Description of problem: My rootless containers are failing to start up after upgrading to Fedora Linux 35.20211101.0 (IoT Edition) in a Raspeberry Pi 3. Version-Release number of selected component (if applicable): podman-3.4.0-1.fc35.aarch64 ncurses-libs-6.2-8.20210508.fc35.aarch64 kernel-5.14.10-300.fc35.aarch64 * fedora-iot:fedora/stable/aarch64/iot Version: 35.20211101.0 (2021-11-01T18:24:37Z) Commit: 01e693697972e66ecf3e950f519a36d5ec221af4d622e032c1be550419fd3e9d GPGSignature: Valid signature by 8C5BA6990BDB26E19F2A1A801161AE6945719A39 How reproducible: Always Steps to Reproduce: 1. Run as a non-root user: $ podman run --rm -ti fedora:35 bash Actual results: bash: error while loading shared libraries: libtinfo.so.6: cannot change memory protections Expected results: Container running Additional info:
I just verified that the same command works in x86_64
I think I am also affected with this bug. I am running Fedora IoT on a raspberry pi 4 and I am running some LinuxServer.io containers. Everything is working fine for fedora 34 versions of fedora iot. But for version 35 I am getting strange permission errors! Such as: ``` Error relocating ./run: RELRO protection failed: Permission deniedError relocating ./run: RELRO protection failed: Permission denied Error relocating /usr/lib/libreadline.so.8: RELRO protection failed: Permission deniedError relocating /usr/lib/libreadline.so.8: RELRO protection failed: Permission denied ``` I have found [this github issue with similar errors](https://github.com/containers/podman/issues/2025). This suggests that the problem is SELinux related but I can't be sure. Some details about my system: ``` $ rpm-ostree status State: idle Deployments: fedora-iot:fedora/stable/aarch64/iot Version: 34.20211019.0 (2021-10-19T15:13:36Z) BaseCommit: edf0f814bb325ccf75f4dd10cd98f3687fc4c32085884bbc4c50d8ed954e7836 GPGSignature: Valid signature by 8C5BA6990BDB26E19F2A1A801161AE6945719A39 Diff: 387 downgraded, 7 removed, 14 added LayeredPackages: python3-pyserial cockpit-podman usbutils cockpit cockpit-ostree nano python3-libgpiod Pinned: yes * fedora-iot:fedora/stable/aarch64/iot Version: 35.20211108.0 (2021-11-08T08:12:21Z) BaseCommit: 037d7a07010a0a616723110b2225bb15a32d5b3fb1e2982ed1988684e2e2448c GPGSignature: Valid signature by 8C5BA6990BDB26E19F2A1A801161AE6945719A39 LayeredPackages: python3-pyserial cockpit-podman usbutils cockpit cockpit-ostree nano python3-libgpiod ``` The above status is after I run rollback to move to the Fedora-IoT-34 version that works fine. I have also checked and I am also getting the same error reported Juan.
Just an update. I am still getting this error with the latest iot aarch64 update. ``` $ rpm-ostree status -v State: idle AutomaticUpdates: disabled Deployments: * fedora-iot:fedora/stable/aarch64/iot Version: 35.20211211.0 (2021-12-11T15:03:38Z) BaseCommit: b39e9228dfe138260f5fca042e4934532f3cd8df06a1b659c5e7fb9c5112fe7f |- repo-0 (2021-10-26T05:31:21Z) |- repo-1 (2021-12-11T14:50:46Z) |- repo-2 (2021-12-11T14:50:51Z) `- repo-3 (2021-12-11T01:08:38Z) Commit: 53981235a0f14aeefa6c87f6b9d9fcc841b8451f23b90f5aa92dbd59a29f1426 |- fedora (2021-10-29T10:17:31Z) |- updates (2021-12-12T00:58:43Z) |- copr:copr.fedorainfracloud.org:iolaum:podcust (2021-08-11T19:30:59Z) `- fedora-cisco-openh264 (2021-09-21T18:07:30Z) Staged: no StateRoot: fedora-iot GPGSignature: 1 signature Signature made Sat Dec 11 17:03:51 2021 using RSA key ID 1161AE6945719A39 Good signature from "Fedora <fedora-34-primary>" LayeredPackages: cockpit cockpit-ostree cockpit-podman nano python3-libgpiod python3-pyserial usbutils fedora-iot:fedora/stable/aarch64/iot Version: 34.20211019.0 (2021-10-19T15:13:36Z) BaseCommit: edf0f814bb325ccf75f4dd10cd98f3687fc4c32085884bbc4c50d8ed954e7836 |- repo-0 (2021-04-23T10:47:46Z) |- repo-1 (2021-10-19T15:00:55Z) |- repo-2 (2021-10-02T20:15:07Z) `- repo-3 (2021-10-19T00:31:15Z) Commit: eacaab8cf291c636dc44f8243e9325831d72a16d34eb66bb8cc56a07c84c4034 StateRoot: fedora-iot GPGSignature: 1 signature Signature made Tue Oct 19 18:13:41 2021 using RSA key ID 1161AE6945719A39 Good signature from "Fedora <fedora-34-primary>" LayeredPackages: cockpit cockpit-ostree cockpit-podman nano python3-libgpiod python3-pyserial usbutils Pinned: yes $ podman run --rm -ti fedora:35 bash bash: error while loading shared libraries: libtinfo.so.6: cannot change memory protections ```
It appears that this issue can be fixed with restorecon -R ~/.local/share/containers/storage/overlay* as grumpey pointed out at ask.fedoraproject https://ask.fedoraproject.org/t/errors-running-podman-containers-on-fedora-iot-35/18355/9?u=iolaum I m guessing this issue is not strictly a bug with the images but with the flow of updating from F34 images to F35 images.
Closing this per Nikolaos' comment.