toolbox icon indicating copy to clipboard operation
toolbox copied to clipboard
verified publisher icon containers

Pass supplemental groups when Podman is using crun

Open mwinters0 opened this issue 9 months ago • 5 comments

This solves the common issue where /dev/vboxusb/* is owned by group vboxusers, causing volume mounts to fail when running toolbox enter. Same is true for any other mapped dirs with supplemental group owners. This is a common issue, frequently reported by its rather cryptic symptoms.

Tested on Fedora Workstation 42.

Fixes https://github.com/containers/toolbox/issues/1589 Probably https://github.com/containers/toolbox/issues/1640

And maybe: https://github.com/containers/toolbox/issues/1310 https://github.com/containers/toolbox/issues/1085 https://github.com/containers/toolbox/issues/569

Note: Podman option keep-groups was created in https://github.com/containers/podman/commit/e356160f415b6111df09af214f0dea299e78ad04 and first released in v3.2.0 (2021-06-03).

mwinters0 avatar May 15 '25 19:05 mwinters0

I see that some of the Zuul tests are failing because they now see additional groups inside the container:

# -- line differs --
# index    : 0
# expected : uid=1000(zuul-worker) gid=1000(zuul-worker) groups=1000(zuul-worker)
# actual   : uid=1000(zuul-worker) gid=1000(zuul-worker) groups=1000(zuul-worker),27(sudo)
# --

I'm not able to address this because I don't really know what I'm doing with BATS:

% bats ./test/system
1..1
not ok 1 bats-gather-tests
# bats_load_safe: Could not find '/home/mwinters/projects/forks/containers_toolbox/test/system/libs/bats-support/load'[.bash]

mwinters0 avatar May 15 '25 19:05 mwinters0

Build failed. https://softwarefactory-project.io/zuul/t/local/buildset/53461b5bb8ba4ad59cfd8f6c653ae0a3

:heavy_check_mark: unit-test SUCCESS in 5m 54s :heavy_check_mark: unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 19s :heavy_check_mark: unit-test-restricted SUCCESS in 5m 51s :x: system-test-fedora-rawhide-commands-options FAILURE in 1h 06m 23s :x: system-test-fedora-rawhide-runtime-environment-arch-fedora FAILURE in 54m 57s :x: system-test-fedora-rawhide-runtime-environment-ubuntu FAILURE in 14m 41s :x: system-test-fedora-42-commands-options FAILURE in 1h 05m 28s :x: system-test-fedora-42-runtime-environment-arch-fedora FAILURE in 54m 55s :x: system-test-fedora-42-runtime-environment-ubuntu FAILURE in 15m 42s :x: system-test-fedora-41-commands-options FAILURE in 1h 06m 51s :x: system-test-fedora-41-runtime-environment-arch-fedora FAILURE in 54m 42s :x: system-test-fedora-41-runtime-environment-ubuntu FAILURE in 15m 57s :x: system-test-fedora-40-commands-options FAILURE in 1h 07m 34s :x: system-test-fedora-40-runtime-environment-arch-fedora FAILURE in 56m 53s :x: system-test-fedora-40-runtime-environment-ubuntu FAILURE in 16m 08s

softwarefactory-project-zuul[bot] avatar May 15 '25 21:05 softwarefactory-project-zuul[bot]

Oh any news on this? Isee our PRs seem to be related to each other. https://github.com/containers/toolbox/pull/1732

Knogle avatar Dec 11 '25 15:12 Knogle

I haven't had time to figure out how to satisfy the tests. I requested review 7 months ago, so I think the maintainers do not look at PRs unless the tests are passing.

mwinters0 avatar Dec 11 '25 16:12 mwinters0

Maybe we can tag him for attention @debarshiray Is it broken for any other distro, or only reported for Fedora btw. ?

Knogle avatar Dec 11 '25 18:12 Knogle