CI capabilities test: inconsistent CapBnd

First things first: this makes no sense to me. I don't see how this could be a flake; it should either consistently fail or consistently pass on the same machine. Instead, we get one-offs, and the ginkgo retry (so far) always passes.

Symptom:
```
$ podman-remote run --rm --user bin alpine grep CapBnd /proc/self/status
CapBnd:	00000000800405fb
...
Expected
               <string>: CapBnd: 00000000800405fb
           to contain substring
               <string>: 00000000a80425fb
```
Source: https://github.com/containers/podman/blob/68ca9066d08bcb14616de009c496d346ef4f63b7/test/e2e/run_test.go#L334-L338

Environment: so far, only f32 and f33. Always remote. 

Decoding: the cap difference is -- surprise! -- CAP_NET_RAW, CAP_MKNOD,CAP_AUDIT_WRITE

cirrus-flake-xref results:

## Podman run [It] podman run user capabilities test
* gce_instance:fedora : int remote fedora-33 root host
  * PR #9272
    * [02-08 17:07](https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/5352871224934400/html/int-remote-fedora-33-root-host.log.html#t--podman-run-user-capabilities-test--1)
  * PR #9231
    * [02-05 04:44](https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/5837119862079488/html/int-remote-fedora-33-root-host.log.html#t--podman-run-user-capabilities-test--1)
  * PR #9127
    * [01-27 11:55](https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/6381693529489408/html/int-remote-fedora-33-root-host.log.html#t--podman-run-user-capabilities-test--1)
  * PR #9113
    * [02-03 11:48](https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/6298835560431616/html/int-remote-fedora-33-root-host.log.html#t--podman-run-user-capabilities-test--1)
  * PR #8953
    * [01-12 15:43](https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/5036669558587392/html/int-remote-fedora-33-root-host.log.html#t--podman-run-user-capabilities-test--1)
* gce_instance:prior-fedora : int remote fedora-32 root host
  * PR #9269
    * [02-08 15:08](https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/4507996598304768/html/int-remote-fedora-32-root-host.log.html#t--podman-run-user-capabilities-test--1)
  * PR #9231
    * [02-05 05:02](https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/5274169908658176/html/int-remote-fedora-32-root-host.log.html#t--podman-run-user-capabilities-test--1)
  * PR #9154
    * [02-03 07:45](https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/5462657635450880/html/int-remote-fedora-32-root-host.log.html#t--podman-run-user-capabilities-test--1)
    * [02-02 23:06](https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/5314264837652480/html/int-remote-fedora-32-root-host.log.html#t--podman-run-user-capabilities-test--1)
  * PR #8953
    * [01-12 15:45](https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/6162569465430016/html/int-remote-fedora-32-root-host.log.html#t--podman-run-user-capabilities-test--1)

Could podman be reading `containers.conf` even though `$CONTAINERS_CONF` is explicitly overridden?


	os.Setenv("CONTAINERS_CONF", "/dev/null")
	session := podmanTest.Podman([]string{"run", "--rm", "--user", "bin", ALPINE, "grep", "CapBnd", "/proc/self/status"})
	session.WaitWithDefaultTimeout()
	Expect(session.ExitCode()).To(Equal(0))
	Expect(session.OutputToString()).To(ContainSubstring("00000000a80425fb"))

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CI capabilities test: inconsistent CapBnd #9286

Podman run [It] podman run user capabilities test

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CI capabilities test: inconsistent CapBnd #9286

Description

Podman run [It] podman run user capabilities test

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions