Bug 1623985

Summary: podman rm emits networking error messages
Product: Red Hat Enterprise Linux 7 Reporter: Qian Cai <qcai>
Component: podmanAssignee: Frantisek Kluknavsky <fkluknav>
Status: CLOSED ERRATA QA Contact: Martin Jenner <mjenner>
Severity: high Docs Contact:
Priority: high    
Version: 7.6CC: bbaude, dwalsh, fkluknav, jligon, lsm5, mheon, umohnani
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-26 07:47:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Qian Cai 2018-08-30 15:29:07 UTC 
Description of problem:
This only happened on ppc64le so far.

# podman rm httpd
time="2018-08-30T11:16:39-04:00" level=error msg="`iptables -t filter -D FORWARD -s 10.88.0.137 ! -o 10.88.0.137 -j ACCEPT` failed: iptables: Bad rule (does a matching rule exist in that chain?).
  (exit status 1)" 
time="2018-08-30T11:16:39-04:00" level=error msg="Error deleting network: failed to Statfs "/var/run/netns/cni-872691e1-c322-c29d-6394-13c59e72e4af": no such file or directory" 
time="2018-08-30T11:16:39-04:00" level=error msg="Error while removing pod from CNI network "podman": failed to Statfs "/var/run/netns/cni-872691e1-c322-c29d-6394-13c59e72e4af": no such file or directory" 
time="2018-08-30T11:16:39-04:00" level=error msg="Failed to tear down network namespace for container 1930017ee2ba38cc70143bca96e3da65394fb6e01ba81bf60eb7b580bfb5822a: failed to Statfs "/var/run/netns/cni-872691e1-c322-c29d-6394-13c59e72e4af": no such file or directory" 
1930017ee2ba38cc70143bca96e3da65394fb6e01ba81bf60eb7b580bfb5822a

Version-Release number of selected component (if applicable):
podman-0.7.3-1.git0791210.el7.ppc64le
RHEL-7.6 snapshot 1

How reproducible:
always

Steps to Reproduce:
1. podman pull brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhel7:7.6
2. podman tag brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhel7:7.6 base-image
3. cat Dockerfile
FROM base-image

RUN yum -y install  httpd
RUN yum clean all; systemctl enable httpd
RUN echo "Hello World!" > /var/www/html/index.html

STOPSIGNAL SIGRTMIN+3
EXPOSE 80
CMD ["/usr/sbin/init"]
4. podman build -v /etc/yum.repos.d/:/etc/yum.repos.d/ --rm --no-cache --force-rm -t httpd-systemd .
5. podman  run -d --name httpd httpd-systemd
6. podman inspect httpd | grep IPA
7. curl <ip above>
8. podman stop httpd
9. podman rm httpd
Comment 1 Daniel Walsh 2018-08-30 16:04:10 UTC 
Brent isn't this fixed in the newer updates?
Comment 4 Lokesh Mandvekar 2018-08-30 17:49:05 UTC 
Frantisek, please use this bug for podman errata.
Comment 5 Qian Cai 2018-08-30 18:20:14 UTC 
This also happened on s390x.

RHEL-ALT-7.6-20180829.0
Comment 6 Frantisek Kluknavsky 2018-09-03 16:14:54 UTC 
Hi,

podman does not depend on oci-systemd-hook, systemd in the container does not start without --privileged.
After installing oci-systemd-hook, it seems to work well. I can not reproduce the problem on ppc64le.
Comment 7 Frantisek Kluknavsky 2018-09-03 16:37:58 UTC 
The same result on regular rhel ppc64le and on alt-arch rhel ppc64le.
Comment 11 Qian Cai 2018-09-04 13:09:45 UTC 
Fixed in podman-0.8.4-3.git9f9b8cf.el7
Comment 13 errata-xmlrpc 2018-09-26 07:47:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2796