You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am running podman as a regular user (rootless) explicitly setting the root directory to a particular location. When podman creates the images the 'partial' folders always seem to be having a random user id as owner but the user's group id:
$ ls -l containers/root/overlay/8b845b0d3b07a3aa40e875124add71a06ff27637e29805aee92841df571e6c8d/diff/var/cache/apt/archives/ total 4 -rw-r-----. 1 rstreif rstreif 0 May 23 11:01 lock drwx------. 2 100041 rstreif 4096 May 23 11:01 partial
Due to the ownership and permission settings the user cannot read/write the partial directory. The only workaround is to change ownership as root. However, that is not practical in an automated build environment.
Steps to reproduce the issue
Steps to reproduce the issue
Run podman as user setting --root to a directory
Use a Docker file pulling an image e.g. Debian and install a couple of packages
Attempt to delete the directory --root is pointing to
Describe the results you received
'partial' directory is owned by a non-existing user with the user id 100041. All other directories are correctly owned by the user running podman.
Describe the results you expected
The 'partial' directory should also be owned by the user running podman.
podman info output
host:
arch: amd64buildahVersion: 1.36.0-devcgroupControllers:
- cpu
- io
- memory
- pidscgroupManager: systemdcgroupVersion: v2conmon:
package: conmon-2.1.10-1.fc38.x86_64path: /usr/bin/conmonversion: 'conmon version 2.1.10, commit: 'cpuUtilization:
idlePercent: 98.04systemPercent: 0.44userPercent: 1.52cpus: 128databaseBackend: sqlitedistribution:
distribution: fedoravariant: workstationversion: "38"eventLogger: journaldfreeLocks: 2048hostname: threaddyidMappings:
gidmap:
- container_id: 0host_id: 1000size: 1
- container_id: 1host_id: 100000size: 65536uidmap:
- container_id: 0host_id: 1000size: 1
- container_id: 1host_id: 100000size: 65536kernel: 6.7.11-100.fc38.x86_64linkmode: dynamiclogDriver: journaldmemFree: 77920219136memTotal: 134918377472networkBackend: netavarknetworkBackendInfo:
backend: netavarkdns:
package: aardvark-dns-1.10.0-1.fc38.x86_64path: /usr/libexec/podman/aardvark-dnsversion: aardvark-dns 1.10.0package: netavark-1.10.3-1.fc38.x86_64path: /usr/libexec/podman/netavarkversion: netavark 1.10.3ociRuntime:
name: crunpackage: crun-1.14.4-1.fc38.x86_64path: /usr/bin/crunversion: |- crun version 1.14.4 commit: a220ca661ce078f2c37b38c92e66cf66c012d9c1 rundir: /run/user/1000/crun spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJLos: linuxpasta:
executable: /usr/bin/pastapackage: passt-0^20240220.g1e6f92b-1.fc38.x86_64version: | pasta 0^20240220.g1e6f92b-1.fc38.x86_64 Copyright Red Hat GNU General Public License, version 2 or later <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.remoteSocket:
exists: falsepath: /run/user/1000/podman/podman.sockrootlessNetworkCmd: pastasecurity:
apparmorEnabled: falsecapabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOTrootless: trueseccompEnabled: trueseccompProfilePath: /usr/share/containers/seccomp.jsonselinuxEnabled: trueserviceIsRemote: falseslirp4netns:
executable: /usr/bin/slirp4netnspackage: slirp4netns-1.2.2-1.fc38.x86_64version: |- slirp4netns version 1.2.2 commit: 0ee2d87523e906518d34a6b423271e4826f71faf libslirp: 4.7.0 SLIRP_CONFIG_VERSION_MAX: 4 libseccomp: 2.5.3swapFree: 12884893696swapTotal: 12884893696uptime: 7h 29m 59.00s (Approximately 0.29 days)variant: ""plugins:
authorization: nulllog:
- k8s-file
- none
- passthrough
- journaldnetwork:
- bridge
- macvlan
- ipvlanvolume:
- localregistries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.iostore:
configFile: /home/rstreif/.config/containers/storage.confcontainerStore:
number: 0paused: 0running: 0stopped: 0graphDriverName: overlaygraphOptions: {}graphRoot: /home/rstreif/.local/share/containers/storagegraphRootAllocated: 1887956455424graphRootUsed: 1436823498752graphStatus:
Backing Filesystem: extfsNative Overlay Diff: "true"Supports d_type: "true"Supports shifting: "false"Supports volatile: "true"Using metacopy: "false"imageCopyTmpDir: /var/tmpimageStore:
number: 3runRoot: /run/user/1000/containerstransientStore: falsevolumePath: /home/rstreif/.local/share/containers/storage/volumesversion:
APIVersion: 5.1.0-devBuilt: 1712609031BuiltTime: Mon Apr 8 13:43:51 2024GitCommit: 6487940534c1065d6c7753e3b6dfbe253666537dGoVersion: go1.21.8Os: linuxOsArch: linux/amd64Version: 5.1.0-dev
Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
Yes
Additional environment details
Additional environment details
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
The text was updated successfully, but these errors were encountered:
Issue Description
I am running podman as a regular user (rootless) explicitly setting the root directory to a particular location. When podman creates the images the 'partial' folders always seem to be having a random user id as owner but the user's group id:
$ ls -l containers/root/overlay/8b845b0d3b07a3aa40e875124add71a06ff27637e29805aee92841df571e6c8d/diff/var/cache/apt/archives/ total 4 -rw-r-----. 1 rstreif rstreif 0 May 23 11:01 lock drwx------. 2 100041 rstreif 4096 May 23 11:01 partial
Due to the ownership and permission settings the user cannot read/write the partial directory. The only workaround is to change ownership as root. However, that is not practical in an automated build environment.
Steps to reproduce the issue
Steps to reproduce the issue
Describe the results you received
'partial' directory is owned by a non-existing user with the user id 100041. All other directories are correctly owned by the user running podman.
Describe the results you expected
The 'partial' directory should also be owned by the user running podman.
podman info output
Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
Yes
Additional environment details
Additional environment details
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
The text was updated successfully, but these errors were encountered: