Several of our builds that attempts to mount a build-secret have started failing after quay.io/buildah/stable:v1 was updated from v1.40.1 to v1.41.3.

The issue seems to be that specifying the uid as an argument to the --mount parameter no longer results in the expected permissions for the secret.

Steps to reproduce the issue

With this Containerfile:
FROM docker.io/library/alpine:latestRUN --mount=type=secret,id=test_secret \
/bin/sh -c '\ ls -lh /run/secrets/test_secret \ && [ -e /run/secrets/test_secret ] \ && cat /run/secrets/test_secret \ && [ "$(cat /run/secrets/test_secret)" = "some-expected-secret-value" ]' \
&& echo "Test OK"USER nobodyRUN --mount=type=secret,uid=65534,id=test_secret_user \
/bin/sh -c '\ ls -lh /run/secrets/test_secret_user \ && [ -e /run/secrets/test_secret_user ] \ && cat /run/secrets/test_secret_user \ && [ "$(cat /run/secrets/test_secret_user)" = "some-other-secret-value" ]' \
&& echo "Test OK"
 
... do this:
export SECRET1=some-expected-secret-valueexport SECRET2=some-other-secret-value
buildah build --secret id=test_secret,src=env,env=SECRET1 --secret id=test_secret_user,src=env,env=SECRET2 .
 

Describe the results you received

STEP 3/4: USER nobody
--> Pushing cache []
--> 58e995db39e6
STEP 4/4: RUN --mount=type=secret,uid=65534,id=test_secret_user /bin/sh -c ' ls -lh /run/secrets/test_secret_user && [ -e /run/secrets/test_secret_user ] && cat /run/secrets/test_secret_user && [ "$(cat /run/secrets/test_secret_user)" = "some-other-secret-value" ]' && echo "Test OK"
ls: /run/secrets/test_secret_user: Permission denied
subprocess exited with status 1
subprocess exited with status 1
Error: building at STEP "RUN --mount=type=secret,uid=65534,id=test_secret_user /bin/sh -c ' ls -lh /run/secrets/test_secret_user && [ -e /run/secrets/test_secret_user ] && cat /run/secrets/test_secret_user && [ "$(cat /run/secrets/test_secret_user)" = "some-other-secret-value" ]' && echo "Test OK"": exit status 1

Describe the results you expected

--> Pushing cache []
--> c794fe725496
STEP 4/4: RUN --mount=type=secret,uid=65534,id=test_secret_user /bin/sh -c ' ls -lh /run/secrets/test_secret_user && [ -e /run/secrets/test_secret_user ] && cat /run/secrets/test_secret_user && [ "$(cat /run/secrets/test_secret_user)" = "some-other-secret-value" ]' && echo "Test OK"
r------- 1 nobody root 23 Sep 1 12:40 /run/secrets/test_secret_user
some-other-secret-valueTest OK

buildah version output

We're following the latest quay.io/buildah/stable:v1 image, which we update nightly. This image was recently updated from v1.40.1 to v1.41.3.
 

buildah info output

We're running the official image on kubernetes, with slight customizations:FROM quay.io/buildah/stable:v1RUN sed -i \'s/^.+secrets\/(etc-pki-entitlement|rhsm).+$/#&/' \/etc/containers/mounts.conf \&& sed -i -e 's/^mount_program/#mount_program/g' -e 's/^mountopt/#mountopt/g' \/etc/containers/storage.conf \&& dnf remove -y fuse-overlayfsCOPY registries.conf.d/* /etc/containers/registries.conf.d/