Skip to content

[v4.1] [BZ #2083997] pod: build pause image in custom user NS #14280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 18, 2022
Merged

[v4.1] [BZ #2083997] pod: build pause image in custom user NS #14280

merged 1 commit into from
May 18, 2022

Conversation

@vrothberg
Copy link
Member

@vrothberg vrothberg commented May 18, 2022

Use the host UID and host GID mapping when building the local pause
image for a Pod with a custom mapping. Otherwise, the mappings are off
and the build fails. Propagating the mapping to the build container is
not needed since the pause image ships merely a copied catatonit from
the host.

Backport-of: commit c45d518
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2083997
Signed-off-by: Valentin Rothberg vrothberg@redhat.com

Does this PR introduce a user-facing change?

Fix a bug where the pause image of a Pod with a custom ID mapping could not be built (https://bugzilla.redhat.com/show_bug.cgi?id=2083997).

@mheon @rhatdan @TomSweeneyRedHat PTAL

@vrothberg
[BZ #2083997] pod: build pause image in custom user NS
fe29196 
Use the host UID and host GID mapping when building the local pause
image for a Pod with a custom mapping.  Otherwise, the mappings are off
and the build fails. Propagating the mapping to the build container is
not needed since the pause image ships merely a copied `catatonit` from
the host.

Backport-of: commit c45d518
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2083997
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
@openshift-ci openshift-ci bot added release-note approved Indicates a PR has been approved by an approver from all required OWNERS files. labels May 18, 2022
@edsantiago edsantiago added the kind/bug Categorizes issue or PR as related to a bug. label May 18, 2022
edsantiago
edsantiago suggested changes May 18, 2022
View reviewed changes
Copy link
Member

@edsantiago edsantiago left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs tests

test/system/170-run-userns.bats
# Remove the pod and the pause image
run_podman pod rm $random_pod_name
run_podman version --format "{{.Server.Version}}-{{.Server.Built}}"
run_podman rmi -f localhost/podman-pause:$output
Copy link
Member

@edsantiago edsantiago May 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't you just do rmi -f $(pause_image) ?

test/system/170-run-userns.bats
skip_if_rootless "does not work rootless - rootful feature"
skip_if_remote "remote --uidmap is broken (see #14233)"
random_pod_name=$(random_string 30)
run_podman pod create --uidmap 0:200000:5000 --name=$random_pod_name
Copy link
Member

@edsantiago edsantiago May 18, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no test here. This test passes on main, which means you're not actually testing anything. Could you please add something that actually tests your new functionality (and which fails when run against main)? And can you add a comment describing something like "prior to #14280 this would fail with blah-blah-error" ?

[EDIT: what I mean is, it isn't clear if it's the "pod create" that you think would fail, or the "start", or if you accidentally a different step]

[EDIT 2: Sigh, never mind, I just noticed the v4.1. Test fails on v4.1 with

Error: error starting container e6696ef28b7428ab9009ff6c76c1977e0468ba5195e4d21e884e5306b7541965: crun: executable file `/catatonit` not found in $PATH: No such file or directory: OCI runtime attempted to invoke a command that was not found

I would still appreciate a comment indicating that it's the start that would fail without this PR]

@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 18, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: edsantiago, vrothberg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [edsantiago,vrothberg]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rhatdan
Copy link
Member

rhatdan commented May 18, 2022

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 18, 2022
@openshift-merge-robot openshift-merge-robot merged commit 12d30e6 into containers:v4.1 May 18, 2022
@vrothberg vrothberg deleted the 4.1-backport branch May 18, 2022 13:31
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@edsantiago edsantiago edsantiago approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@rhatdan rhatdan

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@vrothberg @rhatdan @edsantiago @openshift-merge-robot