Closed myllynen closed 1 week ago
The top-level directory is already user-readable/executable but podman still tries to make it world-executable.
If doing "chmod o+x /app" as root then the test would work as expected.
that won't be enough when you run inside a user namespace (for rootless a nested namespace), since your UID:GID could not be mapped in the inner namespace.
and we probably don't need this code anymore, the OCI runtime takes advantage of the new Linux mount API to achieve it without requiring the chmod hack we needed before
opened a PR, let's see how far it goes in the CI: https://github.com/containers/podman/pull/23032
Issue Description
When a directory in the path configured in
containers.conf
is not world-executable podman fails to run containers:The top-level directory is already user-readable/executable but podman still tries to make it world-executable.
If doing "chmod o+x /app" as root then the test would work as expected.
If this is indeed required then at least the error message should be clearer.
Steps to reproduce the issue
See above - any directory in the path, even if user-readable/executable, not world-executable will cause podman to fail.
Describe the results you received
Directories must be world-executable or podman fails.
Describe the results you expected
It is enough for directories to be owned and accessible by the user.
podman info output
Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
No
Additional environment details
Additional environment details
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting