Search by Tags

TorizonCore Builder Issue Tracker

 

The following table contains known issues, scheduled bug fixes, and feature improvements for the TorizonCore Builder. The tickets are split in two major states:

  • Submitted (open): new features and bug fixes for TorizonCore Builder versions that have not yet been released. They may be scheduled for a specific release version; not planned; or in our backlog. All of them have one of the following states:
    • Known Issue: a bug or unexpected behavior that has been reported and pending a fix. Once fixed, the status will transition to Fixed.
    • Feature Request: a new feature that may be added to a future release. Once released, the status will transition to New Feature.
  • Released (closed): new features and bug fixes for BSP versions that have already been released. All of them have one of the following states:
    • Fixed: a bug that has been fixed and released.
    • New Feature: something that didn't exist before and was added to a new release.

Any schedules are not guaranteed but reflect the current planning. The planning could be shifted due to priority changes.
Issues that are scheduled for a specific version will be integrated into the mentioned version of the BSP.

We will update this table continuously in order to always provide the latest state of our development plan.

Clear Filter
Issue #StatusSubjectSeverity

Not Planned
TCB-208Known IssueTorizonCore Builder: bundled container executed with net=host permission fails with error "SIOCSIFFLAGS: Operation not permitted"Low

Description: As reported in our community, with TorizonCore Builder, If you bundle a container that sets extended attributes on files inside the container (for example, using the "setcap" command), the container will fail upon execution with the error "SIOCSIFFLAGS: Operation not permitted" or another related error.

If you remove the bundled container and manually pull it from Docker Hub, then try to run it again, the same error will not happen.

While this bug was investigated, we came to docker build does not preserve xattrs in the generated image, and after several tests such as setting capabilities and building the container with the classic Docker vs Buildkit, we concluded that:

  • Docker does not keep all extended attributes that are set in a Dockerfile, regardless of using Buildkit or the Classic Docker builder, and using Docker directly (without Compose).
  • Even some capabilities that are kept by Docker get lost when bundling a container with TorizonCore Builder

Given the constraints of Docker, we won't work on a fix in TorizonCore Builder, and we advise you to not rely on xattrs or any feature based on them inside a container.

Workaround: For this specific bug: set the suid for executable files rather than using setcap. For example use "chmod u+s" instead of "setcap" seems to work as well and may carry through the bundle process.

In general, do not rely on xattrs or any feature based on them inside a container. Capabilities and ACLs are features that may be set via xattrs and can also be set via docker-compose properties, which is the recommended way to set them in a portable and reliable way.