Bug 1628407 - [3.11] Fluentd pods failed to start after an update to 3.9.41 when deny_execmem=1 on nodes
Summary: [3.11] Fluentd pods failed to start after an update to 3.9.41 when deny_execm...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Logging
Version: 3.11.0
Hardware: All
OS: Linux
unspecified
urgent
Target Milestone: ---
: 3.11.0
Assignee: Jeff Cantrill
QA Contact: Anping Li
URL:
Whiteboard:
Depends On: 1628371 1628405
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-09-12 23:24 UTC by Rich Megginson
Modified: 2022-03-13 15:33 UTC (History)
5 users (show)

Fixed In Version: openshift3/ose-logging-fluentd:v3.11.3-1
Doc Type: Bug Fix
Doc Text:
Cause: rubygem ffi 1.9.25 reverted a patch which allowed it to work on systems with SELinux deny_execmem=1. Consequence: Fluentd crashes. Fix: The fix is to revert the patch reversion. Result: Fluentd does not crash when using SELinux deny_execmem=1
Clone Of: 1628405
Environment:
Last Closed: 2018-10-11 07:25:56 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:2652 0 None None None 2018-10-11 07:26:36 UTC

Comment 1 Rich Megginson 2018-09-12 23:29:05 UTC 
build has been tagged into rhaos-3.11-rhel-7-candidate
Comment 4 Anping Li 2018-09-17 06:31:56 UTC 
The fluend pod can be started when deny_execmem is enabled with openshift3/ose-logging-fluentd/images/v3.11.6-1
Comment 6 errata-xmlrpc 2018-10-11 07:25:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652
Note You need to log in before you can comment on or make changes to this bug.