Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp440929pxb; Tue, 19 Oct 2021 06:08:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyoim1Ec8SwgrNOxp6Iai5PMnzTZ1yMPHA5NZlq2I44kBrvg7vJnMRdbtGxSTgzrQEeJMmv X-Received: by 2002:a17:90a:c70d:: with SMTP id o13mr6535483pjt.143.1634648915520; Tue, 19 Oct 2021 06:08:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634648915; cv=none; d=google.com; s=arc-20160816; b=ZEl0sflzGN1Ilb9hoh0PueSbmRgPT/wvRGtIIJkocbcAlQ9g8h/HjHl7xMuhKdGWxw NlR8XmogQFMcuJDRTzQO3xis80xzNAWysrPvpEFEEYNXjIAVzAW3Y/4Tseosbd4uUQxL e0rzbn48CKNRNdrhUemKyakk5jO1HeoBDImkB2a7v/yw2weRmOYIth769Uq0mcqlg4mU yU+Gpg3rSf9Y3kKErJmG+9th9pJH5vFPIZlFh1VkINfZS5HyV1hArnjAGx3sO1zWuiPl eiBqKmXHmIT+T1rH3Zal2qdQUfwwwYPxaZQioms2E5OLgAIhmGTRccl1wjnJ0Z5q86Xl P8BQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:mail-followup-to:message-id:subject:cc:to:from:date :dkim-signature; bh=4ajEhiZu8sdnzA3D+QyFwiSVeRq1/0ZFz6G1ykAePus=; b=ITn85hwzF4TyNvIrebnYVmOBZ4sZZNNewxT6QFkbFs9H+jNg3oauGmFKMFAk+Z9LXu m2N+s/LyM/WtkM3mCeMWjvFhqI+JjA1QVR9HDumco36iLlG1rQgxQD28FUsnLiHa1XT1 sRatQvs2MdAsIPvtkiVak3LjBtO5TybD10LutN286oWqWCSe10WJPejgiFNbQI97w3Yk 9lq6jT52b/1rvX/6c8j5hmHwdfC7Xb5c7o35CBXATVgbRIDZ7PbGysp75JewkGWqoRbr 5c39UK/1Wa2cA6HNq/ymGjbAoGuMZzWvgR1jZhIQDjTiNEKlI8OyTO+qKvJT7ZEwzksX aMIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ehdkqv0a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 24si28271206pgy.545.2021.10.19.06.08.17; Tue, 19 Oct 2021 06:08:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ehdkqv0a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235557AbhJSNHO (ORCPT + 99 others); Tue, 19 Oct 2021 09:07:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45308 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230097AbhJSNHN (ORCPT ); Tue, 19 Oct 2021 09:07:13 -0400 Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC343C06161C for ; Tue, 19 Oct 2021 06:05:00 -0700 (PDT) Received: by mail-ot1-x32d.google.com with SMTP id g62-20020a9d2dc4000000b0054752cfbc59so1856334otb.1 for ; Tue, 19 Oct 2021 06:05:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to; bh=4ajEhiZu8sdnzA3D+QyFwiSVeRq1/0ZFz6G1ykAePus=; b=ehdkqv0aEnLexGDvcX1MwhetXLhs2b1DnZeEHNFYbZWKd1YDw2jV/2FsBd3jUaKT1j LOGfZV3iVjteKR5JHoB3XRhuwloYGrhJTjWq4WwvPW4v/wSEdCJ11tmxbuS2usFPpiSE dDvFxikkI+uMo5ZzkBLD4T1BH1dtSmpe8o82XB+6grOcifAjQNIErkt+nQRpa+Y5fG3q J1M6+JKj+iQHNlNuVfcuTWkMxa8m3XWF2qb6A7q98ldk9ytGa2IvoFbNaajPSyu23xY7 CspdEk5EV1c1pOQ+8+T/Vqw5iPDBg2ieVvynNvU+LH9cXoLmBdZ08tepLW7GITQjC9Qa OQRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to; bh=4ajEhiZu8sdnzA3D+QyFwiSVeRq1/0ZFz6G1ykAePus=; b=jaP/Fjt18v8uXGVEOAAelndxAK/x4xNb+tIkIJIjRdN18N8Nn4T+Oo30VwVko3d318 2suH8ZVmFnyI8URdHqMXeKVT36rKS1YLtrZYYir7bjGj7ffdnzAPij5+uc10uK11A/2Z GvwkhfAA0pmNr8il6Gv1bGFDauQBjfBRQGN2c7D08PqHBTzBaoiznYYDaId6vND0Oo52 poLwXJCFVyi4Jei8j1McdmsoGY24L13sRbUZ0DujfmWTfeu9AuHm4dI9r65t5zfwjyih 7krKEtQSbO2Yv76gH9heZ+FG2qL9cK3cRzRVVxGx4xKNgB6UX84a9UKAzJcETH9hve58 Smig== X-Gm-Message-State: AOAM533qm3QG0ae64nmggrVaC8PklBmXSn0s83fAQoaNfus+KhQCxigU qqpfDlK/SPZn/pnlrDcotTGD3A== X-Received: by 2002:a9d:12f4:: with SMTP id g107mr4968322otg.77.1634648700240; Tue, 19 Oct 2021 06:05:00 -0700 (PDT) Received: from winterfell.papolivre.org (winterfell.papolivre.org. [2600:3c00::f03c:91ff:fe69:3960]) by smtp.gmail.com with ESMTPSA id h17sm1465168otm.69.2021.10.19.06.04.