Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podman exec fails on --user #2566

Closed
maflcko opened this issue Mar 7, 2019 · 2 comments
Closed

podman exec fails on --user #2566

maflcko opened this issue Mar 7, 2019 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. rootless

Comments

@maflcko
Copy link

maflcko commented Mar 7, 2019

/kind bug

Description

Podman always fails with

$ podman exec -u testu -i naughty_hugle echo
Error: unable to find user testu: no matching entries in passwd file

Steps to reproduce the issue:

$ podman run -i -t --rm ubuntu:bionic bash
# useradd -ms /bin/bash -U testu

// new terminal
$ podman container ls --all # find it
$ podman exec -u testu -i naughty_hugle true
Error: unable to find user testu: no matching entries in passwd file

For comparison in docker:

$ sudo docker run -i -t --rm ubuntu:bionic bash
# useradd -ms /bin/bash -U testu

// new terminal
$ sudo docker exec -u testu  -i laughing_feistel echo works
works

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

podman version 1.1.2

Output of podman info --debug:

(paste your output here)

Additional environment details (AWS, VirtualBox, physical, etc.):
@openshift-ci-robot openshift-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Mar 7, 2019
@mheon
Copy link
Member

mheon commented Mar 7, 2019

Works fine as root
@giuseppe Mind taking a look?

@mheon mheon added the rootless label Mar 7, 2019
giuseppe added a commit to giuseppe/libpod that referenced this issue Mar 7, 2019
@giuseppe
rootless: exec join the user+mount namespace
16957d7 
it is not enough to join the user namespace where the container is
running.  We also need to join the mount namespace so that we can
correctly look-up inside of the container rootfs.  This is necessary
to lookup the mounted /etc/passwd file when --user is specified.

Closes: containers#2566

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe giuseppe mentioned this issue Mar 7, 2019
Merged
@giuseppe
Copy link
Member

giuseppe commented Mar 7, 2019

PR here: #2569

giuseppe added a commit to giuseppe/libpod that referenced this issue Mar 7, 2019
@giuseppe
rootless: exec join the user+mount namespace
70ef3f1 
it is not enough to join the user namespace where the container is
running.  We also need to join the mount namespace so that we can
correctly look-up inside of the container rootfs.  This is necessary
to lookup the mounted /etc/passwd file when --user is specified.

Closes: containers#2566

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe added a commit to giuseppe/libpod that referenced this issue Mar 7, 2019
@giuseppe
rootless: exec join the user+mount namespace
b28bc9b 
it is not enough to join the user namespace where the container is
running.  We also need to join the mount namespace so that we can
correctly look-up inside of the container rootfs.  This is necessary
to lookup the mounted /etc/passwd file when --user is specified.

Closes: containers#2566

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe added a commit to giuseppe/libpod that referenced this issue Mar 7, 2019
@giuseppe
rootless: exec join the user+mount namespace
4a02713 
it is not enough to join the user namespace where the container is
running.  We also need to join the mount namespace so that we can
correctly look-up inside of the container rootfs.  This is necessary
to lookup the mounted /etc/passwd file when --user is specified.

Closes: containers#2566

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
muayyad-alsadi pushed a commit to muayyad-alsadi/libpod that referenced this issue Apr 21, 2019
@giuseppe @muayyad-alsadi
rootless: exec join the user+mount namespace
e8a734a 
it is not enough to join the user namespace where the container is
running.  We also need to join the mount namespace so that we can
correctly look-up inside of the container rootfs.  This is necessary
to lookup the mounted /etc/passwd file when --user is specified.

Closes: containers#2566

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 24, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 24, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. rootless
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@giuseppe @maflcko @mheon @openshift-ci-robot