Skip to content

[BUG] Operation not permitted building a base image #31

@treydock

Description

@treydock

Describe the bug
"Operation not permitted" when attempting basic base image:

To Reproduce

$ podman run --rm --device /dev/fuse --network host -v $(pwd)/cluster-images/rhel-9-base.yaml:/home/builder/config.yaml -v ~/.config/containers/auth.json:/home/builder/auth.json ghcr.io/openchami/image-build:latest image-build --config config.yaml --log-level DEBUG
INFO - --------------------ARGUEMENTS--------------------
INFO - log_level : DEBUG
INFO - config : config.yaml
INFO - layer_type : base
INFO - pkg_man : dnf
INFO - parent : scratch
INFO - proxy :
INFO - name : rhel-base
INFO - publish_local : False
INFO - publish_s3 : None
INFO - publish_registry : registry.OMIT/cluster-images
INFO - registry_opts_push : ['--authfile=/home/builder/auth.json']
INFO - registry_opts_pull : ['--authfile=/home/builder/auth.json']
INFO - publish_tags : 9.4
INFO - Container: rhel-base20250723173958 mounted at /home/builder/.local/share/containers/storage/overlay/dab45a94bd20ecffe9cd270a6a7ad9d7200dfd0abf2062692c2bf296503b0896/merged
ERROR - Error preparing installer: [Errno 1] Operation not permitted: '/home/builder/.local/share/containers/storage/overlay/dab45a94bd20ecffe9cd270a6a7ad9d7200dfd0abf2062692c2bf296503b0896/merged/tmp'
INFO - f423ca7fd076258d598392fc75748ea1af731d403d62d9f7111175d4bcb82ce3

-------------------BUILD LAYER--------------------
Exiting now ...

Expected behavior
I did the PEARC25 tutorial and saw this work and trying to build images on local system using local $HOME (not NFS) and that's failing.

Additional context

$ podman info
host:
  arch: amd64
  buildahVersion: 1.33.12
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: conmon-2.1.10-1.module+el8.10.0+22931+799fd806.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: 9ece2912d3d8b855ab314954a702ea65c5c9db47'
  cpuUtilization:
    idlePercent: 99.31
    systemPercent: 0.17
    userPercent: 0.52
  cpus: 4
  databaseBackend: boltdb
  distribution:
    distribution: rhel
    version: "8.10"
  eventLogger: file
  freeLocks: 2047
  hostname: build-el8.OMIT
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 5509
      size: 1
    - container_id: 1
      host_id: 31671316
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 20821
      size: 1
    - container_id: 1
      host_id: 31671316
      size: 65536
  kernel: 4.18.0-553.60.1.el8_10.x86_64
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 1049473024
  memTotal: 8038006784
  networkBackend: cni
  networkBackendInfo:
    backend: cni
    dns:
      package: podman-plugins-4.9.4-20.module+el8.10.0+22931+799fd806.x86_64
      path: /usr/libexec/cni/dnsname
      version: |-
        CNI dnsname plugin
        version: 1.4.0-dev
        commit: unknown
        CNI protocol versions supported: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 1.0.0
    package: containernetworking-plugins-1.4.0-5.module+el8.10.0+22931+799fd806.x86_64
    path: /usr/libexec/cni
  ociRuntime:
    name: runc
    package: runc-1.1.12-6.module+el8.10.0+22931+799fd806.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.1.12
      spec: 1.2.0+dev
      go: go1.22.11 (Red Hat 1.22.11-1.module+el8.10.0+22728+ac755c3c)
      libseccomp: 2.5.2
  os: linux
  pasta:
    executable: ""
    package: ""
    version: ""
  remoteSocket:
    exists: false
    path: /run/user/20821/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.3-1.module+el8.10.0+22931+799fd806.x86_64
    version: |-
      slirp4netns version 1.2.3
      commit: c22fde291bb35b354e6ca44d13be181c76a0a432
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 4221325312
  swapTotal: 4294963200
  uptime: 315h 20m 19.00s (Approximately 13.12 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /home/tdockendorf/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/tdockendorf/.local/share/containers/storage
  graphRootAllocated: 158203019264
  graphRootUsed: 112857407488
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "true"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 179
  runRoot: /run/user/20821/containers
  transientStore: false
  volumePath: /home/tdockendorf/.local/share/containers/storage/volumes
version:
  APIVersion: 4.9.4-rhel
  Built: 1742234826
  BuiltTime: Mon Mar 17 14:07:06 2025
  GitCommit: ""
  GoVersion: go1.22.11 (Red Hat 1.22.11-1.module+el8.10.0+22728+ac755c3c)
  Os: linux
  OsArch: linux/amd64
  Version: 4.9.4-rhel

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions