[pkg-go] Bug#977717: podman: Images can't be run with non-root USER after upgrade to 2.1.1 due to wrong permissions of / inside the container

[Reinhard Tartler]

Control: tag -1 moreinfo unreproducible


On Sat, Dec 19, 2020 at 9:15 AM Andreas Maus <
023a305472eca90cd389e9dd4a9f30f71a6cf4e6 at ypbind.de> wrote:

> After the upgrade of podman to 2.1.1 container images
> can't be run if the Dockerfile specify a non-root USER.
>

I'm sorry, but I can't reproduce this (anymore):

siretart at x1:/tmp/d$ *podman rmi -a*
8ac063dba0c0659a071a74e67d3661495215ab740724e416d62f264d73a398ce
Untagged: docker.io/library/debian:latest
Deleted: db2b7591a39e6b509f93038f6855f95bb783efdc83aa3a20c347453320b6d345
Deleted: 6d6b00c22231693c9b87e79986d562874446bf10182206e4621e23ca8dfa8e1c
siretart at x1:/tmp/d$ *podman rm -a*
siretart at x1:/tmp/d$ *cat Dockerfile *
*FROM docker.io/debian <http://docker.io/debian>*
*USER nobody*
*RUN id*
siretart at x1:/tmp/d$ *podman build -f Dockerfile *
STEP 1: FROM docker.io/debian
Getting image source signatures
Copying blob 6c33745f49b4 done
Copying config 6d6b00c222 done
Writing manifest to image destination
Storing signatures
STEP 2: USER nobody
--> 609dac75d3a
STEP 3: RUN id
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
STEP 4: COMMIT
--> 037e1690447
037e1690447f0dd7d90d99cf7bc3cf1206f35f81225f2119445b147d5b6aa3a9

I was able to reproduce this error with an cached image that I had, but
deleting the local one
and getting a fresh one from the docker library allowed me to pass that
test.

I was not able to pull your exact image, and to be frank, I'd prefer if you
could describe the
steps to reproduce this with images that are publicly accessible and simple
to reproduce.

Can you please try again with fresh images and the example that I showed
above?

-- 
regards,
    Reinhard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-go-maintainers/attachments/20201219/b0a29d51/attachment.html>