Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running sudo -E podman after rootless podman has side effects #3463

Closed
marcov opened this issue Jul 1, 2019 · 5 comments · Fixed by #3468
Closed

Running sudo -E podman after rootless podman has side effects #3463

marcov opened this issue Jul 1, 2019 · 5 comments · Fixed by #3468
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@marcov
Copy link
Collaborator

marcov commented Jul 1, 2019

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Running sudo -E podman <anycommand> after a rootless podman command (that creates the pause process) causes podman to misbehave.

Steps to reproduce the issue:

$ ./bin/podman ps
CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES

$ /usr/bin/sudo ./bin/podman ps
CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES

$ /usr/bin/sudo -E ./bin/podman ps
Error: error creating libpod runtime: error creating runtime static files directory
/var/lib/containers/storage/libpod: mkdir /var/lib/containers/storage: permission denied

$ rm /run/user/1000/libpod/pause.pid; pkill -9 podman

$ /usr/bin/sudo -E ./bin/podman ps
CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES

Output of podman version:

Version:            1.4.4-dev
RemoteAPI Version:  1
Go Version:         go1.12.5
OS/Arch:            linux/amd64
@openshift-ci-robot openshift-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Jul 1, 2019
@mheon
Copy link
Member

mheon commented Jul 1, 2019

@giuseppe PTAL

@marcov
Copy link
Collaborator Author

marcov commented Jul 1, 2019

Adding some debug Printf right before trying to create /var/lib/containers/storage, I can see that the user namespace of the sudo -E podman is the same of the podman pause process showed in lsns -t user

@giuseppe
Copy link
Member

giuseppe commented Jul 1, 2019

Isn't XDG_RUNTIME_DIR pointing to the wrong directory with sudo -E?

@marcov
Copy link
Collaborator Author

marcov commented Jul 1, 2019

Yea, it is still pointing to /run/user/1000. I guess that's not OK then...

giuseppe added a commit to giuseppe/libpod that referenced this issue Jul 1, 2019
@giuseppe
rootless: do not join namespace if it has already euid == 0
4b176d4 
do not attempt to join the rootless namespace if it is running already
with euid == 0.

Closes: containers#3463

Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe giuseppe mentioned this issue Jul 1, 2019
Merged
@giuseppe
Copy link
Member

giuseppe commented Jul 1, 2019

I've opened a PR here: #3468

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 24, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 24, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

rootless: do not join namespace if it has already euid == 0 giuseppe/libpod
4 participants
@giuseppe @marcov @mheon @openshift-ci-robot