5:50 a.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
Bug ID: 1098120
Summary: Unable to buid an run an image using sshd.
Product: Fedora
Version: 20
Component: docker-io
Assignee: lsm5(a)redhat.com
Reporter: pantinor(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: admiller(a)redhat.com, golang(a)lists.fedoraproject.org,
lsm5(a)redhat.com, mattdm(a)redhat.com,
mgoldman(a)redhat.com, s(a)shk.io, vbatts(a)redhat.com
Description of problem:
Unable to succesfully build and run a fairly simple image that used to work.
Version-Release number of selected component (if applicable):
$ docker -v
Docker version 0.11.1, build fb99f99/0.11.1
How reproducible:
Always
Steps to Reproduce:
mkdir docker_test
cd docker_test
wget http://pastebin.com/raw.php?i=ie8BRcC4 -O Dockerfile
docker build -t sshd --no-cache
Actual results:
$ docker build -t sshd --no-cache .
Uploading context 2.56 kB
Uploading context
Step 0 : FROM centos
---> 539c0211cd76
Step 1 : RUN yum install -y openssh-server
---> Running in 65f28c081323
Loaded plugins: fastestmirror
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package openssh-server.x86_64 0:5.3p1-94.el6 will be installed
--> Processing Dependency: openssh = 5.3p1-94.el6 for package:
openssh-server-5.3p1-94.el6.x86_64
--> Processing Dependency: libcrypto.so.10(libcrypto.so.10)(64bit) for package:
openssh-server-5.3p1-94.el6.x86_64
--> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.1)(64bit) for package:
openssh-server-5.3p1-94.el6.x86_64
--> Processing Dependency: libwrap.so.0()(64bit) for package:
openssh-server-5.3p1-94.el6.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package:
openssh-server-5.3p1-94.el6.x86_64
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.2.0-7.el6 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package:
fipscheck-lib-1.2.0-7.el6.x86_64
---> Package openssh.x86_64 0:5.3p1-94.el6 will be installed
---> Package openssl.x86_64 0:1.0.0-27.el6_4.2 will be updated
---> Package openssl.x86_64 0:1.0.1e-16.el6_5.7 will be an update
--> Processing Dependency: make for package: openssl-1.0.1e-16.el6_5.7.x86_64
---> Package tcp_wrappers-libs.x86_64 0:7.6-57.el6 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.2.0-7.el6 will be installed
---> Package make.x86_64 1:3.81-20.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
openssh-server x86_64 5.3p1-94.el6 base 311 k
Installing for dependencies:
fipscheck x86_64 1.2.0-7.el6 base 14 k
fipscheck-lib x86_64 1.2.0-7.el6 base 8.3 k
make x86_64 1:3.81-20.el6 base 389 k
openssh x86_64 5.3p1-94.el6 base 258 k
tcp_wrappers-libs x86_64 7.6-57.el6 base 62 k
Updating for dependencies:
openssl x86_64 1.0.1e-16.el6_5.7 updates 1.5 M
Transaction Summary
================================================================================
Install 6 Package(s)
Upgrade 1 Package(s)
Total download size: 2.5 M
Downloading Packages:
--------------------------------------------------------------------------------
Total 569 kB/s | 2.5 MB 00:04
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de:
NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Importing GPG key 0xC105B9DE:
Userid : CentOS-6 Key (CentOS 6 Official Signing Key)
<centos-6-key(a)centos.org>
Package: centos-release-6-4.el6.centos.10.x86_64 (@febootstrap/$releasever)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : tcp_wrappers-libs-7.6-57.el6.x86_64 1/8
Installing : 1:make-3.81-20.el6.x86_64 2/8
Updating : openssl-1.0.1e-16.el6_5.7.x86_64 3/8
Installing : fipscheck-lib-1.2.0-7.el6.x86_64 4/8
Installing : fipscheck-1.2.0-7.el6.x86_64 5/8
Installing : openssh-5.3p1-94.el6.x86_64 6/8
Installing : openssh-server-5.3p1-94.el6.x86_64 7/8
groupadd: failure while writing changes to /etc/group
Cleanup : openssl-1.0.0-27.el6_4.2.x86_64 8/8
Verifying : 1:make-3.81-20.el6.x86_64 1/8
Verifying : tcp_wrappers-libs-7.6-57.el6.x86_64 2/8
Verifying : fipscheck-1.2.0-7.el6.x86_64 3/8
Verifying : openssl-1.0.1e-16.el6_5.7.x86_64 4/8
Verifying : openssh-5.3p1-94.el6.x86_64 5/8
Verifying : openssh-server-5.3p1-94.el6.x86_64 6/8
Verifying : fipscheck-lib-1.2.0-7.el6.x86_64 7/8
Verifying : openssl-1.0.0-27.el6_4.2.x86_64 8/8
Installed:
openssh-server.x86_64 0:5.3p1-94.el6
Dependency Installed:
fipscheck.x86_64 0:1.2.0-7.el6 fipscheck-lib.x86_64 0:1.2.0-7.el6
make.x86_64 1:3.81-20.el6 openssh.x86_64 0:5.3p1-94.el6
tcp_wrappers-libs.x86_64 0:7.6-57.el6
Dependency Updated:
openssl.x86_64 0:1.0.1e-16.el6_5.7
Complete!
---> e869dfd88b15
Removing intermediate container 65f28c081323
Step 2 : RUN sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords
yes/;s/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
---> Running in 8673e7861c41
sed: warning: failed to set default file creation context to
system_u:object_r:file_t:s0: Read-only file system ---> f49ebe0bc026
Removing intermediate container 8673e7861c41
Step 3 : CMD service sshd start ; bash
---> Running in b4db6af6261e
---> b9d7e3852943
Removing intermediate container b4db6af6261e
Successfully built b9d7e3852943
Expected results:
A build and run with no errors.
Everything works as expected when run for instance in a boot2docker vm:
https://github.com/boot2docker/boot2docker/releases/download/v0.9.1/boot2...
Additional info:
$ getenforce
Permissive
The error is recent. I am not sure if the problem is Docker, selinux, or Centos
base files, but the full operation used to succed without any problem in past.
Note sed warning:
sed: warning: failed to set default file creation context to
system_u:object_r:file_t:s0: Read-only file system ---> f49ebe0bc026
When running a container from that image, the ssh fails:
$ docker run -t -i sshd
Generating SSH1 RSA host key: No such file or directory
[ OK ]
Generating SSH2 RSA host key: No such file or directory
[ OK ]
Generating SSH2 DSA host key: No such file or directory
[ OK ]
Starting sshd: Privilege separation user sshd does not exist
[FAILED]
bash-4.1# exit
--
You are receiving this mail because:
You are on the CC list for the bug.
10:29 a.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
Paolo Antinori <pantinor(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Unable to buid an run an |Unable to buid images that
|image using sshd. |interact with /etc/groups
--- Comment #1 from Paolo Antinori <pantinor(a)redhat.com> ---
Found some evidence that the problem is wider and not related just to sshd..
Building this simpla image:
FROM centos:latest
MAINTAINER Paolo Antinori <paolo.antinori(a)gmail.com>
RUN yum install -y httpd ; yum -y clean all
CMD service httpd start ; bash
EXPOSE 80
Gives this output and a not runnable httpd:
$ docker build --rm -t test .
