Bug 1628407

Summary: [3.11] Fluentd pods failed to start after an update to 3.9.41 when deny_execmem=1 on nodes
Product: OpenShift Container Platform Reporter: Rich Megginson <rmeggins>
Component: LoggingAssignee: Jeff Cantrill <jcantril>
Status: CLOSED ERRATA QA Contact: Anping Li <anli>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 3.11.0CC: anli, aos-bugs, fgrosjea, jcantril, rmeggins
Target Milestone: ---   
Target Release: 3.11.0   
Hardware: All   
OS: Linux   
Fixed In Version: openshift3/ose-logging-fluentd:v3.11.3-1 Doc Type: Bug Fix
Doc Text:
Cause: rubygem ffi 1.9.25 reverted a patch which allowed it to work on systems with SELinux deny_execmem=1. Consequence: Fluentd crashes. Fix: The fix is to revert the patch reversion. Result: Fluentd does not crash when using SELinux deny_execmem=1
Story Points: ---
Clone Of: 1628405 Environment:
Last Closed: 2018-10-11 07:25:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1628371, 1628405    
Bug Blocks:    

Comment 1 Rich Megginson 2018-09-12 23:29:05 UTC
build has been tagged into rhaos-3.11-rhel-7-candidate

Comment 4 Anping Li 2018-09-17 06:31:56 UTC
The fluend pod can be started when deny_execmem is enabled with openshift3/ose-logging-fluentd/images/v3.11.6-1

Comment 6 errata-xmlrpc 2018-10-11 07:25:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.