1628371 – [3.9] Fluentd pods failed to start after an update to 3.9.41 when deny_execmem=1 on nodes

Bug 1628371 - [3.9] Fluentd pods failed to start after an update to 3.9.41 when deny_execmem=1 on nodes

Summary: [3.9] Fluentd pods failed to start after an update to 3.9.41 when deny_execme...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Logging
Sub Component:
Version:	3.9.0
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	3.9.z
Assignee:	Rich Megginson
QA Contact:	Anping Li
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1628405 1628407
TreeView+	depends on / blocked

Reported:	2018-09-12 20:34 UTC by Franck Grosjean
Modified:	2022-03-13 15:33 UTC (History)
CC List:	4 users (show)
Fixed In Version:	openshift3/logging-fluentd:v3.9.53-1
Doc Type:	Bug Fix
Doc Text:	Cause: rubygem ffi 1.9.25 reverted a patch which allowed it to work on systems with SELinux deny_execmem=1. Consequence: Fluentd crashes. Fix: The fix is to revert the patch reversion. Result: Fluentd does not crash when using SELinux deny_execmem=1.
Clone Of:
Clones:	1628405 1655691 (view as bug list)
Environment:
Last Closed:	2018-11-20 03:12:03 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:2908	0	None	None	None	2018-11-20 03:12:44 UTC

Description Franck Grosjean 2018-09-12 20:34:40 UTC

Description of problem:
Fluentd pods failed to start after an update to 3.9.41
It was working fine before that (OCP upgrade from 3.9.33 to 3.9.41)

Version-Release number of selected component (if applicable):
3.9.41

How reproducible:
Upgarde fluentd from 3.9.33 to 3.9.41

Actual results:
All fluentd pods crash

Expected results:
All fluentd pods should start

Additional info:
Pods failed to start when setsebool -P deny_execmem 1 on nodes
looks like a regression since https://bugzilla.redhat.com/show_bug.cgi?id=1465039

Comment 13 Anping Li 2018-10-12 10:20:11 UTC

Verified and pass with logging-fluentd/images/v3.9.45-1

Comment 19 errata-xmlrpc 2018-11-20 03:12:03 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2908

Note You need to log in before you can comment on or make changes to this bug.