-
Bug
-
Resolution: Done-Errata
-
Major
-
rhel-10.0
-
Yes
-
Important
-
0day
-
2
-
rhel-container-tools
-
1
-
False
-
False
-
-
None
-
RUN 267, RUN 268
-
Pass
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
upstream issue: https://github.com/containers/buildah/issues/6001
When using buildah on FC42/Rawhide, /etc/os-release seems to come from the host fs, not the container building environment.
Reproducer:
$ podman run --rm -it --pull=newer --privileged quay.io/fedora/fedora:42 sh -c "dnf install buildah -y; printf 'FROM quay.io/fedora/fedora:40\nRUN cat /etc/os-release\nRUN cat /usr/lib/os-release' > Dockerfile; buildah build .; BUILDAH_ISOLATION=chroot buildah build ."|grep PLATFORM_ID PLATFORM_ID="platform:f40" PLATFORM_ID="platform:f40" PLATFORM_ID="platform:f42" PLATFORM_ID="platform:f40" $ podman run --rm -it --pull=newer --privileged quay.io/fedora/fedora:41 sh -c "dnf install buildah -y; printf 'FROM quay.io/fedora/fedora:40\nRUN cat /etc/os-release\nRUN cat /usr/lib/os-release' > Dockerfile; buildah build .; BUILDAH_ISOLATION=chroot buildah build ."|grep PLATFORM_ID PLATFORM_ID="platform:f40" PLATFORM_ID="platform:f40" PLATFORM_ID="platform:f40" PLATFORM_ID="platform:f40"
This runs a FC container via podman, installs buildah, and than outputs the contents of /etc/os-release and /usr/lib/os-release and greps for the version number, once without BUILDAH_ISOLATION and once with BUILDAH_ISOLATION=chroot.
On FC <= 41, this outputs PLATFORM_ID="platform:f40" four times. On FC >= 42, this outputs the PLATFORM_ID from the host fs once (for BUILDAH_ISOLATION=chroot and /etc/os-release).
Expected behavior: /etc/os-release comes from the container building environment.
Buildah version: buildah x86_64 2:1.39.0-1.fc42 fedora
- clones
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
- links to
-
RHSA-2025:146462
buildah security bug fix and enhancement update
