Bug#1019929: podman: Subordinate UID/GID ranges not fetched from libsubid

2022-09-30 Thread Sam Morris 
Control: tag -1 + patch

On Fri, Sep 16, 2022 at 12:10:43PM +0100, Sam Morris wrote:
> ... but it looks like podman doesn't use this library yet:

I've prepared a patch that builds libpod against libsubid:



Regards,

-- 
Sam Morris 
PGP: rsa4096/CAAA AA1A CA69 A83A 892B  1855 D20B 4202 5CDA 27B9

Bug#1019929: podman: Subordinate UID/GID ranges not fetched from libsubid

2022-09-16 Thread Sam Morris 
Package: podman
Version: 4.2.0+ds1-3
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I've not got anything in /etc/subuid or /etc/subgid because subordinate
id range info is stored in LDAP.

  $ grep ^subid: /etc/nsswitch.conf
  subid: sss

This is transparent to clients using libsubid:

  $ getsubids sam
  0: sam 2147483648 65536

... but it looks like podman doesn't use this library yet:

$ podman system info
ERRO[] cannot find UID/GID for user sam: no subuid ranges found for 
user "sam" in /etc/subuid - check rootless mode in man pages.
WARN[] Using rootless single mapping into the namespace. This might 
break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not 
using a network user
[...]
  idMappings:
gidmap:
- container_id: 0
  host_id: 1000
  size: 1
uidmap:
- container_id: 0
  host_id: 1000
  size: 1
[...]

- -- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (530, 'testing'), (520, 'unstable'), (1, 'experimental')
merged-usr: no
Architecture: amd64 (x86_64)

Kernel: Linux 5.19.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages podman depends on:
ii  conmon   2.1.3+ds1-1
ii  crun 1.5+dfsg-1+b1
ii  golang-github-containers-common  0.48.0+ds1-1
ii  libc62.34-7
ii  libdevmapper1.02.1   2:1.02.185-1
ii  libgpgme11   1.17.1-4.1
ii  libseccomp2  2.5.4-1+b1
ii  systemd [systemd-tmpfiles]   251.4-3

Versions of packages podman recommends:
ii  buildah1.26.1+ds1-1
ii  catatonit  0.1.7-1
ii  dbus-user-session  1.14.0-2
ii  fuse-overlayfs 1.9-1
ii  slirp4netns1.2.0-1
ii  uidmap 1:4.11.1+dfsg1-2

Versions of packages podman suggests:
ii  containers-storage  1.37.2+ds1-1+b2
pn  docker-compose  
ii  iptables1.8.8-1

- -- no debconf information

-BEGIN PGP SIGNATURE-

iIgEARYIADAWIQTWOGqGn6HETecdzqZOEaKLhlAYigUCYyRZrhIcc2FtQHJvYm90
cy5vcmcudWsACgkQThGii4ZQGIra+wEA9cSULDer04xzpg1djBcsaxdK78eH6avT
szoQ8hl2ERMA/08sN17EOvYQOLB8WwleW1kPCQZdDztMiapcY5Ep7CYI
=DI3R
-END PGP SIGNATURE-