From 67d49734f732f543c0b8d7713466c0aa3b8f484f Mon Sep 17 00:00:00 2001 From: Matt Clay Date: Tue, 14 Feb 2023 10:42:02 -0800 Subject: [PATCH] ansible-test - Support Podman 4.4.0+ --- changelogs/fragments/ansible-test-podman-chroot.yml | 2 ++ test/lib/ansible_test/_internal/host_profiles.py | 7 +++++++ 2 files changed, 9 insertions(+) create mode 100644 changelogs/fragments/ansible-test-podman-chroot.yml diff --git a/changelogs/fragments/ansible-test-podman-chroot.yml b/changelogs/fragments/ansible-test-podman-chroot.yml new file mode 100644 index 00000000000..9f4f2d38439 --- /dev/null +++ b/changelogs/fragments/ansible-test-podman-chroot.yml @@ -0,0 +1,2 @@ +bugfixes: + - ansible-test - Support Podman 4.4.0+ by adding the ``SYS_CHROOT`` capability when running containers. diff --git a/test/lib/ansible_test/_internal/host_profiles.py b/test/lib/ansible_test/_internal/host_profiles.py index 01c4f309ce0..a51eb69387a 100644 --- a/test/lib/ansible_test/_internal/host_profiles.py +++ b/test/lib/ansible_test/_internal/host_profiles.py @@ -516,6 +516,13 @@ class DockerProfile(ControllerHostProfile[DockerConfig], SshTargetHostProfile[Do cgroup_version = get_docker_info(self.args).cgroup_version + # Podman 4.4.0 updated containers/common to 0.51.0, which removed the SYS_CHROOT capability from the default list. + # This capability is needed by services such as sshd, so is unconditionally added here. + # See: https://github.com/containers/podman/releases/tag/v4.4.0 + # See: https://github.com/containers/common/releases/tag/v0.51.0 + # See: https://github.com/containers/common/pull/1240 + options.extend(('--cap-add', 'SYS_CHROOT')) + # Without AUDIT_WRITE the following errors may appear in the system logs of a container after attempting to log in using SSH: # # fatal: linux_audit_write_entry failed: Operation not permitted