Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: xattr security.capability missing on docker image for shadow-utils #114

Open
meeuw opened this issue Mar 2, 2024 · 1 comment
Open

Bug: xattr security.capability missing on docker image for shadow-utils #114

meeuw opened this issue Mar 2, 2024 · 1 comment

Comments

@meeuw
Copy link

meeuw commented Mar 2, 2024

xattr security.capability missing on docker image.

How to reproduce:

Step 1, run image:

podman run --rm -ti fedora:39

Step 2, install attr (for getfattr below)

dnf install -y attr

Step 3, check xattrs for /usr/bin/newgidmap

getfattr -d -m - usr/bin/newgidmap

Expected result:

# file: usr/bin/newgidmap
security.capability=0sAQAAAkAAAAAAAAAAAAAAAAAAAAA=
security.selinux="system_u:object_r:container_file_t:s0:c375,c964"

Actual result:

# file: usr/bin/newgidmap
security.selinux="system_u:object_r:container_file_t:s0:c375,c964"

Work around:

dnf reinstall shadow-utils
@meeuw
Copy link
Author

meeuw commented May 21, 2024

See also: https://github.com/containers/image_build/blob/c54b97d4f4cec53ca9754bb1fa57fd0f0005dd94/buildah/Containerfile#L37-L39

amezin added a commit to ddterm/ci-docker-image that referenced this issue Nov 5, 2024
@amezin
Fix newuidmap/newgidmap file caps
48d0e14 
fedora-cloud/docker-brew-fedora#114
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@meeuw