Description
Issue Description
When trying to build a Rocky9 image using Rootless Podman (run on Kubernetes) we are seeing the following error:
`Upgrading : filesystem-3.16-5.el9.x86_64 7/189Error unpacking rpm package filesystem-3.16-5.el9.x86_64
Upgrading : basesystem-11-13.el9.0.1.noarch 8/189
error: unpacking of archive failed on file /dev: cpio: chown failed - Inappropriate ioctl for device
error: filesystem-3.16-5.el9.x86_64: install failed
`
When running as root in a privileged container the filesystem-3.16-5.el9.x86_64 package installs correctly.
Steps to reproduce the issue
Steps to reproduce the issue
- Deploy a Rootless Podman pod onto Kubernetes
- Attempt to build a Rocky9 image that
runs yum update -y
Describe the results you received
yum update -y fails are the package filesystem-3.16-5.el9.x86_64 fails to install.
Based on the error message it looks like the filesystem-3.16-5.el9.x86_64 package is trying to write to /dev but is unable to
Describe the results you expected
yum update -y to complete successfully
podman info output
`[podman@container-builder-59f6b6b988-jnnfl ~]$ podman version
Client: Podman Engine
Version: 4.9.4
API Version: 4.9.4
Go Version: go1.21.8
Built: Tue Mar 26 09:39:52 2024
OS/Arch: linux/amd64
`
`[podman@container-builder-59f6b6b988-jnnfl ~]$ podman info
host:
arch: amd64
buildahVersion: 1.33.7
cgroupControllers:
- cpuset
- cpu
- io
- memory
- hugetlb
- pids
- rdma
- misc
cgroupManager: cgroupfs
cgroupVersion: v2
conmon:
package: conmon-2.1.10-1.fc39.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.10, commit: '
cpuUtilization:
idlePercent: 73.14
systemPercent: 7.08
userPercent: 19.79
cpus: 12
databaseBackend: sqlite
distribution:
distribution: fedora
variant: container
version: "39"
eventLogger: file
freeLocks: 2048
hostname: container-builder-59f6b6b988-jnnfl
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 564700753
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 564700753
kernel: 6.8.0-51-generic
linkmode: dynamic
logDriver: k8s-file
memFree: 715821056
memTotal: 33272655872
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.10.0-1.fc39.x86_64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.10.0
package: netavark-1.10.3-1.fc39.x86_64
path: /usr/libexec/podman/netavark
version: netavark 1.10.3
ociRuntime:
name: crun
package: crun-1.14.4-1.fc39.x86_64
path: /usr/bin/crun
version: |-
crun version 1.14.4
commit: a220ca661ce078f2c37b38c92e66cf66c012d9c1
rundir: /tmp/podman-run-1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20240326.g4988e2b-1.fc39.x86_64
version: |
pasta 0^20240326.g4988e2b-1.fc39.x86_64
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: false
path: /tmp/podman-run-1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.2-1.fc39.x86_64
version: |-
slirp4netns version 1.2.2
commit: 0ee2d87523e906518d34a6b423271e4826f71faf
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.3
swapFree: 1992552448
swapTotal: 2046816256
uptime: 61h 1m 0.00s (Approximately 2.54 days)
variant: ""
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /home/podman/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: vfs
graphOptions: {}
graphRoot: /home/podman/.local/share/containers/storage
graphRootAllocated: 981132795904
graphRootUsed: 63034843136
graphStatus: {}
imageCopyTmpDir: /var/tmp
imageStore:
number: 2
runRoot: /tmp/containers-user-1000/containers
transientStore: false
volumePath: /home/podman/.local/share/containers/storage/volumes
version:
APIVersion: 4.9.4
Built: 1711445992
BuiltTime: Tue Mar 26 09:39:52 2024
GitCommit: ""
GoVersion: go1.21.8
Os: linux
OsArch: linux/amd64
Version: 4.9.4
`Podman in a container
Yes
Privileged Or Rootless
Rootless
Upstream Latest Release
No
Additional environment details
Additional environment details
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting