8000 AWX 9.0.0 bubblewrap needs setuid permission · Issue #5224 · ansible/awx · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
AWX 9.0.0 bubblewrap needs setuid permission  #5224
New issue
New issue
Closed
Closed
AWX 9.0.0 bubblewrap needs setuid permission #5224
Labels
type:bug
@dmaple-gci

Description

@dmaple-gci
dmaple-gci
opened on Nov 4, 2019
ISSUE TYPE
  • Bug Report
SUMMARY

Error when running jobs. "bwrap: Creating new namespace failed, likely because the kernel does not support user namespaces. bwrap must be installed setuid on such systems."

ENVIRONMENT
  • AWX version: 9.0.0
  • AWX install method: openshift
  • Ansible version: 2.8.5
  • Operating System: CentOS 8.0.1905
  • Web Browser: Any
STEPS TO REPRODUCE

Run SCM Update or Inventory Sync jobs. No other jobs could be tried because they depend on these two.

EXPECTED RESULTS

Jobs complete without error.

ACTUAL RESULTS

bwrap: Creating new namespace failed, likely because the kernel does not support user namespaces. bwrap must be installed setuid on such systems.

ADDITIONAL INFORMATION

Worked around error by running chmod u+s /usr/bin/bwrap in Dockerfile.j2 template. Here's a patch that applies the change:

diff --git a/installer/roles/image_build/templates/Dockerfile.j2 b/installer/roles/image_build/templates/Dockerfile.j2
index 64d7125..da16a47 100644
--- a/installer/roles/image_build/templates/Dockerfile.j2
+++ b/installer/roles/image_build/templates/Dockerfile.j2
@@ -49,6 +49,8 @@ RUN dnf -y update && \
   xmlsec1-openssl-devel \
   dnf-utils

+RUN chmod u+s /usr/bin/bwrap
+
 ADD https://github.com/krallin/tini/releases/download/v0.14.0/tini /tini
 RUN chmod +x /tini

Metadata

Metadata

Assignees

No one assigned

    Labels

    type:bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0