Giters

gitleaks / gitleaks

Protect and discover secrets using Gitleaks 🔑

Home Page:https://gitleaks.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

lsetxattr: permission denied with podman

TribuneX opened this issue · comments

commented

Describe the bug
I try to use gitleaks-docker together with podman instead of docker.

To Reproduce
Steps to reproduce the behavior:

Use podman with a docker alias:

ln -s podman docker

run pre-commit hook:

❯ pre-commit run --all-files
Detect hardcoded secrets.................................................Failed
- hook id: gitleaks-docker
- exit code: 126

Error: preparing container 0ebc9b7e8cd291a879699c1715ac185d983b9e40e476b060f51b80feefb98c7c for attach: lsetxattr /Users/xxx/src/org/gitleaks/.git/objects/f3/097ab13082b70f67202aab7dd9d1b35b7ceac2: permission denied

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Basic Info (please complete the following information):

  • OS: macOS 14.4
  • Gitleaks Version: latest docker container

Additional context
Add any other context about the problem here.

cc @zricethezav

commented

I receive the same error with trivyfs-docker using podman and so I do not believe this is gitleaks-specific.

Steps to reproduce:

$ brew install podman podman-desktop
$ sudo ln -s /opt/homebrew/bin/podman /usr/local/bin/docker
$ pre-commit run -a

Output:

$ pre-commit run -a
Terraform fmt............................................................Passed
Terraform validate.......................................................Passed
Terraform docs...........................................................Passed
Terraform docs...........................................................Passed
Terraform validate with tflint...........................................Passed
trivyfs-docker...........................................................Failed
- hook id: trivyfs-docker
- exit code: 126

Resolving "aquasec/trivy" using unqualified-search registries (/etc/containers/registries.conf.d/999-podman-machine.conf)
Trying to pull docker.io/aquasec/trivy:0.49.1...
Getting image source signatures
Copying blob sha256:98d61a99dbd7e853a40ec0c8f5063ed8d28cfce17ad132ea22f03a0f4f407f48
Copying blob sha256:67b5a74b6f9ebdf4d0394b6c6af6fbd6b37a055c5b6b400fc7d3719d571238e7
Copying blob sha256:bca4290a96390d7a6fc6f2f9929370d06f8dfcacba591c76e3d5c5044e7f420c
Copying blob sha256:7f344fb18575d2d29c36332a7b69a5afecbc9a935f3717edbf096e5c1d52a251
Copying config sha256:e5b7465539b3f2e0fba82eac8536d298f20e66f959e2c2a518d627bc9ba13d6a
Writing manifest to image destination
Error: preparing container d20556de0895883ad945dda386dedc8bdf55322752643427c70a9b197c64c983 for attach: lsetxattr /Users/dickc-sg/Projects/github.com/dickc-sg/sample-repo/.git/objects/8b/90e4ea1b66b95e22a6035021bfb4ca78542b5d: permission denied

check yaml...............................................................Passed
Detect hardcoded secrets.................................................Passed
prettier.................................................................Passed

Worth noting this is on macOS 14.4.1, which may or may not support lsetxattr.