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Oct 2021 06:04:59 -0700 (PDT) Received: from localhost (unknown [IPv6:2804:14d:7224:863b:8aab:99a1:213e:7f96]) by winterfell.papolivre.org (Postfix) with ESMTPSA id 2362E1C2F41; Tue, 19 Oct 2021 10:04:57 -0300 (-03) Date: Tue, 19 Oct 2021 10:04:55 -0300 From: Antonio Terceiro To: Greg Kroah-Hartman Cc: Naresh Kamboju , Sudeep Holla , open list , Shuah Khan , Florian Fainelli , patches@kernelci.org, lkft-triage@lists.linaro.org, Jon Hunter , linux-stable , Pavel Machek , Andrew Morton , Linus Torvalds , Guenter Roeck , Jens Wiklander Subject: Re: [PATCH 5.14 000/151] 5.14.14-rc1 review Message-ID: Mail-Followup-To: Greg Kroah-Hartman , Naresh Kamboju , Sudeep Holla , open list , Shuah Khan , Florian Fainelli , patches@kernelci.org, lkft-triage@lists.linaro.org, Jon Hunter , linux-stable , Pavel Machek , Andrew Morton , Linus Torvalds , Guenter Roeck , Jens Wiklander References: <20211018132340.682786018@linuxfoundation.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="pGcdEnaB5gTxgpS7" Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --pGcdEnaB5gTxgpS7 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, On Tue, Oct 19, 2021 at 08:47:58AM +0200, Greg Kroah-Hartman wrote: > Ah much better, I had an older version of tuxmake here. >=20 > Now it fails with an expected permission problem: > Error: writing blob: adding layer with blob "sha256:10348114f214e2f07f30f= a82aaa743c1750b2a9025cc8bec19f3f4f2b087a96d": Error processing tar file(exi= t status 1): potentially insufficient UIDs or GIDs available in user namesp= ace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid: l= chown /etc/gshadow: invalid argument > E: Runtime preparation failed: failed to pull remote image docker.io/tuxm= ake/arm64_gcc-11 >=20 > Note, I will not run kernel builds or random containers downloaded from > the internet as root, sorry :) Note that podman does *not* run as root by default=B9, and that's why tuxbuild recommends it instead of docker. What it does need, is the ability to create an unprivileged user namespace. This includes: - having the `kernel.unprivileged_userns_clone` sysctl set to 1 - having enough UIDs and GIDs in the /etc/sub*id mappings, which is the error message you got is complaining about. Just having the following lines should be enough: $ grep -H terceiro /etc/sub*id /etc/subgid:terceiro:100000:65536 /etc/subuid:terceiro:100000:65536 On Debian, those are added by default when you created an user account. I'm not sure about other systems. =B9 by default in a podman container you are root from the POV of the container, but uid 0 in the container is actually mapped to your regular UID on the host system. --pGcdEnaB5gTxgpS7 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAmFuwnQACgkQ/A2xu81G C95+Bw/6AvPUXXfFUqHc6A6p71A/pVpQ+GDaesc5PzAKcZn82sqA7ilvQbO/Vv2/ puB48VUZx+ykOcwQzSl3KJ4gOzlacDSP+psl6kJZdPZGVSaLurKMCLHDGgps1G/U EAiqRuczL2bs+lTlIT9+yTXIu98xpVlZfxA11lAt6dCbbq5e/Da+zqLfyBFgXd1l JxgK2FXyq4FYXoCkiWyoHnOAZM5v3HAQX0FPGk1WBpIplOAWomBPjQ3AFiWGW71P Y0Np7l5RBiy+Rzab90EFhmKF+Z0K1t9NJRg2gqs7ffqW7cwCMMzhyoK4WQ957rEG 2ztwkAiTY1T51Ff06DyzHGQxNdCGPJpG3tyjul0H23Cn2TwPxn6cvSJQKh023auk EPUT3GuYmcb73kmKDTT6PsgYZYF1xlDtHUoniWY/DtXUvIcthskmRHuYTdRbxIdM Pr9MzxYMgSmSgVQ0XU3dYvbI+HMgEY1ZKyHhmu1ezDt69Bxez2li9qWfBT6A/zJO jS6Z74LCCCglKKDPpAy2hjDf1/krTSG/RpZ7vt3b5m1hZr2vvekygJP5qLRlxtPF R3NK3qFDE2Tm/BMIILTloJ3g/8Kam7oXmRr2aqrPw2kFJNJvuJQL4vG9ZkAdDTUP znkAIu815pWAjYJX4c/Shqg4wWKEv7owJHXGNCiwXNGxEK4bg2I= =7vLn -----END PGP SIGNATURE----- --pGcdEnaB5gTxgpS7--