You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened: When running, docker sbom as root, the command works fine. When su-ing over to our 'gitlab-runner' user, installing the plugin for that user, docker reports it as an an "invalid plugin" with a "permission denied":
What you expected to happen: docker sbom to work for my 'gitlab-runner' user so I can integrate it into our CI/CD processes.
How to reproduce it (as minimally and precisely as possible): Run the install script for docker-sbom as the gitlab-runner user and once installed, just run docker [enter] to see the error.
Anything else we need to know?: Things I've tried or additional outputs:
verified permissions on docker-sbom between working instance (root) and non-working instance (gitlab-runner)
verified owner was properly set as root for root and gitlab-runner for gitlab-runner
but also tried changing gitlab-runner's docker-sbom's owner to 'root' and received the same error
all of these tests were run with SELinux off (for testing)
/var/log/audit/audit.log was additionally not showing any block/deny actions for docker sbom or sbom prior to being disabled for testing (setenforce 0)
output of id as gitlab-runner: uid=1002(gitlab-runner) gid=1002(gitlab-runner) groups=1002(gitlab-runner),979(docker) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
gitlab-runner can successfully run other docker commands, e.g.: build, tag, push, images, ps, etc. (all other commands we use in our pipeline)
Environment:
OS: RHEL 8.9
Output of docker version: Docker version 24.0.7, build afdd53b
Output of docker sbom version: sbom-cli-plugin 0.6.1, build 02cf1c8
The text was updated successfully, but these errors were encountered:
What happened: When running,
docker sbom
as root, the command works fine. When su-ing over to our 'gitlab-runner' user, installing the plugin for that user, docker reports it as an an "invalid plugin" with a "permission denied":Invalid Plugins:
sbom failed to fetch metadata: fork/exec /home/gitlab-runner/.docker/cli-plugins/docker-sbom: permission denied
What you expected to happen:
docker sbom
to work for my 'gitlab-runner' user so I can integrate it into our CI/CD processes.How to reproduce it (as minimally and precisely as possible): Run the install script for docker-sbom as the gitlab-runner user and once installed, just run
docker [enter]
to see the error.Anything else we need to know?: Things I've tried or additional outputs:
docker sbom
orsbom
prior to being disabled for testing (setenforce 0)id
as gitlab-runner: uid=1002(gitlab-runner) gid=1002(gitlab-runner) groups=1002(gitlab-runner),979(docker) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023Environment:
docker version
: Docker version 24.0.7, build afdd53bdocker sbom version
: sbom-cli-plugin 0.6.1, build 02cf1c8The text was updated successfully, but these errors were encountered: