-
Bug
-
Resolution: Done
-
Undefined
-
None
-
rhel-9.6
-
No
-
Critical
-
1
-
rhel-sst-bootc
-
3
-
False
-
-
None
-
Bootc Sprint #7
-
None
-
None
-
None
What were you trying to do that didn't work?
The authselect package is missing in in RHEL-9.6 bootc images. Moreover, once it is installed and sssd or minimal profile is selected in Containerfile (at build time) then the system boots into Image Mode but various things related to authentication are broken, for example ssh access to the system.
The ostree based systems require nss-altfiles. During installation of authselect package the file /run/ostree-booted must exist so the authselect scriplet (https://github.com/authselect/authselect/blob/master/rpm/authselect.spec.in#L210-L217) hardcodes altfiles in /etc/nsswitch.conf during package installation. Currently, the file /run/ostree-booted doesn't exist on RHEL-9.6 bootc container at build time so the authselect scriplet is not executed during package installation and that causes authentication issues at runtime.
There needs to be a discussion if the /run/ostree-booted file should be present in the bootc images or if authselect should rather use a different approach to detect bootc container build time environment in order to run the scriplet.
Note: RHEL-10.0 bootc image is not affected by this issue.
Please provide the package NVR for which the bug is seen:
rhel-bootc:RHEL-9.6.0-20250125.2
How reproducible is this bug?:
Deterministic
Steps to reproduce
- In Containerfile (based on RHEL-9.6 bootc container image) install and configure authselect:
... RUN dnf -y install authselect RUN authselect select sssd
- Build a contaner image from the Containerfile and boot it (e.g. using bootc-image-builder as a VM)
- Once booted try to login through ssh (won't work) and then login to the VM through console and check journalctl and see various authentication related errors
- relates to
-
-
- Closed
-
- mentioned on
