buildah: Missing FCAP I fail to install `httpd` into Fedora 33 container in `build-using-dockerfile`

With this dockerfile (on Fedora 34):

FROM fedora:33
RUN dnf install -y httpd

I run buildah bud ., and I see:

  Installing       : httpd-2.4.46-9.fc33.x86_64                         187/207
Error unpacking rpm package httpd-2.4.46-9.fc33.x86_64
 
error: unpacking of archive failed on file /usr/sbin/suexec;604723c1: cpio: cap_set_file failed - Inappropriate ioctl for device
error: httpd-2.4.46-9.fc33.x86_64: install failed
...
Failed:
  httpd-2.4.46-9.fc33.x86_64                                                    

Error: Transaction failed

Output of rpm -q buildah or apt list buildah:

buildah-1.20.0-0.12.dev.git7f340f9.fc34.x86_64

Output of buildah version:

Version:         1.20.0-dev
Go Version:      go1.16beta1
Image Spec:      1.0.1-dev
Runtime Spec:    1.0.2-dev
CNI Spec:        0.4.0
libcni Version:  
image Version:   5.10.1
Git Commit:      
Built:           Thu Jan  1 01:00:00 1970
OS/Arch:         linux/amd64

Output of podman version if reporting a podman build issue:

Version:      3.0.1
API Version:  3.0.0
Go Version:   go1.16
Built:        Mon Feb 22 15:08:57 2021
OS/Arch:      linux/amd64

Output of cat /etc/*release:

Fedora release 34 (Thirty Four)
NAME=Fedora
VERSION="34 (Thirty Four Prerelease)"
ID=fedora
VERSION_ID=34
VERSION_CODENAME=""
PLATFORM_ID="platform:f34"
PRETTY_NAME="Fedora 34 (Thirty Four Prerelease)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:34"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/34/system-administrators-guide/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=34
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=34
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
Fedora release 34 (Thirty Four)
Fedora release 34 (Thirty Four)

Output of uname -a:

Linux raiskup 5.11.3-300.fc34.x86_64 #1 SMP Thu Mar 4 19:03:18 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Output of cat /etc/containers/storage.conf:

$ cat /etc/containers/storage.conf  | grep -v -e ^# -e ^$
[storage]
driver = "overlay"
runroot = "/var/run/containers/storage"
graphroot = "/var/lib/containers/storage"
[storage.options]
additionalimagestores = [
]
[storage.options.overlay]
mountopt = "nodev,metacopy=on"
[storage.options.thinpool]

About this issue

Original URL
State: closed
Created 3 years ago
Comments: 31 (26 by maintainers)

Commits related to this issue

kola-denylist.yaml: add ext.config.podman.rootless-systemd This test is currently failing due to a regression in buildah: https://github.com/containers/buildah/issues/3071 — committed to jlebon/fedora-coreos-config by jlebon 3 years ago
kola-denylist.yaml: add ext.config.podman.rootless-systemd This test is currently failing on f34+ due to a regression in buildah: https://github.com/containers/buildah/issues/3071 — committed to jlebon/fedora-coreos-config by jlebon 3 years ago
kola-denylist.yaml: add ext.config.podman.rootless-systemd This test is currently failing on f34+ due to a regression in buildah: https://github.com/containers/buildah/issues/3071 — committed to coreos/fedora-coreos-config by jlebon 3 years ago
overrides: pin to kernel-5.10.19-200.fc33 for rootless podman There's a regression in 5.10.20+ which breaks rootless podman: https://github.com/containers/buildah/issues/3071 (This is the same regre... — committed to jlebon/fedora-coreos-config by jlebon 3 years ago
overrides: pin to kernel-5.10.19-200.fc33 for rootless podman There's a regression in 5.10.20+ which breaks rootless podman: https://github.com/containers/buildah/issues/3071 (This is the same regre... — committed to coreos/fedora-coreos-config by jlebon 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") It turns out that there are in fact userspace implementations that care and this recent change caused a regres... — committed to torvalds/linux by ebiederm 3 years ago
overrides: pin to kernel-5.10.19-200.fc33 for rootless podman There's a regression in 5.10.20+ which breaks rootless podman: https://github.com/containers/buildah/issues/3071 (This is the same regre... — committed to coreos/fedora-coreos-config by jlebon 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace imple... — committed to mrchapp/linux by ebiederm 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace imple... — committed to mrchapp/linux by ebiederm 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace imple... — committed to mrchapp/linux by ebiederm 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace imple... — committed to mrchapp/linux by ebiederm 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace imple... — committed to woodsts/linux-stable by ebiederm 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace imple... — committed to woodsts/linux-stable by ebiederm 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace imple... — committed to woodsts/linux-stable by ebiederm 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace imple... — committed to woodsts/linux-stable by ebiederm 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace imple... — committed to woodsts/linux-stable by ebiederm 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace imple... — committed to freeza-inc/bm-galaxy-s20-ultra-snap-r by ebiederm 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace imple... — committed to Claymore1297/kernel_oneplus_sm8150 by ebiederm 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace imple... — committed to miraclestars/android_kernel_samsung_sm8250 by ebiederm 3 years ago
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace imple... — committed to Jimbo77/Jimbok_common_sm8250-R by ebiederm 3 years ago

Most upvoted comments

Per release notes, it is in 5.11.7: https://lwn.net/Articles/849642/

praiskup on Mar 24, 2021

Yeah, the patch was probably backported to 5.11: https://github.com/gregkh/linux/commit/7fbc077be2f3fad5d75ddfd4b598eeba66459c5d

praiskup on Mar 24, 2021