Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Podman v3.0 fails to run a container on a readonly rootfs #9230

Closed
Luap99 opened this issue Feb 4, 2021 · 0 comments · Fixed by #9231
Closed

Podman v3.0 fails to run a container on a readonly rootfs #9230

Luap99 opened this issue Feb 4, 2021 · 0 comments · Fixed by #9231
Assignees
Labels
In Progress This issue is actively being worked by the assignee, please do not work on this at this time. kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@Luap99
Copy link
Member

Luap99 commented Feb 4, 2021

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Podman run fails with Error: error chowning container 01041b61625c64e34a849b974c5aa9dcc34377fd5025b9ee7fd629b2a0c5ad79 workdir to container root: chown /run/user/1000/test: read-only file system when I try to run a container with a read only rootfs.

This worked with v2.2.1.

Steps to reproduce the issue:

$ ROOTFS=/run/user/1000/test
$ mkdir $ROOTFS
$ podman unshare mount --rbind -r / $ROOTFS
$ podman unshare mount -t tmpfs none $ROOTFS/run
$ podman run -i -t --rootfs $ROOTFS sleep 5

Describe the results you received:

Error: error chowning container 01041b61625c64e34a849b974c5aa9dcc34377fd5025b9ee7fd629b2a0c5ad79 workdir to container root: chown /run/user/1000/test: read-only file system

Version

$ podman version 
Version:      3.0.0-rc2
API Version:  3.0.0
Go Version:   go1.15.6
Git Commit:   510a983a752a136a5df0bdbff9d14db0490956b2
Built:        Thu Feb  4 13:51:00 2021
OS/Arch:      linux/amd64
@openshift-ci-robot openshift-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Feb 4, 2021
@Luap99 Luap99 changed the title Podman v3.0 fail to run container on a readonly rootfs Podman v3.0 fails to run container on a readonly rootfs Feb 4, 2021
@Luap99 Luap99 changed the title Podman v3.0 fails to run container on a readonly rootfs Podman v3.0 fails to run a container on a readonly rootfs Feb 4, 2021
@vrothberg vrothberg self-assigned this Feb 4, 2021
@vrothberg vrothberg added the In Progress This issue is actively being worked by the assignee, please do not work on this at this time. label Feb 4, 2021
vrothberg added a commit to vrothberg/libpod that referenced this issue Feb 5, 2021
When resolving the workdir of a container, we may need to create unless
the user set it explicitly on the command line.  Otherwise, we just do a
presence check.  Unfortunately, there was a missing return that lead us
to fall through into attempting to create and chown the workdir.  That
caused a regression when running on a read-only root fs.

Fixes: containers#9230
Signed-off-by: Valentin Rothberg <[email protected]>
mheon pushed a commit to mheon/libpod that referenced this issue Feb 5, 2021
When resolving the workdir of a container, we may need to create unless
the user set it explicitly on the command line.  Otherwise, we just do a
presence check.  Unfortunately, there was a missing return that lead us
to fall through into attempting to create and chown the workdir.  That
caused a regression when running on a read-only root fs.

Fixes: containers#9230
Signed-off-by: Valentin Rothberg <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 22, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
In Progress This issue is actively being worked by the assignee, please do not work on this at this time. kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants