Skip to content

[BUG] Operation not permitted building a base image #31

Open
Open
[BUG] Operation not permitted building a base image#31
Labels
bugSomething isn't working
@treydock

Description

@treydock
treydock
opened on Jul 23, 2025

Describe the bug
"Operation not permitted" when attempting basic base image:

To Reproduce

$ podman run --rm --device /dev/fuse --network host -v $(pwd)/cluster-images/rhel-9-base.yaml:/home/builder/config.yaml -v ~/.config/containers/auth.json:/home/builder/auth.json ghcr.io/openchami/image-build:latest image-build --config config.yaml --log-level DEBUG
INFO - --------------------ARGUEMENTS--------------------
INFO - log_level : DEBUG
INFO - config : config.yaml
INFO - layer_type : base
INFO - pkg_man : dnf
INFO - parent : scratch
INFO - proxy :
INFO - name : rhel-base
INFO - publish_local : False
INFO - publish_s3 : None
INFO - publish_registry : registry.OMIT/cluster-images
INFO - registry_opts_push : ['--authfile=/home/builder/auth.json']
INFO - registry_opts_pull : ['--authfile=/home/builder/auth.json']
INFO - publish_tags : 9.4
INFO - Container: rhel-base20250723173958 mounted at /home/builder/.local/share/containers/storage/overlay/dab45a94bd20ecffe9cd270a6a7ad9d7200dfd0abf2062692c2bf296503b0896/merged
ERROR - Error preparing installer: [Errno 1] Operation not permitted: '/home/builder/.local/share/containers/storage/overlay/dab45a94bd20ecffe9cd270a6a7ad9d7200dfd0abf2062692c2bf296503b0896/merged/tmp'
INFO - f423ca7fd076258d598392fc75748ea1af731d403d62d9f7111175d4bcb82ce3

-------------------BUILD LAYER--------------------
Exiting now ...

Expected behavior
I did the PEARC25 tutorial and saw this work and trying to build images on local system using local $HOME (not NFS) and that's failing.

Additional context

$ podman info
host:
  arch: amd64
  buildahVersion: 1.33.12
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: conmon-2.1.10-1.module+el8.10.0+22931+799fd806.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: 9ece2912d3d8b855ab314954a702ea65c5c9db47'
  cpuUtilization:
    idlePercent: 99.31
    systemPercent: 0.17
    userPercent: 0.52
  cpus: 4
  databaseBackend: boltdb
  distribution:
    distribution: rhel
    version: "8.10"
  eventLogger: file
  freeLocks: 2047
  hostname: build-el8.OMIT
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 5509
      size: 1
    - container_id: 1
      host_id: 31671316
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 20821
      size: 1
    - container_id: 1
      host_id: 31671316
      size: 65536
  kernel: 4.18.0-553.60.1.el8_10.x86_64
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 1049473024
  memTotal: 8038006784
  networkBackend: cni
  networkBackendInfo:
    backend: cni
    dns:
      package: podman-plugins-4.9.4-20.module+el8.10.0+22931+799fd806.x86_64
      path: /usr/libexec/cni/dnsname
      version: |-
        CNI dnsname plugin
        version: 1.4.0-dev
        commit: unknown
        CNI protocol versions supported: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 1.0.0
    package: containernetworking-plugins-1.4.0-5.module+el8.10.0+22931+799fd806.x86_64
    path: /usr/libexec/cni
  ociRuntime:
    name: runc
    package: runc-1.1.12-6.module+el8.10.0+22931+799fd806.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.1.12
      spec: 1.2.0+dev
      go: go1.22.11 (Red Hat 1.22.11-1.module+el8.10.0+22728+ac755c3c)
      libseccomp: 2.5.2
  os: linux
  pasta:
    executable: ""
    package: ""
    version: ""
  remoteSocket:
    exists: false
    path: /run/user/20821/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.3-1.module+el8.10.0+22931+799fd806.x86_64
    version: |-
      slirp4netns version 1.2.3
      commit: c22fde291bb35b354e6ca44d13be181c76a0a432
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 4221325312
  swapTotal: 4294963200
  uptime: 315h 20m 19.00s (Approximately 13.12 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /home/tdockendorf/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/tdockendorf/.local/share/containers/storage
  graphRootAllocated: 158203019264
  graphRootUsed: 112857407488
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "true"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 179
  runRoot: /run/user/20821/containers
  transientStore: false
  volumePath: /home/tdockendorf/.local/share/containers/storage/volumes
version:
  APIVersion: 4.9.4-rhel
  Built: 1742234826
  BuiltTime: Mon Mar 17 14:07:06 2025
  GitCommit: ""
  GoVersion: go1.22.11 (Red Hat 1.22.11-1.module+el8.10.0+22728+ac755c3c)
  Os: linux
  OsArch: linux/amd64
  Version: 4.9.4-rhel

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions