chattr: setting flags on /etc/shadow: Operation not permitted

Question

chattr: setting flags on /etc/shadow: Operation not permitted

Closed this issue a month ago · 3 comments

On multiple of the examples, I see the following error:

$ docker run -it nixng-apache
Running fragment cacerts
Running fragment createBaseEnv
Running fragment currentSystem
Running fragment iana
Running fragment runit
Running fragment shellProfile
Running fragment tzdata
Running fragment users
chattr: setting flags on /etc/shadow: Operation not permitted
<--- Stage 2.2 --->

It does look like the containers works correctly though!

Answer 1 · 2024-09-08T12:04:49.000Z

Yeah it appears to be a thing with rootless containers, the /etc/shadow file is somehow more protected. Haven't looked into it as the containers work as expected, as you have noticed :)

Answer 2 · 2024-10-11T17:41:16.000Z

Can confirm this seems to be an issue with rootless docker. But I don't think it has to do with /etc/shadow being more protected, I cannot do chattr +i on any file.

Answer 3 · 2024-10-11T18:11:16.000Z

Oh okay, so we just need to detect rootless? Well we could also silence the error but detecting rootless is better.