Bug 1143349 - docker --userns-remap=default fails on-start
docker --userns-remap=default fails on-start
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Containers
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Aleksa Sarai
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-30 05:19 UTC by Aleksa Sarai
Modified: 2020-01-13 23:40 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksa Sarai 2019-07-30 05:19:57 UTC
When trying to start a fresh Docker install with --userns-remap=default, it fails to start and gives the following error:

> failed to start daemon: Error during groupname lookup for "dockremap": getent unable to find entry "dockremap" in group database

Looks to be a regression, and a strange one at that -- there shouldn't be a need to check for the "dockremap" group since sub[ug]ids are associated with users and not groups. In the past this worked fine so there was probably a change made some time ago.

The fix from our side is to create the users in the package, but I'll send a patch upstream to fix this (IMHO) incorrect behaviour.
Comment 2 Aleksa Sarai 2019-12-12 13:01:45 UTC
Fixed in openSUSE, on its way to SLE.
Comment 4 Swamp Workflow Management 2020-01-08 11:12:00 UTC
SUSE-SU-2020:0035-1: An update that solves one vulnerability and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1122469,1143349,1150397,1152308,1153367,1158590
CVE References: CVE-2019-16884
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    containerd-1.2.10-5.19.1, containerd-kubic-1.2.10-5.19.1, docker-19.03.5_ce-6.31.1, docker-kubic-19.03.5_ce-6.31.1, docker-runc-kubic-1.0.0rc8+gitr3917_3e425f80a8c9-6.27.1, golang-github-docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-4.18.1, golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2877_3eb39382bfa6-4.18.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    containerd-1.2.10-5.19.1, docker-19.03.5_ce-6.31.1, golang-github-docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-4.18.1
SUSE Linux Enterprise Module for Containers 15-SP1 (src):    containerd-1.2.10-5.19.1, docker-19.03.5_ce-6.31.1, docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.27.1, golang-github-docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-4.18.1
SUSE Linux Enterprise Module for Containers 15 (src):    containerd-1.2.10-5.19.1, docker-19.03.5_ce-6.31.1, docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.27.1, golang-github-docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-4.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2020-01-10 14:15:17 UTC
SUSE-SU-2020:0065-1: An update that solves one vulnerability and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1122469,1143349,1150397,1152308,1153367,1158590
CVE References: CVE-2019-16884
Sources used:
SUSE Linux Enterprise Module for Containers 12 (src):    containerd-1.2.10-16.26.1, docker-19.03.5_ce-98.51.1, docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-1.35.1, golang-github-docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-28.1
SUSE CaaS Platform 3.0 (src):    containerd-kubic-1.2.10-16.26.1, docker-kubic-19.03.5_ce-98.51.1, docker-runc-kubic-1.0.0rc8+gitr3917_3e425f80a8c9-1.35.1, golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2877_3eb39382bfa6-28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2020-01-13 23:11:51 UTC
openSUSE-SU-2020:0045-1: An update that solves one vulnerability and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1122469,1143349,1150397,1152308,1153367,1158590
CVE References: CVE-2019-16884
Sources used:
openSUSE Leap 15.1 (src):    containerd-1.2.10-lp151.2.9.1, docker-19.03.5_ce-lp151.2.15.1, docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-lp151.3.12.1, golang-github-docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-lp151.2.9.1