Describe the bug
When the primary user tries to change the group ownership of a file within a toolbox container it fails with the following error:
chown: changing group of '/tmp/test.1': Operation not permitted
Steps how to reproduce the behaviour
$ toolbox create --container test
$ toolbox enter test
Reproduce error:
$ sudo groupadd group1
$ sudo usermod -a -G group1 $USER
$ echo test > /tmp/test.1
$ chown :group1 /tmp/test.1
chown: changing group of '/tmp/test.1': Operation not permitted
Expected behaviour
The change in group ownership would succeed (as it does on the host and on a "normal" podman fedora container).
Actual behaviour
Changing the group ownership fails.
Screenshots
If applicable, add screenshots to help explain your problem.
Output of toolbox --version (v0.0.90+)
$ toolbox --version
toolbox version 0.0.96
Toolbox package info (rpm -q toolbox)
$ rpm -q toolbox
warning: Found bdb Packages database while attempting sqlite backend: using bdb backend.
toolbox-0.0.96-1.fc33.x86_64
Output of podman version
$ podman version
Version: 2.1.1
API Version: 2.0.0
Go Version: go1.15.2
Built: Mon Oct 5 02:25:24 2020
OS/Arch: linux/amd64
Podman package info (rpm -q podman)
$ rpm -q podman
warning: Found bdb Packages database while attempting sqlite backend: using bdb backend.
podman-2.1.1-10.fc33.x86_64
Info about your OS
$ cat /etc/os-release
NAME=Fedora
VERSION="33.20201028.0 (Silverblue)"
...
Additional context
Add any other context about the problem here.
When did the issue start occurring? After an update (what packages were updated)?
If the issue is about operating with containers/images (creating, using, deleting,..), share here what image you used. If you're unsure, share here the output of toolbox list -i (shows all toolbox images on your system).
$ toolbox list -i
IMAGE ID IMAGE NAME CREATED
4f81af0fcbc0 registry.fedoraproject.org/f33/fedora-toolbox:33 2 days ago
I think that this is a fallout from commit 15173f8c25c8124443ea373247a0747b724b02c9 because of this. eg., if we sudo su $USER into a new session, then the chown works and id matches id $USER.
This appears to potentially be a podman bug - I asked about supplemental groups on #podman and @mheon pointed me to the part of the code that is supposed to read the supplemental groups for podman exec -u