podman generate kube doesn't handle privileged container #8897
Assignees
Labels
kind/bug
Categorizes issue or PR as related to a bug.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Comments
openshift-ci-robot
added
the
kind/bug
|
Thanks for opening the issue, @fcrozat! I'll take a look. |
vrothberg
added a commit
to vrothberg/libpod
that referenced
this issue
Feb 9, 2021
Do not play with capabilities for privileged containers where all capabilities will be set implicitly. Also, avoid the device check when running privileged since all of /dev/* will be mounted in any case. Fixes: containers#8897 Signed-off-by: Valentin Rothberg <[email protected]>
|
@vrothberg Has it been fixed in podman 3.0.1 ? |
|
@aborniak No. This one is going to make it into 3.1.0, which I am working on right now. |
|
@mheon Thank you. |
github-actions
bot
added
the
locked - please file new issue/PR
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
podman generate kube is reporting an error if a container is privileged
Steps to reproduce the issue:
podman container create --name foobar --privileged registry.opensuse.org/opensuse/tumbleweed:latest
podman generate kube foobar
Describe the results you received:
Error: linux devices: not yet implemented
Describe the results you expected:
Generation of Kubernetes YAML is still under development!
Save the output of this file and use kubectl create -f to import
it into Kubernetes.
Created with podman-2.2.0
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2021-01-06T14:17:11Z"
labels:
app: foobar
name: foobar
spec:
containers:
env:
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
value: xterm
value: podman
image: registry.opensuse.org/opensuse/tumbleweed:latest
name: foobar
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: true
readOnlyRootFilesystem: false
seLinuxOptions: {}
workingDir: /
status: {}
metadata:
creationTimestamp: null
spec: {}
status:
loadBalancer: {}
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version:Version: 2.2.0
API Version: 2.1.0
Go Version: go1.13.15
Built: Wed Dec 2 01:00:00 2020
OS/Arch: linux/amd64
Output of
podman info --debug:host:
arch: amd64
buildahVersion: 1.18.0
cgroupManager: systemd
cgroupVersion: v1
conmon:
package: conmon-2.0.21-1.1.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.21, commit: unknown'
cpus: 2
distribution:
distribution: '"opensuse-tumbleweed"'
version: "20210102"
eventLogger: journald
hostname: localhost.localdomain
idMappings:
gidmap: null
uidmap: null
kernel: 5.10.3-1-default
linkmode: dynamic
memFree: 720027648
memTotal: 2055946240
ociRuntime:
name: runc
package: runc-1.0.0~rc92-1.1.x86_64
path: /usr/bin/runc
version: |-
runc version 1.0.0-rc92
spec: 1.0.2-dev
os: linux
remoteSocket:
path: /run/podman/podman.sock
rootless: false
slirp4netns:
executable: ""
package: ""
version: ""
swapFree: 2142531584
swapTotal: 2148335616
uptime: 3h 32m 20.11s (Approximately 0.12 days)
registries:
search:
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 5
paused: 0
running: 0
stopped: 5
graphDriverName: btrfs
graphOptions: {}
graphRoot: /var/lib/containers/storage
graphStatus:
Build Version: 'Btrfs v5.9 '
Library Version: "102"
imageStore:
number: 40
runRoot: /var/run/containers/storage
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 2.1.0
Built: 1606867200
BuiltTime: Wed Dec 2 01:00:00 2020
GitCommit: ""
GoVersion: go1.13.15
OsArch: linux/amd64
Version: 2.2.0
Package info (e.g. output of
rpm -q podmanorapt list podman):podman-2.2.0-1.1.x86_64 (openSUSE Tumbleweed)
Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
The text was updated successfully, but these errors were encountered: