Red Hat Bugzilla – Bug 1121345
kernel 3.15 breaks docker
Last modified: 2014-07-22 14:49:56 EDT
After upgrading to kernel 3.15 (kernel-3.15.5-200.fc20.x86_64), many operations inside of docker containers now fail reliably. For example:
$ docker run -ti fedora /bin/bash
bash-4.2# su -c 'uptime'
su: System error
bash-4.2# runuser -c uptime
runuser: System error
If I attach something to /dev/log in the container, I see that "su" is logging the following message:
Jul 19 14:31:18 su: PAM audit_log_acct_message() failed: Operation not permitted
If I reboot back into kernel 3.14 (kernel-3.14.9-200.fc20.x86_64), this problem goes away.
This behavior appears to have been introduced by kernel commit 33faba7fa7f2288d2f8aaea95958b2c97bf9ebfb (https://github.com/torvalds/linux/commits/33faba7fa7f2288d2f8aaea95958b2c97bf9ebfb).
From v3.15, running 'git revert 33faba7' and dealing with the result conflicts results in a build that operates correctly. I haven't actually taken a close look at the code does or why it actually fails.
Specifically, this check is failing in kernel/audit.c, in audit_netlink_ok():
case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2:
if (!netlink_capable(skb, CAP_AUDIT_WRITE))
err = -EPERM;
I should clarify that this manifests using Docker package docker-io-0:1.0.0-6.fc20.x86_64 (as well as docker-io-1.0.0-7.fc22.x86_64).
*** This bug has been marked as a duplicate of bug 1119849 ***