Ubuntu
golang-github-containers-buildah package

buildah run fails with permission denied

Bug #1952103 reported by Ruben de Groot
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
golang-github-containers-buildah (Ubuntu)
Fix Released
Undecided
Unassigned
Impish
Won't Fix
Undecided
Reinhard Tartler

Bug Description

[Impact]

Buildah, a specialized tool for building container images and an alternative to docker, fails to fulfill it's primary use-case: building container images

[Test Plan]
Install new buildah and build a container image

[Where problems could occur]
When testing, keep in mind that while most dockerfiles should just work with 'buildah bud', there might be some corner cases where buildah is not
100% feature compatible with docker.

Original Description follows:

buildah run command is broken in ubuntu 21.10

# buildah from alpine:3
alpine-working-container

# buildah run alpine-working-container touch /tmp/foo
ERRO[0000] container_linux.go:380: starting container process caused: error adding seccomp filter rule for syscall bdflush: permission denied
error running container: error from runc creating container for [/bin/touch /tmp/foo]: : exit status 1
error while running runtime: exit status 1

ProblemType: Bug
DistroRelease: Ubuntu 21.10
Package: buildah 1.21.3+ds1-1ubuntu1
ProcVersionSignature: Ubuntu 5.13.0-21.21-generic 5.13.18
Uname: Linux 5.13.0-21-generic x86_64
ApportVersion: 2.20.11-0ubuntu71
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Wed Nov 24 14:28:49 2021
InstallationDate: Installed on 2021-08-02 (113 days ago)
InstallationMedia: Ubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1)
SourcePackage: golang-github-containers-buildah
UpgradeStatus: Upgraded to impish on 2021-10-25 (30 days ago)

See original description
Revision history for this message
Ruben de Groot (torbor) wrote :
Ruben de Groot (torbor)
Changed in golang-github-containers-buildah (Ubuntu):
status: New → Confirmed
Revision history for this message
Ruben de Groot (torbor) wrote :

After reading https://github.com/containers/common/issues/631, I tried installing crun.

This seems to have resolved the issues with buildah.

Changed in golang-github-containers-buildah (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Reinhard Tartler (siretart) wrote :

I can confirm that this issue is not fixed in impish at this point. Rebuilding it against a newer containers/common does.

Changed in golang-github-containers-buildah (Ubuntu Impish):
assignee: nobody → Reinhard Tartler (siretart)
status: New → In Progress
Revision history for this message
Reinhard Tartler (siretart) wrote :

I've created test packages in my ppa at https://launchpad.net/~siretart/+archive/ubuntu/podman/+packages

description: updated
Revision history for this message
Chris Halse Rogers (raof) wrote : Please test proposed package

Hello Ruben, or anyone else affected,

Accepted golang-github-containers-buildah into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/golang-github-containers-buildah/1.21.3+ds1-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-impish. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in golang-github-containers-buildah (Ubuntu Impish):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-impish
Revision history for this message
Brian Murray (brian-murray) wrote :

Ubuntu 21.10 (Impish Indri) has reached end of life, so this bug will not be fixed for that specific release.

Changed in golang-github-containers-buildah (Ubuntu Impish):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.