Add subuid/subgid for the manageiq user

agrare commented 1 year ago

Allow running non-root containers by setting subuid/gid maps for the manageiq user. This resolves the "chown" issue when pulling images as the manageiq user as well as fixing the warnings present when running with the missing uid maps.

https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration

agrare commented 1 year ago

Tested the upgrade path with empty setuid and setgid files:

[root@manageiq ~]# >/etc/subuid
[root@manageiq ~]# >/etc/subgid
[root@manageiq ~]# dnf install /tmp/*.rpm
Last metadata expiration check: 1:10:32 ago on Mon 28 Aug 2023 12:40:13 PM EDT.
Dependencies resolved.
=============================================================================================================================================================================
 Package                                         Architecture                  Version                                             Repository                           Size
=============================================================================================================================================================================
Upgrading:
 manageiq-ansible-venv                           x86_64                        18.0.0-20230828172204.el8                           @commandline                         28 M
 manageiq-appliance                              x86_64                        18.0.0-20230828172204.el8                           @commandline                         14 k
 manageiq-appliance-tools                        x86_64                        18.0.0-20230828172204.el8                           @commandline                        6.9 k
 manageiq-core                                   x86_64                        18.0.0-20230828172204.el8                           @commandline                        3.6 M
 manageiq-core-services                          x86_64                        18.0.0-20230828172204.el8                           @commandline                         12 k
 manageiq-gemset                                 x86_64                        18.0.0-20230828172204.el8                           @commandline                         56 M
 manageiq-gemset-services                        x86_64                        18.0.0-20230828172204.el8                           @commandline                         48 k
 manageiq-system                                 x86_64                        18.0.0-20230828172204.el8                           @commandline                         37 k
 manageiq-ui                                     x86_64                        18.0.0-20230828172204.el8                           @commandline                         26 M

Transaction Summary
=============================================================================================================================================================================
Upgrade  9 Packages

Complete!
[root@manageiq ~]# cat /etc/subuid
manageiq:100000:65536
[root@manageiq ~]# cat /etc/subgid
manageiq:100000:65536

miq-bot commented 1 year ago

Checked commit https://github.com/agrare/manageiq-rpm_build/commit/5160dc2509bbbac40b7595b9252f9c1cd3532790 with ruby 2.6.10, rubocop 1.28.2, haml-lint 0.35.0, and yamllint 0 files checked, 0 offenses detected Everything looks fine. :+1:

Fryguy commented 1 year ago

Backported to quinteros in commit c700256e9be0f55583e833d088d74538101ac9e8.

commit c700256e9be0f55583e833d088d74538101ac9e8
Author: Brandon Dunne <brandondunne@hotmail.com>
Date:   Tue Aug 29 11:23:34 2023 -0400

    Merge pull request #415 from agrare/add_subuids_gids_manageiq_user

    Add subuid/subgid for the manageiq user

    (cherry picked from commit 11ad6d889849caa2c62cac4cc87834f92eba617d)

ManageIQ / manageiq-rpm_build

Add subuid/subgid for the manageiq user #415