New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
buildah image v1.34: Error: open /usr/lib/containers/storage/overlay-images/images.lock: permission denied #5332
Comments
We have the same issue, seems like a regression after upgrading to Any Advice? |
@zmjackson Does it work if you add |
I just checked and I get the same error when using |
@zmjackson just changed the security context from
to
and it worked...but as you know we don't want to run |
@zmjackson what do you think about that ^^ any ideas how we can proceed? |
Seems to be caused by the configuration of the container storage library. Buildah 1.27 do not have a storage.conf in $HOME/.config/containers/storage but Buildah 1.34 does. I did a test without the storage.conf in $HOME and it almost works excepted some warnings not present with v1.27. I ran minikube with podman rootless for the tests. The storage is configured with the kernel overlay and not the fuse one.
|
@sylvainpelletier thanks, |
A friendly reminder that this issue had no activity for 30 days. |
@zmjackson FYI, container:
securityContext:
allowPrivilegeEscalation: false
runAsUser: 1000
runAsGroup: 1000
capabilities:
drop:
- ALL
image: "quay.io/containers/buildah:v1.35.3"
imagePullPolicy: IfNotPresent
volumeMounts:
- name: buildah-storage
mountPath: /usr/lib/containers/storage/overlay-images
volumes:
- name: buildah-storage
emptyDir: {}
|
Description
When run with Docker (haven't tested Podman) and our security configs, buildah image v1.34 throws an error on most operations. No previous versions have this issue. Although I submitted the report for an Ubuntu system, I observed the exact same behavior on Centos. We use the Podman
seccomp.json
and the following AppArmor policy:Steps to reproduce the issue:
docker run -t --device /dev/fuse --security-opt seccomp=/usr/share/containers/seccomp.json --security-opt apparmor=docker-buildah -u build quay.io/buildah/stable:v1.34 buildah pull fedora
Describe the results you received:
buildah image v1.34 throws the following error when pulling, building, etc.:
Describe the results you expected:
Buildah operations complete successfully when I use v1.33.2 or earlier:
Output of
rpm -q buildah
orapt list buildah
:Output of
buildah version
:Output of
podman version
if reporting apodman build
issue:Output of
cat /etc/*release
:Output of
uname -a
:Output of
cat /etc/containers/storage.conf
:The text was updated successfully, but these errors were encountered: