Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1858974

Summary: Containers don't start on Fedora CoreOS because there's no 'sudo' group inside the container
Product: [Fedora] Fedora Reporter: Brandon Bennett <bbennett>
Component: toolboxAssignee: Debarshi Ray <debarshir>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 33CC: awilliam, debarshir, harrymichal, marcel
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: AcceptedFreezeException
Fixed In Version: toolbox-0.0.95-1.fc33 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-10 20:29:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1766776    

Description Brandon Bennett 2020-07-20 23:38:34 UTC 
Description of problem:

Following the instructions on toolbox after creating the toolbox the toolbox fails to start/enter with error `Error: failed to start container fedora-toolbox-32`

```
$ toolbox create
Created container: fedora-toolbox-32
Enter with: toolbox enter
$ toolbox enter
Error: failed to start container fedora-toolbox-32
```

podman start reports a sudo group error

```
$ podman start fedora-toolbox-32
Error: unable to start container "c355d1274c6ac90d0763c0f4662905c289e23a44f418b4e84ac9036dc197ea05": error looking up supplemental groups for container c355d1274c6ac90d0763c0f4662905c289e23a44f418b4e84ac9036dc197ea05: Unable to find group sudo
```


Version-Release number of selected component (if applicable):

$ rpm -q podman conmon toolbox
podman-2.0.2-1.fc32.x86_64
conmon-2.0.18-1.fc32.x86_64
toolbox-0.0.92-1.fc32.x86_64


How reproducible: On my machine everytime


Steps to Reproduce:
1. Install toolbox on f32
2. run `toolbox create`
3. run `toolbox enter`

Actual results:

Get an error `Error: failed to start container fedora-toolbox-32`

Expected results:

Entered into the container able to play in my new sandbox.


Additional info:  This is not silverblue but just normal fedora
Comment 1 Marcel Ziswiler 2020-08-07 10:37:21 UTC 
Exact same happens on latest stable Fedora CoreOS!

$ podman start fedora-toolbox-32
Error: unable to start container "fedora-toolbox-32": error looking up supplemental groups for container 6bdba905e4d80c1ab8269ee014a51c23c5376f8ff0e932fc58f07c4cd50a865d: Unable to find group sudo

$ rpm -q podman conmon toolbox
podman-1.9.3-1.fc32.x86_64
conmon-2.0.18-1.fc32.x86_64
toolbox-0.0.92-1.fc32.x86_64

This happens regardless whether or not the sudo group actually exists or not!
Comment 2 Marcel Ziswiler 2020-08-11 06:51:48 UTC 
Please note that toolbox containers from Fedora 31, 32 and 33 all work just fine when spun up on my Fedora Worstation 31 installation:

$ rpm -q podman toolbox systemd
podman-2.0.4-1.fc31.x86_64
toolbox-0.0.92-1.fc31.x86_64
systemd-243.8-1.fc31.x86_64

What exactly is the problem with CoreOS?
Comment 3 Marcel Ziswiler 2020-08-11 08:23:04 UTC 
Besides the regular FCOS stable stream I also gave testing and next a try but the result stays the same!
Comment 4 Fedora Update System 2020-08-30 21:15:38 UTC 
FEDORA-2020-885e55baff has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-885e55baff
Comment 5 Fedora Update System 2020-08-30 21:17:47 UTC 
FEDORA-2020-306addaac0 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-306addaac0
Comment 6 Fedora Update System 2020-08-31 15:55:20 UTC 
FEDORA-2020-306addaac0 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-306addaac0`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-306addaac0

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2020-08-31 18:57:17 UTC 
FEDORA-2020-885e55baff has been pushed to the Fedora 33 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-885e55baff`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-885e55baff

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 8 Fedora Update System 2020-09-01 19:30:52 UTC 
FEDORA-2020-306addaac0 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 9 Debarshi Ray 2020-09-08 11:48:34 UTC 
Toolbox is getting more and more attention from Fedora CoreOS users, and it will be good to unbreak the use of those containers. The fix isn't intrusive, has been widely tested and already deployed on Fedora 32.

Proposing as a Beta freeze exception.
Comment 10 Adam Williamson 2020-09-10 19:52:34 UTC 
This has +6 votes in the ticket, setting accepted.

Note, don't set updates for other releases as fixing bugs that are proposed as FEs or blockers, because then the update for the other release going stable will cause the bug to be closed, as in this case. If a proposed or accepted blocker or FE bug is closed for any reason it drops off all radars, it must be open to get any attention.
Comment 11 Fedora Update System 2020-09-10 20:29:06 UTC 
FEDORA-2020-885e55baff has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.