Uploading context 2.56 kB
Uploading context
Step 0 : FROM centos:latest
---> 0b443ba03958
Step 1 : MAINTAINER Paolo Antinori <paolo.antinori(a)gmail.com>
---> Using cache
---> 4f53ca7a4051
Step 2 : RUN yum install -y httpd ; yum -y clean all
---> Running in 783dae15dd6c
Loaded plugins: fastestmirror
http://centosh2.centos.org/centos/6.5/updates/x86_64/repodata/d488729553d...:
[Errno 12] Timeout on
http://centosh2.centos.org/centos/6.5/updates/x86_64/repodata/d488729553d...:
(28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30
seconds')
Trying other mirror.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.2.15-30.el6.centos will be installed
--> Processing Dependency: httpd-tools = 2.2.15-30.el6.centos for package:
httpd-2.2.15-30.el6.centos.x86_64
--> Processing Dependency: system-logos >= 7.92.1-1 for package:
httpd-2.2.15-30.el6.centos.x86_64
--> Processing Dependency: initscripts >= 8.36 for package:
httpd-2.2.15-30.el6.centos.x86_64
--> Processing Dependency: apr-util-ldap for package:
httpd-2.2.15-30.el6.centos.x86_64
--> Processing Dependency: /etc/mime.types for package:
httpd-2.2.15-30.el6.centos.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package:
httpd-2.2.15-30.el6.centos.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package:
httpd-2.2.15-30.el6.centos.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.3.9-5.el6_2 will be installed
---> Package apr-util.x86_64 0:1.3.9-3.el6_0.1 will be installed
---> Package apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 will be installed
---> Package httpd-tools.x86_64 0:2.2.15-30.el6.centos will be installed
---> Package initscripts.x86_64 0:9.03.40-2.el6.centos.1 will be installed
--> Processing Dependency: upstart >= 0.6.0 for package:
initscripts-9.03.40-2.el6.centos.1.x86_64
--> Processing Dependency: ethtool >= 1.8-2 for package:
initscripts-9.03.40-2.el6.centos.1.x86_64
--> Processing Dependency: /sbin/ip for package:
initscripts-9.03.40-2.el6.centos.1.x86_64
--> Processing Dependency: /sbin/arping for package:
initscripts-9.03.40-2.el6.centos.1.x86_64
---> Package mailcap.noarch 0:2.1.31-2.el6 will be installed
---> Package redhat-logos.noarch 0:60.0.14-12.el6.centos will be installed
--> Running transaction check
---> Package ethtool.x86_64 2:3.5-1.4.el6_5 will be installed
---> Package iproute.x86_64 0:2.6.32-31.el6 will be installed
--> Processing Dependency: iptables >= 1.4.5 for package:
iproute-2.6.32-31.el6.x86_64
--> Processing Dependency: libxtables.so.4()(64bit) for package:
iproute-2.6.32-31.el6.x86_64
---> Package iputils.x86_64 0:20071127-17.el6_4.2 will be installed
---> Package upstart.x86_64 0:0.6.5-13.el6_5.3 will be installed
--> Running transaction check
---> Package iptables.x86_64 0:1.4.7-11.el6 will be installed
--> Processing Dependency: policycoreutils for package:
iptables-1.4.7-11.el6.x86_64
--> Running transaction check
---> Package policycoreutils.x86_64 0:2.0.83-19.39.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
httpd x86_64 2.2.15-30.el6.centos updates 821 k
Installing for dependencies:
apr x86_64 1.3.9-5.el6_2 base 123 k
apr-util x86_64 1.3.9-3.el6_0.1 base 87 k
apr-util-ldap x86_64 1.3.9-3.el6_0.1 base 15 k
ethtool x86_64 2:3.5-1.4.el6_5 updates 101 k
httpd-tools x86_64 2.2.15-30.el6.centos updates 73 k
initscripts x86_64 9.03.40-2.el6.centos.1 updates 940 k
iproute x86_64 2.6.32-31.el6 base 365 k
iptables x86_64 1.4.7-11.el6 base 252 k
iputils x86_64 20071127-17.el6_4.2 base 120 k
mailcap noarch 2.1.31-2.el6 base 27 k
policycoreutils x86_64 2.0.83-19.39.el6 base 648 k
redhat-logos noarch 60.0.14-12.el6.centos base 15 M
upstart x86_64 0.6.5-13.el6_5.3 updates 177 k
Transaction Summary
================================================================================
Install 14 Package(s)
Total download size: 18 M
Installed size: 30 M
Downloading Packages:
--------------------------------------------------------------------------------
Total 536 kB/s | 18 MB 00:34
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de:
NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Importing GPG key 0xC105B9DE:
Userid : CentOS-6 Key (CentOS 6 Official Signing Key)
<centos-6-key(a)centos.org>
Package: centos-release-6-5.el6.centos.11.2.x86_64
(@CentOS-Updates/$releasever)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
** Found 2 pre-existing rpmdb problem(s), 'yum check' output follows:
udev-147-2.51.el6.x86_64 has missing requires of /sbin/service
udev-147-2.51.el6.x86_64 has missing requires of MAKEDEV >= ('0',
'3.11', None)
Installing : apr-1.3.9-5.el6_2.x86_64 1/14
Installing : apr-util-1.3.9-3.el6_0.1.x86_64 2/14
Installing : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 3/14
Installing : httpd-tools-2.2.15-30.el6.centos.x86_64 4/14
Installing : mailcap-2.1.31-2.el6.noarch 5/14
Installing : upstart-0.6.5-13.el6_5.3.x86_64 6/14
Installing : redhat-logos-60.0.14-12.el6.centos.noarch 7/14
Installing : 2:ethtool-3.5-1.4.el6_5.x86_64 8/14
Installing : iputils-20071127-17.el6_4.2.x86_64 9/14
Installing : iproute-2.6.32-31.el6.x86_64 10/14
Installing : initscripts-9.03.40-2.el6.centos.1.x86_64 11/14
Installing : policycoreutils-2.0.83-19.39.el6.x86_64 12/14
Installing : iptables-1.4.7-11.el6.x86_64 13/14
Installing : httpd-2.2.15-30.el6.centos.x86_64 14/14
groupadd: failure while writing changes to /etc/group
useradd: group 'apache' does not exist
warning: group apache does not exist - using root
warning: user apache does not exist - using root
warning: group apache does not exist - using root
warning: user apache does not exist - using root
warning: group apache does not exist - using root
warning: group apache does not exist - using root
Verifying : httpd-2.2.15-30.el6.centos.x86_64 1/14
Verifying : apr-1.3.9-5.el6_2.x86_64 2/14
Verifying : 2:ethtool-3.5-1.4.el6_5.x86_64 3/14
Verifying : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 4/14
Verifying : initscripts-9.03.40-2.el6.centos.1.x86_64 5/14
Verifying : iputils-20071127-17.el6_4.2.x86_64 6/14
Verifying : redhat-logos-60.0.14-12.el6.centos.noarch 7/14
Verifying : iptables-1.4.7-11.el6.x86_64 8/14
Verifying : upstart-0.6.5-13.el6_5.3.x86_64 9/14
Verifying : iproute-2.6.32-31.el6.x86_64 10/14
Verifying : mailcap-2.1.31-2.el6.noarch 11/14
Verifying : httpd-tools-2.2.15-30.el6.centos.x86_64 12/14
Verifying : apr-util-1.3.9-3.el6_0.1.x86_64 13/14
Verifying : policycoreutils-2.0.83-19.39.el6.x86_64 14/14
Installed:
httpd.x86_64 0:2.2.15-30.el6.centos
Dependency Installed:
apr.x86_64 0:1.3.9-5.el6_2
apr-util.x86_64 0:1.3.9-3.el6_0.1
apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1
ethtool.x86_64 2:3.5-1.4.el6_5
httpd-tools.x86_64 0:2.2.15-30.el6.centos
initscripts.x86_64 0:9.03.40-2.el6.centos.1
iproute.x86_64 0:2.6.32-31.el6
iptables.x86_64 0:1.4.7-11.el6
iputils.x86_64 0:20071127-17.el6_4.2
mailcap.noarch 0:2.1.31-2.el6
policycoreutils.x86_64 0:2.0.83-19.39.el6
redhat-logos.noarch 0:60.0.14-12.el6.centos
upstart.x86_64 0:0.6.5-13.el6_5.3
Complete!
Loaded plugins: fastestmirror
Cleaning repos: base extras updates
Cleaning up Everything
---> 544b2a692924
Removing intermediate container 783dae15dd6c
Step 3 : CMD service httpd start ; bash
---> Running in 0ede7efeb3cc
---> 140c0aaa7f53
Removing intermediate container 0ede7efeb3cc
Step 4 : EXPOSE 80
---> Running in 17025c7e85dc
---> 085199e5b898
Removing intermediate container 17025c7e85dc
Successfully built 085199e5b898
17:03:37 (..ainers/centos/test)$ docker run --rm -it test
Starting httpd: httpd: bad user name apache
[FAILED]
while everything builds and then run just fine, from index.docker.io:
https://index.docker.io/u/pantinor/centos_httpd/
--
You are receiving this mail because:
You are on the CC list for the bug.
