Bug 2019324
| Summary: | Cannot run rootless container: "error while loading shared libraries: libtinfo.so.6: cannot change memory protections" | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Juan Orti <jortialc> |
| Component: | podman | Assignee: | Matthew Heon <mheon> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 35 | CC: | acui, bbaude, container-sig, debarshir, dwalsh, jnovy, lsm5, mheon, nikperrakis, patrick, pehunt, rh.container.bot, santiago |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | aarch64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-23 14:45:29 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I just verified that the same command works in x86_64 I think I am also affected with this bug. I am running Fedora IoT on a raspberry pi 4 and I am running some LinuxServer.io containers. Everything is working fine for fedora 34 versions of fedora iot. But for version 35 I am getting strange permission errors! Such as: ``` Error relocating ./run: RELRO protection failed: Permission deniedError relocating ./run: RELRO protection failed: Permission denied Error relocating /usr/lib/libreadline.so.8: RELRO protection failed: Permission deniedError relocating /usr/lib/libreadline.so.8: RELRO protection failed: Permission denied ``` I have found [this github issue with similar errors](https://github.com/containers/podman/issues/2025). This suggests that the problem is SELinux related but I can't be sure. Some details about my system: ``` $ rpm-ostree status State: idle Deployments: fedora-iot:fedora/stable/aarch64/iot Version: 34.20211019.0 (2021-10-19T15:13:36Z) BaseCommit: edf0f814bb325ccf75f4dd10cd98f3687fc4c32085884bbc4c50d8ed954e7836 GPGSignature: Valid signature by 8C5BA6990BDB26E19F2A1A801161AE6945719A39 Diff: 387 downgraded, 7 removed, 14 added LayeredPackages: python3-pyserial cockpit-podman usbutils cockpit cockpit-ostree nano python3-libgpiod Pinned: yes * fedora-iot:fedora/stable/aarch64/iot Version: 35.20211108.0 (2021-11-08T08:12:21Z) BaseCommit: 037d7a07010a0a616723110b2225bb15a32d5b3fb1e2982ed1988684e2e2448c GPGSignature: Valid signature by 8C5BA6990BDB26E19F2A1A801161AE6945719A39 LayeredPackages: python3-pyserial cockpit-podman usbutils cockpit cockpit-ostree nano python3-libgpiod ``` The above status is after I run rollback to move to the Fedora-IoT-34 version that works fine. I have also checked and I am also getting the same error reported Juan. Just an update. I am still getting this error with the latest iot aarch64 update.
```
$ rpm-ostree status -v
State: idle
AutomaticUpdates: disabled
Deployments:
* fedora-iot:fedora/stable/aarch64/iot
Version: 35.20211211.0 (2021-12-11T15:03:38Z)
BaseCommit: b39e9228dfe138260f5fca042e4934532f3cd8df06a1b659c5e7fb9c5112fe7f
|- repo-0 (2021-10-26T05:31:21Z)
|- repo-1 (2021-12-11T14:50:46Z)
|- repo-2 (2021-12-11T14:50:51Z)
`- repo-3 (2021-12-11T01:08:38Z)
Commit: 53981235a0f14aeefa6c87f6b9d9fcc841b8451f23b90f5aa92dbd59a29f1426
|- fedora (2021-10-29T10:17:31Z)
|- updates (2021-12-12T00:58:43Z)
|- copr:copr.fedorainfracloud.org:iolaum:podcust (2021-08-11T19:30:59Z)
`- fedora-cisco-openh264 (2021-09-21T18:07:30Z)
Staged: no
StateRoot: fedora-iot
GPGSignature: 1 signature
Signature made Sat Dec 11 17:03:51 2021 using RSA key ID 1161AE6945719A39
Good signature from "Fedora <fedora-34-primary>"
LayeredPackages: cockpit cockpit-ostree cockpit-podman nano python3-libgpiod python3-pyserial usbutils
fedora-iot:fedora/stable/aarch64/iot
Version: 34.20211019.0 (2021-10-19T15:13:36Z)
BaseCommit: edf0f814bb325ccf75f4dd10cd98f3687fc4c32085884bbc4c50d8ed954e7836
|- repo-0 (2021-04-23T10:47:46Z)
|- repo-1 (2021-10-19T15:00:55Z)
|- repo-2 (2021-10-02T20:15:07Z)
`- repo-3 (2021-10-19T00:31:15Z)
Commit: eacaab8cf291c636dc44f8243e9325831d72a16d34eb66bb8cc56a07c84c4034
StateRoot: fedora-iot
GPGSignature: 1 signature
Signature made Tue Oct 19 18:13:41 2021 using RSA key ID 1161AE6945719A39
Good signature from "Fedora <fedora-34-primary>"
LayeredPackages: cockpit cockpit-ostree cockpit-podman nano python3-libgpiod python3-pyserial usbutils
Pinned: yes
$ podman run --rm -ti fedora:35 bash
bash: error while loading shared libraries: libtinfo.so.6: cannot change memory protections
```
It appears that this issue can be fixed with restorecon -R ~/.local/share/containers/storage/overlay* as grumpey pointed out at ask.fedoraproject https://ask.fedoraproject.org/t/errors-running-podman-containers-on-fedora-iot-35/18355/9?u=iolaum I m guessing this issue is not strictly a bug with the images but with the flow of updating from F34 images to F35 images. Closing this per Nikolaos' comment. |
Description of problem: My rootless containers are failing to start up after upgrading to Fedora Linux 35.20211101.0 (IoT Edition) in a Raspeberry Pi 3. Version-Release number of selected component (if applicable): podman-3.4.0-1.fc35.aarch64 ncurses-libs-6.2-8.20210508.fc35.aarch64 kernel-5.14.10-300.fc35.aarch64 * fedora-iot:fedora/stable/aarch64/iot Version: 35.20211101.0 (2021-11-01T18:24:37Z) Commit: 01e693697972e66ecf3e950f519a36d5ec221af4d622e032c1be550419fd3e9d GPGSignature: Valid signature by 8C5BA6990BDB26E19F2A1A801161AE6945719A39 How reproducible: Always Steps to Reproduce: 1. Run as a non-root user: $ podman run --rm -ti fedora:35 bash Actual results: bash: error while loading shared libraries: libtinfo.so.6: cannot change memory protections Expected results: Container running Additional info: