Bug 1421918

Summary: Request a new atomic host version
Product: Red Hat Enterprise Linux 7 Reporter: Alex Jia <ajia>
Component: atomicAssignee: Lokesh Mandvekar <lsm5>
Status: CLOSED ERRATA QA Contact: atomic-bugs <atomic-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 7.3CC: miabbott
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: atomic-1:1.15.3-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-02 19:09:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alex Jia 2017-02-14 03:11:45 UTC 
Description of problem:
we need to build a new ostree repo to ship docker, container-selinux and selinux-policy related RPM packages, once the bug 1420591 is fixed.

Version-Release number of selected component (if applicable):

[root@atomic-host-test-986 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Atomic Host release 7.3

[root@atomic-host-test-986 ~]# atomic host status
State: idle
Deployments:
● rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
       Version: 7.3.3 (2017-02-08 22:07:07)
        Commit: ae15dd3fc917e6147f72e0e209cc0864faaf3df1efe1b0ac9d55c8ee5c6fb8d4
        OSName: rhel-atomic-host

[root@atomic-host-test-986 ~]# rpm -q docker container-selinux selinux-policy atomic skopeo
docker-1.12.6-2.el7.x86_64
container-selinux-2.7-1.el7.noarch
selinux-policy-3.13.1-102.el7_3.13.noarch
atomic-1.15.2-4.el7.x86_64
skopeo-0.1.18-1.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. docker run busybox


Actual results:

[root@atomic-host-test-986 ~]# getenforce
Enforcing

[root@atomic-host-test-986 ~]# docker run busybox
panic: standard_init_linux.go:178: exec user process caused "permission denied" [recovered]
	panic: standard_init_linux.go:178: exec user process caused "permission denied"

goroutine 1 [running, locked to thread]:
panic(0x6f3000, 0xc42012f1f0)
	/usr/lib/golang/src/runtime/panic.go:500 +0x1a1
github.com/urfave/cli.HandleAction.func1(0xc42007f748)
	/builddir/build/BUILD/docker-dfc4aea4ba81ecbe1ff8d58f4c4b6d192f82091b/runc-81b254244390bc636b20c87c34a3d9e1a8645069/Godeps/_workspace/src/github.com/urfave/cli/app.go:478 +0x247
panic(0x6f3000, 0xc42012f1f0)
	/usr/lib/golang/src/runtime/panic.go:458 +0x243
github.com/opencontainers/runc/libcontainer.(*LinuxFactory).StartInitialization.func1(0xc42007f198, 0xc42001e078, 0xc42007f238)
	/builddir/build/BUILD/docker-dfc4aea4ba81ecbe1ff8d58f4c4b6d192f82091b/runc-81b254244390bc636b20c87c34a3d9e1a8645069/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/factory_linux.go:259 +0x18f
github.com/opencontainers/runc/libcontainer.(*LinuxFactory).StartInitialization(0xc420056690, 0xaac9c0, 0xc42012f1f0)
	/builddir/build/BUILD/docker-dfc4aea4ba81ecbe1ff8d58f4c4b6d192f82091b/runc-81b254244390bc636b20c87c34a3d9e1a8645069/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/factory_linux.go:277 +0x353
main.glob..func8(0xc420082780, 0x0, 0x0)
	/builddir/build/BUILD/docker-dfc4aea4ba81ecbe1ff8d58f4c4b6d192f82091b/runc-81b254244390bc636b20c87c34a3d9e1a8645069/main_unix.go:26 +0x66
reflect.Value.call(0x6ddd80, 0x769ce8, 0x13, 0x73c1c9, 0x4, 0xc42007f708, 0x1, 0x1, 0x4d17a8, 0x732020, ...)
	/usr/lib/golang/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x6ddd80, 0x769ce8, 0x13, 0xc42007f708, 0x1, 0x1, 0xac2700, 0xc42007f6e8, 0x4da786)
	/usr/lib/golang/src/reflect/value.go:302 +0xa4
github.com/urfave/cli.HandleAction(0x6ddd80, 0x769ce8, 0xc420082780, 0x0, 0x0)
	/builddir/build/BUILD/docker-dfc4aea4ba81ecbe1ff8d58f4c4b6d192f82091b/runc-81b254244390bc636b20c87c34a3d9e1a8645069/Godeps/_workspace/src/github.com/urfave/cli/app.go:487 +0x1e0
github.com/urfave/cli.Command.Run(0x73c395, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74d9d9, 0x51, 0x0, ...)
	/builddir/build/BUILD/docker-dfc4aea4ba81ecbe1ff8d58f4c4b6d192f82091b/runc-81b254244390bc636b20c87c34a3d9e1a8645069/Godeps/_workspace/src/github.com/urfave/cli/command.go:191 +0xc3b
github.com/urfave/cli.(*App).Run(0xc4200c6000, 0xc42000c120, 0x2, 0x2, 0x0, 0x0)
	/builddir/build/BUILD/docker-dfc4aea4ba81ecbe1ff8d58f4c4b6d192f82091b/runc-81b254244390bc636b20c87c34a3d9e1a8645069/Godeps/_workspace/src/github.com/urfave/cli/app.go:240 +0x611
main.main()
	/builddir/build/BUILD/docker-dfc4aea4ba81ecbe1ff8d58f4c4b6d192f82091b/runc-81b254244390bc636b20c87c34a3d9e1a8645069/main.go:137 +0xbd6


Expected results:


Additional info:

[root@atomic-host-test-986 ~]# getsebool virt_sandbox_use_sys_admin virt_sandbox_use_mknod virt_sandbox_use_all_caps virt_sandbox_use_netlink container_manage_cgroup 
virt_sandbox_use_sys_admin --> off
virt_sandbox_use_mknod --> off
virt_sandbox_use_all_caps --> on
virt_sandbox_use_netlink --> off
Error getting active value for container_manage_cgroup
Comment 8 errata-xmlrpc 2017-03-02 19:09:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0407.html