Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2035487

Summary:	"Transport endpoint is not connected" while build Dockerfile
Product:	Red Hat Enterprise Linux 9	Reporter:	mx <berlinli222>
Component:	podman	Assignee:	Giuseppe Scrivano <gscrivan>
Status:	CLOSED INSUFFICIENT_DATA	QA Contact:	atomic-bugs <atomic-bugs>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	CentOS Stream	CC:	bbaude, bstinson, dwalsh, gscrivan, jnovy, jwboyer, lsm5, mheon, pthomas, tsweeney, umohnani
Target Milestone:	rc	Keywords:	Reopened
Target Release:	---	Flags:	pm-rhel: mirror+
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2022-08-02 14:43:09 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description mx 2021-12-24 08:42:38 UTC

Description of problem:
Can not build Dockerfile by:
`
podman build -t mybuild/imagename /root/test/3
`

###
Err Log:
```
[root@localhost 3]# podman build -t mybuild/imagename /root/test/3
STEP 1/5: FROM centos:centos7
STEP 2/5: RUN yum upgrade -y
error running container: error from /usr/bin/crun creating container for [/bin/sh -c yum upgrade -y]: sd-bus call: Transport endpoint is not connected
: exit status 1
Error: error building at STEP "RUN yum upgrade -y": error while running runtime: exit status 1
```

###
Dockerfile:
```
[root@localhost 3]# cat /root/test/3/Dockerfile
FROM centos:centos7

# base system upgrade and system dependencies
RUN yum upgrade -y

RUN yum install -y httpd php && \
    yum clean all

# enable server
RUN systemctl enable httpd

CMD ["/sbin/init"]
```

###
System VERSION:
CentOS-Stream-9-20211222.0-x86_64

Comment 1 Matthew Heon 2022-01-04 14:26:04 UTC

Can you please provide the full output of `podman info` from the machine in question?

Giuseppe, PTAL, looks like the error is out of crun

Comment 2 mx 2022-01-05 02:24:20 UTC

[test@localhost ~]$ podman info
host:
  arch: amd64
  buildahVersion: 1.23.1
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.30-3.el9.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.30, commit: 1b87eb922c2fb551319ad5a6bb0b75842c3ee36e'
  cpus: 4
  distribution:
    distribution: '"centos"'
    version: "9"
  eventLogger: journald
  hostname: localhost.localdomain
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.14.0-30.el9.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 121049088
  memTotal: 3874942976
  ociRuntime:
    name: crun
    package: crun-1.3-1.el9.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.3
      commit: 4f6c8e0583c679bfee6a899c05ac6b916022561b
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.8-3.el9.x86_64
    version: |-
      slirp4netns version 1.1.8
      commit: d361001f495417b880f20329121e3aa431a8f90f
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 3217002496
  swapTotal: 3221221376
  uptime: 327h 15m 24.52s (Approximately 13.62 days)
plugins:
  log:
  - k8s-file
  - none
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - quay.io
  - docker.io
store:
  configFile: /home/test/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/test/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 0
  runRoot: /run/user/1000/containers
  volumePath: /home/test/.local/share/containers/storage/volumes
version:
  APIVersion: 3.4.3-dev
  Built: 1637917542
  BuiltTime: Fri Nov 26 17:05:42 2021
  GitCommit: ""
  GoVersion: go1.17.2
  OsArch: linux/amd64
  Version: 3.4.3-dev

Comment 3 mx 2022-01-07 03:10:36 UTC

It should be runc, not crun. (?)

In centos8, it will not install crun whill intall podman. And the output of podman info in centos8 is:
...
  ociRuntime:
    name: runc
    package: runc-1.0.2-1.module+el8.5.0+710+4c471e88.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.0.2
      spec: 1.0.2-dev
      go: go1.16.7
      libseccomp: 2.5.1
...
whick is not as the output in centos stream9. In centos stream 9, it is "crun". 


However, after "alias crun to runc", it still have err:
##
[root@cent9 bin]# mv /usr/bin/crun /usr/bin/crun_back
[root@cent9 bin]# ln -s /usr/bin/runc /usr/bin/crun
[root@cent9 bin]# ll /usr/bin/*run*
lrwxrwxrwx. 1 root root       13 Jan  7 11:05 /usr/bin/crun -> /usr/bin/runc
-rwxr-xr-x. 1 root root   472312 Oct 20 00:12 /usr/bin/crun_back
-rwxr-xr-x. 1 root root    16320 Aug 10 05:43 /usr/bin/prune
-rwxr-xr-x. 1 root root 11897984 Apr 16  2021 /usr/bin/runc
-rwxr-xr-x. 1 root root    36976 Aug 10 04:03 /usr/bin/runcon
-rwxr-xr-x. 1 root root     1987 Aug 10 04:05 /usr/bin/run-parts
-rwxr-xr-x. 1 root root    66104 Nov 18 21:51 /usr/bin/systemd-run
-rwxr-xr-x. 1 root root    36992 Aug 10 04:03 /usr/bin/truncate
[root@cent9 bin]# podman build -t mybuild/imagename /root/test/3
STEP 1/5: FROM centos:centos7
STEP 2/5: RUN yum upgrade -y
error running container: error from /usr/bin/crun creating container for [/bin/sh -c yum upgrade -y]: time="2022-01-07T11:06:02+08:00" level=error msg="this version of runc doesn't work on cgroups v2"
: exit status 1
Error: error building at STEP "RUN yum upgrade -y": error while running runtime: exit status 1
##

Comment 4 mx 2022-01-10 11:59:21 UTC

It is fixed now on CentOS-Stream-9-20220107-x86_64

Comment 5 Jindrich Novy 2022-01-17 13:05:44 UTC

Thank you for confirmation!

Comment 6 mx 2022-05-04 12:56:57 UTC

This bug still/reappears when using "FROM centos:centos7" or "FROM centos:centos8" or "FROM centos:stream8":

error running container: error from /usr/bin/crun creating container for [/bin/sh -c yum -y upgrade]: sd-bus call: Transport endpoint is not connected: Transport endpoint is not connected


Dockerfiles are only build-able for "FROM centos:stream9".

You should test it

Comment 8 mx 2022-05-05 01:44:46 UTC

it is build-able as version 4.0.0 in my stream9-kvm-Virtual_Machine, however "Transport endpoint is not connected" after updated to version 4.0.3.

here is the diff of "podman info" of those two version:

[root@localhost ~]# diff podman_info_c9_OK podman_info_c9_updated_err
3c3
<   buildahVersion: 1.24.1
---
>   buildahVersion: 1.24.3
28c28
<   kernel: 5.14.0-70.el9.x86_64
---
>   kernel: 5.14.0-80.el9.x86_64
31,32c31,32
<   memFree: 355426304
<   memTotal: 1332543488
---
>   memFree: 85295104
>   memTotal: 1332518912
36c36
<     package: crun-1.4.2-1.el9.x86_64
---
>     package: crun-1.4.4-1.el9.x86_64
39,40c39,40
<       crun version 1.4.2
<       commit: f6fbc8f840df1a414f31a60953ae514fa497c748
---
>       crun version 1.4.4
>       commit: 6521fcc5806f20f6187eb933f9f45130c86da230
63c63
<   swapFree: 1919827968
---
>   swapFree: 2139799552
65c65
<   uptime: 20m 22.96s
---
>   uptime: 24m 0.49s
103c103
<     number: 18
---
>     number: 13
107,109c107,109
<   APIVersion: 4.0.0
<   Built: 1645764745
<   BuiltTime: Fri Feb 25 12:52:25 2022
---
>   APIVersion: 4.0.3
>   Built: 1648835798
>   BuiltTime: Sat Apr  2 01:56:38 2022
113c113
<   Version: 4.0.0
---
>   Version: 4.0.3


## full "podman info" of the updated (it is "dnf update" of all packages) one:
[root@localhost ~]# podman info
host:
  arch: amd64
  buildahVersion: 1.24.3
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.0-1.el9.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.0, commit: 8ef5de138efb6f0aad657082cdea22cf037792cb'
  cpus: 2
  distribution:
    distribution: '"centos"'
    version: "9"
  eventLogger: journald
  hostname: localhost.localdomain
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.14.0-80.el9.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 62783488
  memTotal: 1332518912
  networkBackend: cni
  ociRuntime:
    name: crun
    package: crun-1.4.4-1.el9.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.4.4
      commit: 6521fcc5806f20f6187eb933f9f45130c86da230
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.12-4.el9.x86_64
    version: |-
      slirp4netns version 1.1.12
      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 2139799552
  swapTotal: 2147479552
  uptime: 38m 41.28s
plugins:
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - quay.io
  - docker.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 13
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.0.3
  Built: 1648835798
  BuiltTime: Sat Apr  2 01:56:38 2022
  GitCommit: ""
  GoVersion: go1.17.5
  OsArch: linux/amd64
  Version: 4.0.3

