[MPC] Fix /var/tmp permissions for linux-root-{amd64,arm64} platforms#10637
[MPC] Fix /var/tmp permissions for linux-root-{amd64,arm64} platforms#10637sshedmake wants to merge 1 commit intoredhat-appstudio:mainfrom
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: sshedmake The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi @sshedmake. Thanks for your PR. I'm waiting for a redhat-appstudio member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
🤖 Gemini AI Assistant AvailableHi @sshedmake! I'm here to help with your pull request. You can interact with me using the following commands: Available Commands
How to Use
PermissionsOnly OWNER, MEMBER, or COLLABORATOR users can trigger my responses. This ensures secure and appropriate usage. This message was automatically added to help you get started with the Gemini AI assistant. Feel free to delete this comment if you don't need assistance. |
|
🤖 Hi @sshedmake, I've received your request, and I'm working on it now! You can track my progress in the logs for more details. |
sshedmake
force-pushed
the
fix_tmp_access
branch
from
e7c81b9 to
916646d
Compare
sshedmake
requested review from
arewm,
gbenhaim,
hugares and
ralphbean
as code owners
Add user-data initialization scripts for linux-root-amd64 and linux-root-arm64 platforms to fix /var/tmp permission issues that cause "permission denied" errors during container builds. The fix applies the same approach as PR redhat-appstudio#10595 for linux-c6gd2xlarge-arm64: - Set /var/tmp permissions to 1777 (sticky bit + world writable) - Set ownership to root:root - Apply proper SELinux context with restorecon This resolves build failures where podman (running as uid 1001 on remote VMs) cannot create temporary storage in /var/tmp. Also fixes key naming from "sudoCommands" to "sudo-commands" to match the convention used in other platform configurations. Fixes: automation-portal-bootc builds failing with "mkdir /var/tmp/container_images_storage: permission denied" Related: redhat-appstudio#10595
sshedmake
force-pushed
the
fix_tmp_access
branch
from
916646d to
96ccdd9
Compare
1 participant
Summary
Fix
/var/tmppermission issues forlinux-root-amd64andlinux-root-arm64build platforms by adding user-data initialization scripts with proper directory permissions.Problem
Builds using the
linux-root/amd64platform are failing with permission errors:This occurs because:
ec2-user(uid 1001)/var/tmpon these VMs doesn't have proper permissions for non-root usersThis is blocking bootc image builds that require privileged-nested mode with
/dev/fusefor fuse-overlayfs.Solution
Apply the same fix from PR #10595 (which fixed
linux-c6gd2xlarge-arm64) to thelinux-root-{amd64,arm64}platforms:Add user-data initialization scripts that:
/home/home/var-tmpto/var/tmpchmod 1777 /var/tmp(sticky bit + world writable)chown root:root /var/tmprestoreconFix key naming from
sudoCommandstosudo-commandsto match conventions used in other platform configurationsChanges
components/multi-platform-controller/staging/host-values.yamluser-dataconfiguration forlinux-root-amd64user-dataconfiguration forlinux-root-arm64Testing
After this change is deployed to staging:
linux-root/amd64platform should succeedRelated
linux-c6gd2xlarge-arm64)/var/tmppermission deniedDeployment
This change affects:
components/multi-platform-controller/staging//hold