[pkg-go] Bug#1034871: podman: "sudo podman system reset" can delete current working directory

[Cyril Brulebois]

Hi,

Reinhard Tartler <siretart at gmail.com> (2023-04-26):
> On Wed, Apr 26, 2023 at 6:48 AM Jan Hendrik Farr <debian at jfarr.cc> wrote:
> > if /etc/containers/storage.conf does not include the runRoot
> > variable, then running "sudo podman system reset" will delete the
> > current working directory.

Ouch!

> > Including this fix in Debian 12 has a really low chance of affecting
> > other packages, but if this fix is not included there will
> > inevitably be more people like me that accidentally remove their
> > home directory.

I'm not sure where exactly people draw the line for “data loss” but
that's what it looks like to me.

> It indeed sounds like a significant papercut. I'm seeking for further
> thoughts and opinions: Is this something worth backporting that late
> in the release cycle?

I'd say: definitely!

(This is not an official statement from the release team though.)

Please keep in mind I know nothing about podman or containers-storage
and I haven't spotted what would set up /etc/containers/storage.conf,
and whether some default configuration would contain that runRoot
setting; but even if it's present… if people have legitimate reasons to
remove that setting, that's no reason to load the gun, aim at their
foot, and wait for them to press the trigger.


Cheers,
-- 
Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-go-maintainers/attachments/20230426/3f8372eb/attachment.sig>