Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: preserve /var/tmp for akmods builds #47

Merged
merged 1 commit into from
Feb 21, 2023
Merged

fix: preserve /var/tmp for akmods builds #47

merged 1 commit into from
Feb 21, 2023

Conversation

bsherman
Copy link
Contributor

This PR fixes a problem I noticed when I switched my "custom kmod image" to be based on this nvidia image rather than the stock silverblue image.

Problem

akmods fail to build with message Unable to open temp file: Permission denied" if the FROM image is one of these ublue-os nvidia images.

Explanation

The original silverblue image includes /var/tmp with normal sticky bit perms, while this image removes /var as part of build cleanup.

The lack of /var/tmp causes rpmbuilds (eg, akmod builds) to fail on any container builds which use ublue-os/nvidia images as their base because the akmod build will create /var/tmp using the default umask (0022). /var/tmp then lacks proper permissions, and akmods fail to create a tmp dir for builds, since /var/tmp gets created by root, but akmods builds run as a user.

Solution

Preserve /var/tmp with correct permissions.

The interesting thing is, I had assumed that the rm -rf /var/* was the cause of the problem, but, ostree container commit actually removes /var from the image even when it still contains files.

See the code blocks for contrast of /var/tmp filesystem state on the respective images and ostree container commit behavior.

stock silverblue /var/tmp state
$ podman run --rm -ti  quay.io/fedora-ostree-desktops/silverblue:37 bash
bash-5.2# umask
0022
bash-5.2# ls -al /var
total 0
drwxr-xr-x. 1 root root  6 Jan  1  1970 .
dr-xr-xr-x. 1 root root 18 Feb 20 16:18 ..
drwxrwxrwt. 1 root root  0 Jan  1  1970 tmp
ublue-os/nvidia silverblue /var/tmp state
$ podman run --rm -ti ghcr.io/ublue-os/silverblue-nvidia:37 bash
bash-5.2# umask
0022
bash-5.2# ls -al /var
ls: cannot access '/var': No such file or directory
stock silverblue ostree container commit behavior
$ podman run --rm -ti  quay.io/fedora-ostree-desktops/silverblue:37 bash
bash-5.2# touch /var/tmp/preserve-me-ostree
bash-5.2# ls -al /var/tmp/
total 0
drwxrwxrwt. 1 root root 36 Feb 20 17:56 .
drwxr-xr-x. 1 root root  6 Jan  1  1970 ..
-rw-r--r--. 1 root root  0 Feb 20 17:56 preserve-me-ostree
bash-5.2# ostree container commit
bash-5.2# ls -al /var/tmp/
ls: cannot access '/var/tmp/': No such file or directory

@castrojo castrojo self-requested a review February 21, 2023 03:14
castrojo
castrojo approved these changes Feb 21, 2023
View reviewed changes
Copy link
Member

@castrojo castrojo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed in chat with bsherman that this was tested locally!

@castrojo castrojo merged commit 48dd697 into ublue-os:main Feb 21, 2023
@github-actions github-actions bot mentioned this pull request Feb 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@castrojo castrojo castrojo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bsherman @castrojo