-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission denied extracting to etc.defaults/shadow within a bind mount on MacOS, works with Docker #23018
Comments
Don't use |
Thanks @Luap99! It's a consequence of just blindly following suggestions in the Troubleshooting Guide, https://github.com/containers/podman/blob/main/troubleshooting.md#2-cant-use-volume-mount-get-permission-denied 😉 I tried again without |
what is in that directory. Any chance there are files with unusual permissions or possibly read-only content? |
So, the host directory, |
Are you on a MAC and running sudo podman? |
@rhatdan That is accurate 😅 Just throwing everything to the wall to see what sticks ¯\_(ツ)_/¯ |
Most likely what is happening is a UID is attempting to be stored on the MAC that is not the users UID. |
Looking at the file directory when created by
Which seems to be fine? |
I did also attempt an explicit |
That means that nobody (not even the owner) has access to the file. Only a process with CAP_DAC_OVERRIDE on linux (or typically root) can access such a file. Therefore I don't really see how this could work with podman machine. You could try it without a host mapped volume. |
Could you try this with vfkit and virtiofsd, if you are continuing to use qemu for the podman machine? |
Whatever you do inside the VM shouldn't matter, this can be trivially reproduced by just using
Only on the macOS host you can successfully read/write the file with sudo. And because we launch the VM with user privs I don't assume the viriofs endpoint on the host is not run as root thus it logically cannot read such a file which means no one in the VM can use this file. |
Do you have any concrete suggestions on something I could do to overcome this issue? Or is using |
Do not use a host volume mount point for the extraction. |
Issue Description
I've read through everything in the Troubleshooting Guide to no avail 😞
I'm trying to launch a Virtual Synology DSM image, which uses some containerized virtual machine voodoo 😉 by running Qemu in a container, and then using Qemu to manage the DSM VM. It certainly isn't pretty, but it works just fine with
Docker
.Steps to reproduce the issue
Steps to reproduce the issue
rootful
podman
mkdir DSM_TESTING
sudo podman run -it --rm -p 5001:5000 -p 2222:22 -v $PWD/DSM_TESTING:/storage:Z --userns keep-id --security-opt label=disable --privileged --cap-add NET_ADMIN -e ALLOCATE=N --stop-timeout 120 vdsm/virtual-dsm
Describe the results you received
This is the output of
podman
The specific error message seems to be coming from
tar: etc.defaults/shadow: Cannot open: Permission denied
Describe the results you expected
But everything succeeds with
docker
podman info output
Podman in a container
No
Privileged Or Rootless
Privileged
Upstream Latest Release
Yes
Additional environment details
Running on Apple M1 Pro, Sonoma 14.5
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
The text was updated successfully, but these errors were encountered: