New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CAP_SYS_CHROOT capability not set by default as described in manual page #4576
Comments
Buildah uses the default list of capabilities as specified in containers.conf. The man pages should reflect this. Fixes: containers#4576 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The man page is wrong, the settings for this are managed in containers.conf. |
However, the release notes do not mention anywhere that CAP_SYS_CHROOT capability is no longer set by default. Whatever has been changed, the behavior has changed. What worked with previous versions without error, does not work now, or only after the configuration change or extra arguments. Such a change also belongs in the release notes so that people know what to do when they upgrade. |
Buildah uses the default list of capabilities as specified in containers.conf. The man pages should reflect this. Fixes: containers#4576 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Description
Since version 1.29.0, you can no longer build images by calling the dnf with option --installroot:
Manual page (man buildah-build) says that the capability CAP_SYS_CHROOT should be set by default:
which is obviously not the case, because when i explicitly set this capability, the build works as in previous versions:
buildah build --cap-add=CAP_SYS_CHROOT -t ubi-micro:8 .
Steps to reproduce the issue:
buildah build -t ubi-micro .
with the Containerfile listed aboveDescribe the results you received:
Describe the results you expected:
Build without errors
Output of
rpm -q buildah
orapt list buildah
:Output of
buildah version
:Output of
cat /etc/*release
:Output of
uname -a
:Output of
cat /etc/containers/storage.conf
:The text was updated successfully, but these errors were encountered: