search

tern-tools / tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
BSD 2-Clause "Simplified" License
967 stars 188 forks source link

Rootless podman support? #1115

Open nishakm opened 2 years ago

nishakm commented 2 years ago

Describe the Feature When building and running tern using podman as a non-root user, the following error occurs:

2022-02-03 15:28:04,409 - DEBUG - rootfs - Running command: mknod /root/.tern/temp/mergedir/dev/urandom c 1 9                                                                                 2022-02-03 15:28:04,416 - ERROR - rootfs - Command failed. mknod: /root/.tern/temp/mergedir/dev/urandom: Operation not permitted                                                                                                                                                                                                                                                            2022-02-03 15:28:04,416 - ERROR - rootfs - None                                                                                                                                               2022-02-03 15:28:04,416 - CRITICAL - single_layer - Cannot create device nodes: Command '['mknod', '/root/.tern/temp/mergedir/dev/urandom', 'c', '1', '9']' returned non-zero exit status 1.  2022-02-03 15:28:04,417 - DEBUG - rootfs - Running command: umount -rl /root/.tern/temp/mergedir                                                                                              2022-02-03 15:28:04,425 - ERROR - rootfs - Command failed. umount: /root/.tern/temp/mergedir: must be superuser to unmount.                                                                   

2022-02-03 15:28:04,425 - DEBUG - rootfs - Running command: rm -rf /root/.tern/temp/mergedir                                                                                                  
2022-02-03 15:28:04,522 - DEBUG - rootfs - Running command: rm -rf /root/.tern/temp/workdir

It is currently possible to get around this issue by running sudo podman run --privileged but it would be nice if this didn't need to be the case.

nishakm commented 2 years ago

/dev/urandom is required by images using rpm. Perhaps we can create that device node only for rpm style jobs and then remove it?