`ls /` yields "Operation not permitted" in fedora:33 and fedora:rawhide

[jbonyun]

My host OS is CentOS 7.6, with docker 18.09.5.

With both fedora:33 and fedora:rawhide, I get the following result:

$ docker run --rm fedora:33 ls /
ls: cannot access '/': Operation not permitted

With fedora:32, ubuntu, centos:centos8, and everything else I've tried:

$ docker run --rm centos:centos8 ls /
bin
dev
etc
... [etc]

Googling didn't turn up much, but it did find this dead-on description in the Redhat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1764152

I also see the same behavior where ls will work, but ls / doesn't work. More important to me, if I run bash in the container, then ls doesn't work regardless of whether you specify a path or not.

That bug report claims it was fixed long ago in Fedora 30. The blame was placed on a bad coreutils change.

If I do ls --version I get 8.32 in fedora:32, fedora:33, fedora:rawhide -- i.e. the same coreutils version works in one fedora, but not in others). If I do a dnf info coreutils I find fedora:32->coreutils-8.32-4.fc32, fedora:33->coreutils-8.32-12.fc33, fedora:rawhide->coreutils-8.32-14.fc34 -- i.e. there is a minor update happening along the way.

I managed to downgrade using dnf --releasever=32 --enablerepo=fedora downgrade coreutils-8.32-3.fc32.1 and suddenly ls starts working again. If I upgrade back to -14, then ls starts giving the error again. So it really does seem to be something about the minor version updates to coreutils.