|
Bugzilla – Full Text Bug Listing |
| Summary: | docker --userns-remap=default fails on-start | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Tumbleweed | Reporter: | Aleksa Sarai <asarai> |
| Component: | Containers | Assignee: | Aleksa Sarai <asarai> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | ||
| Version: | Current | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
Fixed in openSUSE, on its way to SLE. SUSE-SU-2020:0035-1: An update that solves one vulnerability and has 5 fixes is now available. Category: security (moderate) Bug References: 1122469,1143349,1150397,1152308,1153367,1158590 CVE References: CVE-2019-16884 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): containerd-1.2.10-5.19.1, containerd-kubic-1.2.10-5.19.1, docker-19.03.5_ce-6.31.1, docker-kubic-19.03.5_ce-6.31.1, docker-runc-kubic-1.0.0rc8+gitr3917_3e425f80a8c9-6.27.1, golang-github-docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-4.18.1, golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2877_3eb39382bfa6-4.18.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): containerd-1.2.10-5.19.1, docker-19.03.5_ce-6.31.1, golang-github-docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-4.18.1 SUSE Linux Enterprise Module for Containers 15-SP1 (src): containerd-1.2.10-5.19.1, docker-19.03.5_ce-6.31.1, docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.27.1, golang-github-docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-4.18.1 SUSE Linux Enterprise Module for Containers 15 (src): containerd-1.2.10-5.19.1, docker-19.03.5_ce-6.31.1, docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.27.1, golang-github-docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-4.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2020:0065-1: An update that solves one vulnerability and has 5 fixes is now available. Category: security (moderate) Bug References: 1122469,1143349,1150397,1152308,1153367,1158590 CVE References: CVE-2019-16884 Sources used: SUSE Linux Enterprise Module for Containers 12 (src): containerd-1.2.10-16.26.1, docker-19.03.5_ce-98.51.1, docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-1.35.1, golang-github-docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-28.1 SUSE CaaS Platform 3.0 (src): containerd-kubic-1.2.10-16.26.1, docker-kubic-19.03.5_ce-98.51.1, docker-runc-kubic-1.0.0rc8+gitr3917_3e425f80a8c9-1.35.1, golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2877_3eb39382bfa6-28.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2020:0045-1: An update that solves one vulnerability and has 5 fixes is now available. Category: security (moderate) Bug References: 1122469,1143349,1150397,1152308,1153367,1158590 CVE References: CVE-2019-16884 Sources used: openSUSE Leap 15.1 (src): containerd-1.2.10-lp151.2.9.1, docker-19.03.5_ce-lp151.2.15.1, docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-lp151.3.12.1, golang-github-docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-lp151.2.9.1 |
When trying to start a fresh Docker install with --userns-remap=default, it fails to start and gives the following error: > failed to start daemon: Error during groupname lookup for "dockremap": getent unable to find entry "dockremap" in group database Looks to be a regression, and a strange one at that -- there shouldn't be a need to check for the "dockremap" group since sub[ug]ids are associated with users and not groups. In the past this worked fine so there was probably a change made some time ago. The fix from our side is to create the users in the package, but I'll send a patch upstream to fix this (IMHO) incorrect behaviour.