8:04 a.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
oarribas <oarribas(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |oarribas(a)redhat.com
--- Comment #2 from oarribas <oarribas(a)redhat.com> ---
Similar error installing postgresql in a fedora based image.
Dockerfile:
FROM fedora
RUN yum install -y postgresql-server postgresql postgresql-contrib
USER postgres
RUN /usr/bin/initdb -D /var/lib/pgsql/data
When installing postgres, the following warnings appear:
.
.
Installing : postgresql-server-9.3.4-1.fc20.x86_64 6/6
warning: user postgres does not exist - using root
warning: group postgres does not exist - using root
.
.
.
And when running the initdb:
.
.
Step 3 : RUN /usr/bin/initdb -D /var/lib/pgsql/data
---> Running in 9bb388ecf911
finalize namespace setup user get supplementary groups Unable to find user
postgres
The command [/bin/sh -c /usr/bin/initdb -D /var/lib/pgsql/data] returned a
non-zero code: 1
.
.
--
You are receiving this mail because:
You are on the CC list for the bug.
8:10 a.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #3 from oarribas <oarribas(a)redhat.com> ---
In a container created with docker 0.9.1 and running with docker 0.11, if I try
to do a "su - postgres" it fails:
bash-4.2# su - postgres
su: System error
It runs in the same container, when running with docker 0.9.1
--
You are receiving this mail because:
You are on the CC list for the bug.
8:16 a.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #4 from Daniel Walsh <dwalsh(a)redhat.com> ---
The problem is the libselinux in the centos image is reporting that SELinux is
enabled to processes running within the container. This is tools like useradd
and groupadd to attempt to write to /proc/self/attr/* files in order to setup
proper labeling for SELinux. Since /proc is now mounted read/only within the
container, the writes are denied and useradd/groupadd fail.
The fix is to get an updated version of libselinux into the Centos 6 images.
RHEL7/RHEL6 and Current Fedora images have the fix.
Privileged containers and systems with SELInux disabled will not have this
issue.
I believe the Fedora bugs reported are a separate issue, and it looks like the
postgresql user needs to be added.
--
You are receiving this mail because:
You are on the CC list for the bug.
8:38 a.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #5 from Paolo Antinori <pantinor(a)redhat.com> ---
(In reply to Daniel Walsh from comment #4)
The problem is the libselinux in the centos image is reporting that
SELinux
is enabled to processes running within the container. This is tools like
useradd and groupadd to attempt to write to /proc/self/attr/* files in order
to setup proper labeling for SELinux. Since /proc is now mounted read/only
within the container, the writes are denied and useradd/groupadd fail.
The fix is to get an updated version of libselinux into the Centos 6 images.
RHEL7/RHEL6 and Current Fedora images have the fix.
Privileged containers and systems with SELInux disabled will not have this
issue.
I believe the Fedora bugs reported are a separate issue, and it looks like
the postgresql user needs to be added.
Hi Daniel, thanks for your comment. I just trust every of your word about
selinux, but I think that the problem cannot be just inside Centos image, since
it builds fine on index.docker.io:
https://index.docker.io/u/pantinor/centos_httpd/build_id/5062/code/bhwqyc...
Here the full log if that link is private:
http://fpaste.org/103787/
I am not sure which linux flavour is in use on index.docker.io, I suspect
coreOs.
I was able to compile correctly even on a boot2docker images.
On my last test I have temporarely disable SElinux, built as root, and
obviously not enable --privileged since it's not an option for the build sub
command.
http://fpaste.org/103787/
And still seeing these lines that are not present while building on other
platforms:
groupadd: failure while writing changes to /etc/group
useradd: group 'apache' does not exist
warning: group apache does not exist - using root
warning: user apache does not exist - using root
warning: group apache does not exist - using root
warning: user apache does not exist - using root
warning: group apache does not exist - using root
warning: group apache does not exist - using root
thank you
paolo
--
You are receiving this mail because:
You are on the CC list for the bug.
