[pkg-go] Bug#977717: podman: Images can't be run with non-root USER after upgrade to 2.1.1 due to wrong permissions of / inside the container

Reinhard Tartler siretart at gmail.com
Sat Dec 19 19:09:21 GMT 2020

Control: tag -1 moreinfo unreproducible

On Sat, Dec 19, 2020 at 9:15 AM Andreas Maus <
023a305472eca90cd389e9dd4a9f30f71a6cf4e6 at ypbind.de> wrote:

> After the upgrade of podman to 2.1.1 container images
> can't be run if the Dockerfile specify a non-root USER.

I'm sorry, but I can't reproduce this (anymore):

siretart at x1:/tmp/d$ *podman rmi -a*
Untagged: docker.io/library/debian:latest
Deleted: db2b7591a39e6b509f93038f6855f95bb783efdc83aa3a20c347453320b6d345
Deleted: 6d6b00c22231693c9b87e79986d562874446bf10182206e4621e23ca8dfa8e1c
siretart at x1:/tmp/d$ *podman rm -a*
siretart at x1:/tmp/d$ *cat Dockerfile *
*FROM docker.io/debian <http://docker.io/debian>*
*USER nobody*
*RUN id*
siretart at x1:/tmp/d$ *podman build -f Dockerfile *
STEP 1: FROM docker.io/debian
Getting image source signatures
Copying blob 6c33745f49b4 done
Copying config 6d6b00c222 done
Writing manifest to image destination
Storing signatures
STEP 2: USER nobody
--> 609dac75d3a
STEP 3: RUN id
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
--> 037e1690447

I was able to reproduce this error with an cached image that I had, but
deleting the local one
and getting a fresh one from the docker library allowed me to pass that

I was not able to pull your exact image, and to be frank, I'd prefer if you
could describe the
steps to reproduce this with images that are publicly accessible and simple
to reproduce.

Can you please try again with fresh images and the example that I showed

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-go-maintainers/attachments/20201219/b0a29d51/attachment.html>

More information about the Pkg-go-maintainers mailing list