Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1362611 - Cannot start container. oci-register-machine failed, permission denied
Cannot start container. oci-register-machine failed, permission denied
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: docker (Show other bugs)
7.3
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Lokesh Mandvekar
atomic-bugs@redhat.com
: Extras
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-02 12:02 EDT by Lenny Szubowicz
Modified: 2016-11-04 05:09 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-04 05:09:10 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2634 normal SHIPPED_LIVE Moderate: docker security and bug fix update 2016-11-03 16:51:48 EDT

  None (edit)
Description Lenny Szubowicz 2016-08-02 12:02:08 EDT 
Description of problem:

Cannot start any docker container on RHEL 7.3 recent nightly server builds
Using docker from http://download.eng.bos.redhat.com/nightly/latest-EXTRAS-7-RHEL-7/

Version-Release number of selected component (if applicable):

docker-selinux-1.10.3-46.el7.10.x86_64
docker-common-1.10.3-46.el7.10.x86_64
docker-1.10.3-46.el7.10.x86_64
docker-rhel-push-plugin-1.10.3-46.el7.10.x86_64
oci-register-machine-0-1.7.git31bbcd2.el7.x86_64
oci-systemd-hook-0.1.4-5.git41491a3.el7.x86_64




How reproducible: Failed every time on all images/containers I tried. 


Steps to Reproduce:
1. docker run -it --name rhel7.2-ctnr rhel7.2 bash


Actual results:

[root@intel-canoepass-uefi-01 ~]# docker run -it --name rhel7.2-ctnr rhel7.2 bash
docker: Error response from daemon: Cannot start container b76e34674e232c63637d7cff419a691069773db3dab6727b735caded53d6dc62: [9] System error: exit status 1.


From journalctl:

Aug 02 11:48:24 intel-canoepass-uefi-01.khw.lab.eng.bos.redhat.com dbus[1069]: [system] Successfully activated service 'org.freedesktop.machine1'
Aug 02 11:48:24 intel-canoepass-uefi-01.khw.lab.eng.bos.redhat.com systemd[1]: Started Virtual Machine and Container Registration Service.
Aug 02 11:48:24 intel-canoepass-uefi-01.khw.lab.eng.bos.redhat.com oci-register-machine[3763]: 2016/08/02 11:48:24 Register machine failed: Failed to determine unit of process 3743 : Permission denied
Aug 02 11:48:24 intel-canoepass-uefi-01.khw.lab.eng.bos.redhat.com systemd[1]: Stopping docker container 19aaf2f93812db57d6b10820d6e84f6fd8be243b5934b20a33575f932773c425.
Aug 02 11:48:24 intel-canoepass-uefi-01.khw.lab.eng.bos.redhat.com systemd[1]: Stopped docker container 19aaf2f93812db57d6b10820d6e84f6fd8be243b5934b20a33575f932773c425.


From /var/log/audit/audit.log:

type=AVC msg=audit(1470152904.148:164): avc:  denied  { search } for  pid=3767 comm="systemd-machine" name="3743" dev="proc" ino=52357 scontext=system_u:system_r:systemd_machined_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dir
Comment 2 Daniel Walsh 2016-08-03 03:15:55 EDT 
We need the updated docker-selinux package from master.
Comment 3 Daniel Walsh 2016-08-19 08:24:43 EDT 
Fixed in latest docker package.
Comment 6 errata-xmlrpc 2016-11-04 05:09:10 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2634.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.