8:46 a.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #6 from Daniel Walsh <dwalsh(a)redhat.com> ---
When you say you disabled it, did you just put it in permissive mode? In
permissive mode the problem will continue, since it is not SELinux denying
access it is actually the fact that /proc is mounted Read/Only. Previous
versions of docker did not do this.
If you ran a container and just strace groupadd or useradd you will see it a
permission denied while trying to write to /proc which is readonly.
It would build fine on any platform that did not have "selinux enabled" in
permissive or enforcing mode.
--
You are receiving this mail because:
You are on the CC list for the bug.
8:55 a.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #7 from Paolo Antinori <pantinor(a)redhat.com> ---
oh, I see. I was just putting it in permissive mode.
Thanks for explanation.
--
You are receiving this mail because:
You are on the CC list for the bug.
10:55 a.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #8 from oarribas <oarribas(a)redhat.com> ---
Thanks Daniel, after an yum update of the host, postgresql runs again.
--
You are receiving this mail because:
You are on the CC list for the bug.
11:47 a.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #12 from Daniel Walsh <dwalsh(a)redhat.com> ---
I have pushed an updated libselinux for rhel6.6 into
http://people.redhat.com/dwalsh/SELinux/RHEL6
If you install this version of libselinux into your rhel6 base image, I believe
the useradd/groupadd problems will go away. We plan on adding this version to
any docker images for rhel6 that we ship even prior to the release of rhel6.6.
--
You are receiving this mail because:
You are on the CC list for the bug.
1:26 a.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #13 from Marek Goldmann <mgoldman(a)redhat.com> ---
(In reply to Daniel Walsh from comment #12)
I have pushed an updated libselinux for rhel6.6 into
http://people.redhat.com/dwalsh/SELinux/RHEL6
If you install this version of libselinux into your rhel6 base image, I
believe the useradd/groupadd problems will go away. We plan on adding this
version to any docker images for rhel6 that we ship even prior to the
release of rhel6.6.
This fixes the issue for me.
--
You are receiving this mail because:
You are on the CC list for the bug.
8:17 p.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
michael.faille(a)gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |michael.faille(a)gmail.com
--- Comment #14 from michael.faille(a)gmail.com ---
I have same exactly problem but using Fedora 20 with Docker version 0.11.1,
build fb99f99/0.11.1
--
You are receiving this mail because:
You are on the CC list for the bug.
3:33 p.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
Daniel Walsh <dwalsh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Alias| |libselinux_disabled
--
You are receiving this mail because:
You are on the CC list for the bug.
3:51 p.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
Daniel Walsh <dwalsh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |NEXTRELEASE
Last Closed| |2014-06-03 16:51:58
--- Comment #15 from Daniel Walsh <dwalsh(a)redhat.com> ---
I have provided a fixed libselinux package which can be used to build your
rhel6 image, We will soon be shipping a RHEL6 image with the newer libselinux
package. I have also provided patches for libselinux to centos
--
You are receiving this mail because:
You are on the CC list for the bug.
11:15 a.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #16 from Paolo Antinori <pantinor(a)redhat.com> ---
Thanks to Daniel half of my problem is solved.
I am now able to build successfully with Centos base image, adding his packages
as the very first step:
FROM centos:latest
# keep this until these packages get into the official image with Cenots 6.6
# see http://bugs.centos.org/view.php?id=7126
RUN yum install -y
http://mirror.centos.org/centos/6.5/centosplus/x86_64/Packages/libselinux...
http://mirror.centos.org/centos/6.5/centosplus/x86_64/Packages/libselinux...
RUN yum install -y httpd ; yum -y clean all
CMD service httpd start ; bash
EXPOSE 80
--
You are receiving this mail because:
You are on the CC list for the bug.
7:29 a.m.
New subject: [Bug 1098120] Unable to buid images that interact with /etc/groups
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #17 from Paolo Antinori <pantinor(a)redhat.com> ---
Centos base image has been officially updated with the new packages, so the
manual installation is no longer needed.
I still have problem connecting to sshd if I do not run the container as
privileged, but I have open the ticket on Docker side now.
--
You are receiving this mail because:
You are on the CC list for the bug.
3602
days inactive
3631
days old
golang@lists.fedoraproject.org
15 comments
1 participants
participants (1)
-
Red Hat Bugzilla