Description of problem: docker run will fail at times with namespace errors Version-Release number of selected component (if applicable): docker-io-1.0.0-1.fc20 How reproducible: pretty much random from what I've noticed Steps to Reproduce: 1. docker run -it fedora bash 2. if you can't see the error in 1, run it again 3. repeat 2 until you see the error Actual results: Here's a sample from my machine: ------------------------------ lsm5 @ naruto : /home/lsm5 $ docker run -it fedora:rawhide bash 2014/06/13 06:42:14 finalize namespace drop bounding set read /proc/1/status: bad file descriptor lsm5 @ naruto : /home/lsm5 $ docker run -it fedora:rawhide bash 2014/06/13 06:42:18 finalize namespace drop capabilities read /proc/1/status: bad file descriptor lsm5 @ naruto : /home/lsm5 $ docker run -it fedora:rawhide bash bash-4.3# exit exit lsm5 @ naruto : /home/lsm5 $ docker run -it fedora:rawhide bash 2014/06/13 06:42:25 finalize namespace drop bounding set read /proc/1/status: bad file descriptor ------------------------------- Expected results: container shell should be accessible everytime
Hmm, I can't seem to be able to replicate this on my rawhide machine, no matter how many times I try this, regardless of the image (centos,fedora,debian,ubuntu)
using a newer version of gocapability (3c85049eae) fixes this for me, on RHEL6 https://github.com/dotcloud/docker/commit/4bf03a0fac48a06298afa149d4339245736810b6
I confirmed that switching from f20 docker-io to rawhide docker-io fixed it for me.
golang-github-syndtr-gocapability-0-0.7.git3c85049.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/golang-github-syndtr-gocapability-0-0.7.git3c85049.el6
golang-github-syndtr-gocapability-0-0.7.git3c85049.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/golang-github-syndtr-gocapability-0-0.7.git3c85049.fc20
golang-github-syndtr-gocapability-0-0.7.git3c85049.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/golang-github-syndtr-gocapability-0-0.7.git3c85049.fc19
Package golang-github-syndtr-gocapability-0-0.7.git3c85049.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing golang-github-syndtr-gocapability-0-0.7.git3c85049.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1647/golang-github-syndtr-gocapability-0-0.7.git3c85049.el6 then log in and leave karma (feedback).
I do also see the same issue on RHEL 7. It work for the first container, but not the 2nd : [misc@sarkhan ~]$ docker run -i -t fedora /bin/bash bash-4.2# id uid=0(root) gid=0(root) groups=0(root) bash-4.2# exit [misc@sarkhan ~]$ docker run -i -t fedora /bin/bash 2014/06/15 15:59:57 finalize namespace drop bounding set read /proc/1/status: bad file descriptor
Apparently others have seen this and a fix was committed on dotcloud https://github.com/dotcloud/docker/issues/6390
I am also observing this problem on a freshly built, and updated, RHEL 7 server. <--- Begin Paste ---> [root@blade-3 docker]# docker run -i -t fedora /bin/bash 2014/06/27 20:28:03 finalize namespace drop bounding set read /proc/1/status: bad file descriptor [root@blade-3 docker]# docker version Client version: 1.0.0 Client API version: 1.12 Go version (client): go1.2.2 Git commit (client): 63fe64c/1.0.0 Server version: 1.0.0 Server API version: 1.12 Go version (server): go1.2.2 Git commit (server): 63fe64c/1.0.0 [root@blade-3 docker]# docker info Containers: 2 Images: 3 Storage Driver: devicemapper Pool Name: docker-253:0-134753531-pool Data file: /var/lib/docker/devicemapper/devicemapper/data Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata Data Space Used: 711.4 Mb Data Space Total: 102400.0 Mb Metadata Space Used: 1.1 Mb Metadata Space Total: 2048.0 Mb Execution Driver: native-0.2 Kernel Version: 3.10.0-123.el7.x86_64 [root@blade-3 docker]# docker run -i -t fedora /bin/bash 2014/06/27 20:58:51 finalize namespace drop bounding set read /proc/1/status: bad file descriptor [root@blade-3 docker]# docker run -i -t fedora /bin/bash 2014/06/27 20:58:53 finalize namespace drop bounding set read /proc/1/status: bad file descriptor [root@blade-3 docker]# docker run -i -t fedora /bin/bash 2014/06/27 20:58:54 finalize namespace drop bounding set read /proc/1/status: bad file descriptor [root@blade-3 docker]# docker run -i -t fedora /bin/bash 2014/06/27 20:58:56 finalize namespace drop bounding set read /proc/1/status: bad file descriptor [root@blade-3 docker]# docker run -i -t fedora /bin/bash 2014/06/27 20:58:57 finalize namespace drop capabilities read /proc/1/status: bad file descriptor [root@blade-3 docker]# docker run -i -t fedora /bin/bash bash-4.2# uname -a Linux 2dc3daacffdd 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux bash-4.2# hostname 2dc3daacffdd <--- End Paste --->
Hi Thomas, what rpm/NVR are you using for docker 1.0.0 on RHEL-7? Is it from one of the fedoras? Or did you build it yourself? docker-io-1.0.0-2 from fedora should have the fix for this problem, I'm guessing the one being built for RHEL-7 has it too. If it's not available already, it might be coming in soon (I guess). Also see Bug 1109533 HTH.
The RPM came from the current RHEL7 EPEL repository. Here is the paste from my repo definition file <--- Begin Paste ---> [epel] name=Extra Packages for Enterprise Linux 7 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch failovermethod=priority enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 <--- End Paste ---> Installation History <--- Begin Paste ---> [root@blade-3 docker]# yum history info 4 Loaded plugins: product-id, subscription-manager Transaction ID : 4 Begin time : Fri Jun 27 20:08:56 2014 Begin rpmdb : 330:7cd928feb4e923ad4b0d65be6e90af817c314fbe End time : 20:08:59 2014 (3 seconds) End rpmdb : 331:a48ccd48c187f1cdf9c9555c24958e1aa5371605 User : root <root> Return-Code : Success Command Line : -y install docker-io Transaction performed with: Installed rpm-4.11.1-16.el7.x86_64 @anaconda/7.0 Installed subscription-manager-1.10.14-9.el7_0.x86_64 @rhel-7-server-rpms Installed yum-3.4.3-118.el7.noarch @anaconda/7.0 Packages Altered: Install docker-io-1.0.0-1.el7.x86_64 @epel history info [root@blade-3 docker]# <--- End Paste --->
Aah ok, the EPEL7 build has been gotten rid of since docker is now in RHEL7 proper. And that build didn't have the fix for this bug. Not sure about the current state or NVR of the RHEL7 build (brew might have more info), but I'd guess the rawhide/f20 builds would also work just fine on RHEL7.
Thanks for the update Lokesh. I am not finding docker-io in any of the RHEL7 repos that I have configured on subscribed server. Could you point me towards what repo docker-io will/should be in. I can share my repo configuration file with you if you need me to, but it's pretty generic for a subscribed system. Thanks!
Steps to reproduce :: 1) On RHEL 7 host, try to download rhel7 docker image #docker pull registry.access.redhat.com/rhel 2) Tag the image (NOTE this step may not be necessary to reproduce) #docker tag registry.access.redhat.com/rhel rhel7 3) Run the image # docker run -i -t rhel7 /bin/bash 4) Quickly exit out of the image 5) Try to run it again. # docker run -i -t rhel7 /bin/bash 2014/07/15 14:23:32 finalize namespace drop bounding set read /proc/1/status: bad file descriptor # docker info Containers: 10 Images: 7 Storage Driver: devicemapper Pool Name: docker-253:0-37070975-pool Data file: /var/lib/docker/devicemapper/devicemapper/data Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata Data Space Used: 905.4 Mb Data Space Total: 102400.0 Mb Metadata Space Used: 1.6 Mb Metadata Space Total: 2048.0 Mb Execution Driver: native-0.2 Kernel Version: 3.10.0-123.el7.x86_64 # docker version Client version: 1.0.0 Client API version: 1.12 Go version (client): go1.2.2 Git commit (client): 63fe64c/1.0.0 Server version: 1.0.0 Server API version: 1.12 Go version (server): go1.2.2 Git commit (server): 63fe64c/1.0.0 The issue can be reproduced easily if the container is re-run quickly after exiting. Otherwise the issue occurs occasionally. -Vivek
(In reply to Vivek Dasgupta from comment #16) > Steps to reproduce :: > > 1) On RHEL 7 host, try to download rhel7 docker image > William, Dan: probably the rhel rpms for golang-github-syndtr-gocapability and docker need an update to take care of this bug (?)
In Fedora or RHEL?
Vivek, you're using the RHEL7 docker rpm, correct? Or are you grabbing the one from fedora by any chance?
Hi Lokesh Yes I believe so. This is on a RHEL7 host using epel, I have installed the docker RPM. # rpm -qa|grep docker docker-io-1.0.0-1.el7.x86_64 # rpm -qa|grep epel epel-release-7-0.2.noarch I followed these instructions for docker installation on RHEL7 https://docs.docker.com/installation/rhel/ regards Vivek
golang-github-syndtr-gocapability-0-0.7.git3c85049.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
golang-github-syndtr-gocapability-0-0.7.git3c85049.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
golang-github-syndtr-gocapability-0-0.7.git3c85049.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.