Open meeuw opened 6 months ago
xattr security.capability missing on docker image.
How to reproduce:
podman run --rm -ti fedora:39
attr
getfattr
dnf install -y attr
/usr/bin/newgidmap
getfattr -d -m - usr/bin/newgidmap
# file: usr/bin/newgidmap security.capability=0sAQAAAkAAAAAAAAAAAAAAAAAAAAA= security.selinux="system_u:object_r:container_file_t:s0:c375,c964"
# file: usr/bin/newgidmap security.selinux="system_u:object_r:container_file_t:s0:c375,c964"
dnf reinstall shadow-utils
See also: https://github.com/containers/image_build/blob/c54b97d4f4cec53ca9754bb1fa57fd0f0005dd94/buildah/Containerfile#L37-L39
xattr security.capability missing on docker image.
How to reproduce:
Step 1, run image:
podman run --rm -ti fedora:39
Step 2, install
attr
(forgetfattr
below)dnf install -y attr
Step 3, check xattrs for
/usr/bin/newgidmap
Expected result:
Actual result:
Work around: