Bug 1956537

Summary: running dnf in armv7 container fails with seccomp denial
Product: [Fedora] Fedora Reporter: Paul Whalen <pwhalen>
Component: containers-commonAssignee: Jindrich Novy <jnovy>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 34CC: dwalsh, jeremy.linton, jnovy, lsm5
Target Milestone: ---   
Target Release: ---   
Hardware: armv7l   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-11 14:23:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 245418    

Description Paul Whalen 2021-05-03 20:49:32 UTC 
Description of problem:

Attempting to run dnf in a container on Fedora 34 armv7 fails with:

STEP 2: RUN /usr/bin/dnf install -y httpd 
The futex facility returned an unexpected error code.
container exited on illegal instruction
Error: error building at STEP "RUN /usr/bin/dnf install -y httpd": error while running runtime: exit status 1

In the logs:

May 03 19:20:30 rpi2-1 audit[3036]: SECCOMP auid=1000 uid=1000 gid=1000 ses=1 subj=system_u:system_r:container_t:s0:c201,c466 pid=3036 comm="dnf" exe="/usr/bin/python3.9" sig=0 arch=40000028 syscall=422 compat=0 ip=0xb6b59f7c code=0x50000

syscall 422 on armv7 is - futex_time64

Adding 'futex_time64' to the  '/usr/share/containers/seccomp.json' allows dnf to run as expected. 


Version-Release number of selected component (if applicable):
containers-common-1-15.fc34.noarch
Comment 1 Daniel Walsh 2021-06-11 14:23:03 UTC 
Fixed in the current containers-common