share + "runner:root" exception to fix CI #6173

New issue

Closed

opened 2026-05-05 10:52:06 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:52:06 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/6803
Author: @kmk3
Created: 7/7/2025
Status: ✅ Merged
Merged: 7/7/2025
Merged by: @kmk3

Base: master ← Head: fcopy-fix-runner-owner

📝 Commits (1)

4392db6 bugfix: fcopy: add /usr/share + "runner:root" exception to fix CI

📊 Changes

1 file changed (+10 additions, -0 deletions)

View changed files

📝 src/fcopy/main.c (+10 -0)

📄 Description

The following CI jobs started failing since the GitHub Actions runner
image for ubuntu-22.04 was (automatically) upgraded from version
20250615.1.0[1] to 20250622.1.0[2]:

test-fs
test-environment
test-network

Most/all fail with the same fcopy error message for the same path,
presumably due to using private-etc, as localtime is in the default
private-etc group (see the full log below):

Error fcopy: invalid ownership for /etc/localtime -> /usr/share/zoneinfo/Etc/UTC (type=- uid=1001 name=runner)
Error: failed to run /run/firejail/lib/fcopy, exiting...

In at least the newer runner image, /usr/share/zoneinfo/Etc/UTC is
owned by runner:root instead of the usual root:root, so add an
exception in fcopy to allow it.

From a run of the test-fs job for commit 1f92779d2 ("modif: improve
fcopy error messages in check() (#6801)", 2025-07-07) [3]:

make -C test private-etc
make[1]: Entering directory '/home/runner/work/firejail/firejail/test'
cd private-etc && ./private-etc.sh 2>&1 | tee private-etc.log
TESTING: private-etc (test/private-etc/private-etc.exp)
spawn /bin/bash
firejail --private-etc=passwd,group,resolv.conf,X11
runner@pkrvmdyo8zrnvmk:~/work/firejail/firejail/test/private-etc$
<firejail --private-etc=passwd,group,resolv.conf,X11
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/landlock-common.inc

** Note: you can use --noprofile to disable default.profile **

firejail version 0.9.75

Parent pid 4511, child pid 4512
Error fcopy: invalid ownership for /etc/localtime -> /usr/share/zoneinfo/Etc/UTC (type=- uid=1001 name=runner)
Error: failed to run /run/firejail/lib/fcopy, exiting...
Error: proc 4511 cannot sync with peer: unexpected EOF
Peer 4512 unexpectedly exited with status 1
runner@pkrvmdyo8zrnvmk:~/work/firejail/firejail/test/private-etc$ TESTING ERROR 1

Fixes #6797.

Relates to #1531 #6801.

[1] https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20250615.1
[2] https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20250622.1
[3] https://github.com/netblue30/firejail/actions/runs/16122142799/job/45490345354

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/6803 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 7/7/2025 **Status:** ✅ Merged **Merged:** 7/7/2025 **Merged by:** [@kmk3](https://github.com/kmk3) **Base:** `master` ← **Head:** `fcopy-fix-runner-owner` --- ### 📝 Commits (1) - [`4392db6`](https://github.com/netblue30/firejail/commit/4392db657c51551d83d796cecb73bae7bf9c3db1) bugfix: fcopy: add /usr/share + "runner:root" exception to fix CI ### 📊 Changes **1 file changed** (+10 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `src/fcopy/main.c` (+10 -0) </details> ### 📄 Description The following CI jobs started failing since the GitHub Actions runner image for ubuntu-22.04 was (automatically) upgraded from version 20250615.1.0[1] to 20250622.1.0[2]: * test-fs * test-environment * test-network Most/all fail with the same fcopy error message for the same path, presumably due to using `private-etc`, as `localtime` is in the default private-etc group (see the full log below): Error fcopy: invalid ownership for /etc/localtime -> /usr/share/zoneinfo/Etc/UTC (type=- uid=1001 name=runner) Error: failed to run /run/firejail/lib/fcopy, exiting... In at least the newer runner image, `/usr/share/zoneinfo/Etc/UTC` is owned by `runner:root` instead of the usual `root:root`, so add an exception in fcopy to allow it. From a run of the `test-fs` job for commit 1f92779d2 ("modif: improve fcopy error messages in check() (#6801)", 2025-07-07) [3]: make -C test private-etc make[1]: Entering directory '/home/runner/work/firejail/firejail/test' cd private-etc && ./private-etc.sh 2>&1 | tee private-etc.log TESTING: private-etc (test/private-etc/private-etc.exp) spawn /bin/bash firejail --private-etc=passwd,group,resolv.conf,X11 runner@pkrvmdyo8zrnvmk:~/work/firejail/firejail/test/private-etc$ <firejail --private-etc=passwd,group,resolv.conf,X11 Reading profile /etc/firejail/default.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/landlock-common.inc ** Note: you can use --noprofile to disable default.profile ** firejail version 0.9.75 Parent pid 4511, child pid 4512 Error fcopy: invalid ownership for /etc/localtime -> /usr/share/zoneinfo/Etc/UTC (type=- uid=1001 name=runner) Error: failed to run /run/firejail/lib/fcopy, exiting... Error: proc 4511 cannot sync with peer: unexpected EOF Peer 4512 unexpectedly exited with status 1 runner@pkrvmdyo8zrnvmk:~/work/firejail/firejail/test/private-etc$ TESTING ERROR 1 Fixes #6797. Relates to #1531 #6801. [1] https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20250615.1 [2] https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20250622.1 [3] https://github.com/netblue30/firejail/actions/runs/16122142799/job/45490345354 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:52:06 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#6173

No description provided.

Rows
Columns