Skip to content

Commit c63a371

Browse files
committed
fix(disconnected): set BUILDAH_ISOLATION=chroot for operator handler
The CI pod runs with nested_podman: true (hostUsers: false), placing it inside a Linux user namespace. When prepare-restricted-environment.sh calls podman build, podman tries to create another user namespace inside the existing one, which fails with: newuidmap: open of uid_map failed: Permission denied Error: cannot set up namespace using /usr/bin/newuidmap: exit status 1 Export BUILDAH_ISOLATION=chroot before invoking the script so all podman build / buildah calls use chroot isolation instead of nested user namespaces. The env var is respected by both podman and buildah without needing to modify the downstream rhdh-operator script. Assisted-by: OpenCode
1 parent 8de2b86 commit c63a371

1 file changed

Lines changed: 6 additions & 0 deletions

File tree

.ci/pipelines/jobs/ocp-disconnected-operator.sh

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,12 @@ handle_ocp_disconnected_operator() {
5151
)
5252
fi
5353

54+
# The CI pod runs with nested_podman: true (hostUsers: false), placing it
55+
# inside a Linux user namespace. podman build tries to create another user
56+
# namespace, which fails with "newuidmap: open of uid_map failed: Permission
57+
# denied". BUILDAH_ISOLATION=chroot uses chroot instead of nested namespaces.
58+
export BUILDAH_ISOLATION=chroot
59+
5460
bash "${DISCONNECTED_TMPDIR}/prepare-restricted-environment.sh" "${prepare_args[@]}" \
5561
|| {
5662
log::error "prepare-restricted-environment.sh failed — aborting"

0 commit comments

Comments
 (0)