concourse: Privileged workloads getting access denied

Summary

After upgrade to concourse v7.5.0, we are running into an issue for some of the workloads that run on privileged containers. The same tasks and image used to work in previous versions of concourse. We are seeing failure for mysql and postgres job. The following reproduction is only for postgres.

Steps to reproduce

The following gist will have a sample task and an application that tries to ping the database after starting up:

https://gist.github.com/aminjam/3a4b227b86f6c67c6c91d5bfa2783a1f

Expected results

We should be able to ping the database

Actual results

could not open file "base/16384/PG_VERSION": Permission denied (SQLSTATE 42501)

Triaging info

  • Concourse version: 7.5.0
  • Browser (if applicable): N/A
  • Did this used to work? Yes

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 17 (12 by maintainers)

Most upvoted comments

Confirmed the issue started from concourse 7.4 with guardian runtime.

+1
xtremerui on Dec 1, 2021
Read more comments on GitHub
← concourse: pq: current transaction is aborted, commands ignored until end of transaction block
concourse: Problem upgrade from 3.x to 4.x - Migration Failure →