Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-32464

fix: do not use become for changing hostdir ownership, and expose subuid/subgid info

XMLWordPrintable

    • rhel-system-roles-1.78.1-0.1.el9
    • None
    • None
    • ZStream
    • 4
    • rhel-sst-system-roles
    • 1
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • System Roles Sprint 1, System Roles Sprint 2, System Roles Sprint 3, System Roles Sprint 4
    • Approved Blocker
    • Bug Fix
    • Hide
      .The `podman` RHEL system role can set the ownership of the host directory again

      Previously, the `podman` RHEL system role was using the `become` keyword with the user when setting the ownership of the host directory. As a consequence, the role could not properly set the ownership. With this update, the `podman` RHEL system role does not use `become` with the ordinary user. Instead, it uses the `root` user. As a result, `podman` can set the ownership of the host directory.

      As a complement to this bugfix, the following role variables have been added to the `podman` RHEL system role:

      * `podman_subuid_info` (dictionary): Exposes information used by the role from the `/etc/subuid` file. This information is needed to properly set the owner information for host directories.

      * `podman_subgid_info` (dictionary): Exposes information used by the role from the `/etc/subgid` file. This information is needed to properly set the group information for host directories.

      For more details about the newly added variables, see the resources in the `/usr/share/doc/rhel-system-roles/podman/` directory.
      Show
      .The `podman` RHEL system role can set the ownership of the host directory again Previously, the `podman` RHEL system role was using the `become` keyword with the user when setting the ownership of the host directory. As a consequence, the role could not properly set the ownership. With this update, the `podman` RHEL system role does not use `become` with the ordinary user. Instead, it uses the `root` user. As a result, `podman` can set the ownership of the host directory. As a complement to this bugfix, the following role variables have been added to the `podman` RHEL system role: * `podman_subuid_info` (dictionary): Exposes information used by the role from the `/etc/subuid` file. This information is needed to properly set the owner information for host directories. * `podman_subgid_info` (dictionary): Exposes information used by the role from the `/etc/subgid` file. This information is needed to properly set the group information for host directories. For more details about the newly added variables, see the resources in the `/usr/share/doc/rhel-system-roles/podman/` directory.
    • Done
    • None

      When creating host directories, do not use `become`, because if
      it needs to change ownership, that must be done by `root`, not
      as the rootless podman user.

      In order to test this, I have changed the role to export the subuid and subgid
      information for the rootless users as two dictionaries:
      `podman_subuid_info` and `podman_subgid_info`. See `README.md` for
      usage.

      NOTE that depending on the namespace used by your containers, you might not
      be able to use the subuid and subgid information, which comes from `getsubids`
      if available, or directly from the files `/etc/subuid` and `/etc/subgid` on
      the host.

      QE: The test tests_basic.yml has been extended for this.

      Signed-off-by: Rich Megginson <rmeggins@redhat.com>

              rmeggins@redhat.com Richard Megginson
              rmeggins@redhat.com Richard Megginson
              Richard Megginson Richard Megginson
              David Jez David Jez
              Jaroslav Klech Jaroslav Klech
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: