1985525 – podman: Cannot run Fedora 35/RHEL 9 Beta images due to clone3 incompatibility

Bug 1985525 - podman: Cannot run Fedora 35/RHEL 9 Beta images due to clone3 incompatibility

Summary: podman: Cannot run Fedora 35/RHEL 9 Beta images due to clone3 incompatibility

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	podman
Sub Component:
Version:	33
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Lokesh Mandvekar
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-07-23 19:46 UTC by Florian Weimer
Modified:	2021-07-24 19:21 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1985499
Environment:
Last Closed:	2021-07-24 19:21:00 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1985499	1	unspecified	CLOSED	podman: Cannot run Fedora 35/RHEL 9 Beta images due to clone3 incompatibility	2023-06-16 07:56:24 UTC

Internal Links: 1985499

Description Florian Weimer 2021-07-23 19:46:18 UTC

Also happens on Fedora 33 with:

containers-common-1-16.fc33.noarch
libseccomp-2.5.0-3.fc33.x86_64
podman-3.1.2-2.fc33.x86_64

+++ This bug was initially created as a clone of Bug #1985499 +++

Fedora 35 and RHEL 9 Beta will first attempt to use the clone3 system call for thread creation.

The changes are not yet in mainline Fedora rawhide (as a mass rebuild is under way).  Builds are available in Koji: glibc-2.33.9000-44.fc35 or later, or glibc-2.33.9000-46.el9 or later.

After the glibc upgrade, thread creation is no longer possible:

# python3 -c 'import threading; threading.Thread(None, lambda: 0).start()'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/lib64/python3.10/threading.py", line 928, in start
    _start_new_thread(self._bootstrap, ())
RuntimeError: can't start new thread

strace from outside the container shows the problematic EPERM error:

2667529 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd5c687f910, parent_tid=0x7fd5c687f910, exit_signal=0, stack=0x7fd5c607f000, stack_size=0x7fff00, tls=0x7fd5c687f640}, 88) = -1 EPERM (Operation not permitted)

Comment 1 Florian Weimer 2021-07-24 10:44:58 UTC

Fedora 34 appears to be fine.

Comment 2 Florian Weimer 2021-07-24 19:21:00 UTC

Fixed for Fedora 33 via: https://bodhi.fedoraproject.org/updates/FEDORA-2021-0c53d8738d

Note You need to log in before you can comment on or make changes to this bug.