[pkg-go] Bug#1019929: podman: Subordinate UID/GID ranges not fetched from libsubid

Sam Morris sam at robots.org.uk
Fri Sep 16 12:10:43 BST 2022 

Package: podman
Version: 4.2.0+ds1-3
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I've not got anything in /etc/subuid or /etc/subgid because subordinate
id range info is stored in LDAP.

  $ grep ^subid: /etc/nsswitch.conf
  subid: sss

This is transparent to clients using libsubid:

  $ getsubids sam
  0: sam 2147483648 65536

... but it looks like podman doesn't use this library yet:

    $ podman system info
    ERRO[0000] cannot find UID/GID for user sam: no subuid ranges found for user "sam" in /etc/subuid - check rootless mode in man pages.
    WARN[0000] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user
    [...]
      idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    [...]

- -- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (530, 'testing'), (520, 'unstable'), (1, 'experimental')
merged-usr: no
Architecture: amd64 (x86_64)

Kernel: Linux 5.19.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages podman depends on:
ii  conmon                           2.1.3+ds1-1
ii  crun                             1.5+dfsg-1+b1
ii  golang-github-containers-common  0.48.0+ds1-1
ii  libc6                            2.34-7
ii  libdevmapper1.02.1               2:1.02.185-1
ii  libgpgme11                       1.17.1-4.1
ii  libseccomp2                      2.5.4-1+b1
ii  systemd [systemd-tmpfiles]       251.4-3

Versions of packages podman recommends:
ii  buildah            1.26.1+ds1-1
ii  catatonit          0.1.7-1
ii  dbus-user-session  1.14.0-2
ii  fuse-overlayfs     1.9-1
ii  slirp4netns        1.2.0-1
ii  uidmap             1:4.11.1+dfsg1-2

Versions of packages podman suggests:
ii  containers-storage  1.37.2+ds1-1+b2
pn  docker-compose      <none>
ii  iptables            1.8.8-1

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iIgEARYIADAWIQTWOGqGn6HETecdzqZOEaKLhlAYigUCYyRZrhIcc2FtQHJvYm90
cy5vcmcudWsACgkQThGii4ZQGIra+wEA9cSULDer04xzpg1djBcsaxdK78eH6avT
szoQ8hl2ERMA/08sN17EOvYQOLB8WwleW1kPCQZdDztMiapcY5Ep7CYI
=DI3R
-----END PGP SIGNATURE-----

More information about the Pkg-go-maintainers mailing list