Bug 1999262

Summary: inability to start container with runc caused by redundant seccomp rules [rhel-8.4.0.z]
Product: Red Hat Enterprise Linux 8 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: podmanAssignee: Jindrich Novy <jnovy>
Status: CLOSED NOTABUG QA Contact: Alex Jia <ajia>
Severity: medium Docs Contact:
Priority: urgent    
Version: 8.4CC: bbaude, dornelas, dwalsh, jligon, jnovy, kir, lsm5, mheon, nalin, pthomas, tsweeney, umohnani, ypu
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1987049 Environment:
Last Closed: 2021-09-15 12:21:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1987049    
Bug Blocks:    

Comment 1 Jindrich Novy 2021-09-06 09:38:52 UTC 
Nalin, do you mind backporting https://patch-diff.githubusercontent.com/raw/containers/podman/pull/11039.patch into 3.0.1-rhel branch to fix it?
Comment 2 Nalin Dahyabhai 2021-09-07 14:23:48 UTC 
Are we sure that this affects 3.0.1?  When I try the reproducer from https://bugzilla.redhat.com/show_bug.cgi?id=1987049#c0 with runc-1.0.0-71.rc92.module+el8.4.0+11310+8c67a752 and podman-3.0.1-6.module+el8.4.0+11310+8c67a752 on top of kernel-4.18.0-305.12.1.el8_4, both as root and as a non-root user, it succeeds.
Comment 3 Jindrich Novy 2021-09-07 14:27:21 UTC 
Good point Nalin.

Kir, could it be that older podman-3.0.1 is unaffected by this?
Comment 4 Jindrich Novy 2021-09-15 12:21:18 UTC 
Closing as per comment #2.
Comment 5 Kir Kolyshkin 2021-10-01 18:52:28 UTC 
It's hard to say without looking at the code, which I don't have at hand. If it works this probably means we're fine.

All the details at in https://github.com/containers/podman/issues/11031.