[CNV-46725] CDI builder image's bazel binary is missing executable permissions for unprivilieged users - Red Hat Issue Tracker

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: CNV v4.17.0
Affects Version/s: CNV v4.17.0
Component/s: Storage Platform
Labels:
None

Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Component Fix Version(s):
CNV v4.99.0.rhel9-1121
[QE] How to address?:
---
[QE] Why QE missed?:
---
Market:

Sprint:
Storage Core Sprint 258, Storage Core Sprint 259

Regression:
None

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Description of problem:

bazel binary from latest CDI builder image is missing execution permissions for unprivileged users:

ls -l /usr/bin/bazel 
-rwxr--r--. 1 root root 51849045 Aug 16 08:43 /usr/bin/bazel

Version-Release number of selected component (if applicable):

CDI builder image: quay.io/kubevirt/kubevirt-cdi-bazel-builder:2408160841-626901083

Steps to Reproduce:

1. Create a Pod using latest CDI builder image on OpenShift with an unprivileged SCC
2. Try to compile the func tests: make build-functest

Actual results:

Since the Pod is using an arbitrary unprivileged user on OpenShift, the command is failing to execute bazel binary:

./hack/build/build-ginkgo.sh: line 10: /usr/bin/bazel: Permission denied

Expected results:

CDI builder image should be able to run as an unprivileged user.

links to

Make bazel binary world executable #3403

RHEA-2024:133097 OpenShift Virtualization 4.17.0 Images

Assignee:: Alex Kalenyuk

Reporter:: Denis Ollier Pinas

QA Contact:: Natalie Gavrielov

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2024/08/20 2:48 PM

Updated:: 2024/10/15 2:11 PM

Resolved:: 2024/10/15 2:11 PM