broken --userns=auto support for multiple ephemeral containers

[root@ip-10-2-20-212 test]# podman -r build -t test --no-cache --userns=auto .
STEP 1/3: FROM alpine
STEP 2/3: RUN echo fo
fo
--> c6bb757f3b9
time="2022-10-31T16:51:02Z" level=error msg="error deleting build container \"7b897b1a077aaecfb44d10cc0df82cd3723b00f95b439a057975a55c4c0e68c7\": identifier is not a container\n"
Error: identifier is not a container: preparing container for next step: creating build container: creating container: the container needs a user namespace with size '�' that is bigger than the maximum va
lue allowed with userns=auto '𐀀'

Seems there is an extended test containers/buildah#4392 for it. but are We tracking fix for this? Thanks

@flouthoc
Copy link
Collaborator Author

@lukasmrtvy Yes this be getting automatically tested cause following test will also run for podman-remote so it will get tested eventually on vendor and if containers/buildah#4392 does not works with podman-remote then vendor will eventually fail blocking new release.

I will try checking this manually in few days as soon as i have some more cycles.

@lukasmrtvy lukasmrtvy mentioned this issue Dec 9, 2022
Closed
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 10, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 10, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
2 participants
@lukasmrtvy @flouthoc