Comment 9 mx 2022-05-05 03:20:42 UTC

may be the verions of containernetworking-plugins 

it is 1:1.1.1-1.el9  now, which will result in the issue: no bridge networt cni-podman0   (to test this, maybe need reboot the system after updated to 1.1.1)
[root@localhost ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:91:24:33 brd ff:ff:ff:ff:ff:ff



After Downgrade containernetworking-plugins to 1.0.1-3.el9, and reboot, it has the bridge networt cni-podman0, and can build.

[root@localhost ~]# dnf remove containernetworking-plugins
[root@localhost ~]# dnf install http://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages/containernetworking-plugins-1.0.1-3.el9.x86_64.rpm
[root@localhost ~]# dnf install podman
[root@localhost ~]# reboot


However, no bridge network again, after update to 1.1.1; and no bridge network again, after then downgrade to 1.0.1 too.
I can not make the bridge network works now, no matter with containernetworking-plugins 1.1.1 or 1.0.1
And I can see the bridge network works in anoter stream9-kvm-Virtual_Machine, vesion 1.1.1, which had no bridge network a few hours ago. Hours without doing anything, it works now.  
It is too confusing.

Comment 10 mx 2022-05-05 03:31:55 UTC

maybe I did not reboot that Virtual_Machine after update, whose bridge network works after hours.

Comment 12 Giuseppe Scrivano 2022-05-06 10:42:48 UTC

I am not able to reproduce the error on CentOS Stream 9 with the latest version of the packages:

$ rpm -q podman crun conmon containernetworking-plugins systemd kernel
podman-4.0.3-1.el9.x86_64
crun-1.4.4-1.el9.x86_64
conmon-2.1.0-1.el9.x86_64
containernetworking-plugins-1.1.1-1.el9.x86_64
systemd-250-4.el9.x86_64
kernel-5.14.0-80.el9.x86_64

It is not clear if the issue happens when running as root or rootless.  The `podman info` is executed as non privileged user.

Are you using podman as root user or unprivileged user?

Please show the output of `podman info` when running as root.

When the failure happens, is there any error in the journal (journalctl --no-pager)?

Could you try temporarily disabling selinux with `setenforce 0`?

Comment 13 mx 2022-05-06 12:20:49 UTC

I just tested it in a freshly installed centos stream 9 Virtual Mathine (kvm inside a stream9 host)

brief:
1, no the cni-podman0 before "setenforce 0", and cannot build stream9 container
2, after "setenforce 0", can build stream9 container
3, can not build centos7 container




booted from:
https://mirrors.ustc.edu.cn/centos-stream/9-stream/BaseOS/x86_64/iso/CentOS-Stream-9-20220425.0-x86_64-boot.iso

the system is "Server" form nearest mirror.




[root@localhost ~]# dnf update
Last metadata expiration check: 0:01:16 ago on Fri 06 May 2022 07:48:44 PM CST.
Dependencies resolved.
Nothing to do.
Complete!
[root@localhost ~]# dnf install podman
Last metadata expiration check: 0:01:22 ago on Fri 06 May 2022 07:48:44 PM CST.
Package podman-2:4.0.3-1.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@localhost ~]# rpm -q podman crun conmon containernetworking-plugins systemd kernel
podman-4.0.3-1.el9.x86_64
crun-1.4.4-1.el9.x86_64
conmon-2.1.0-1.el9.x86_64
containernetworking-plugins-1.1.1-1.el9.x86_64
systemd-250-4.el9.x86_64
kernel-5.14.0-80.el9.x86_64


[root@localhost ~]#  ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:96:a0:76 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.151/24 brd 192.168.122.255 scope global dynamic noprefixroute enp1s0
       valid_lft 2619sec preferred_lft 2619sec
    inet6 fe80::5054:ff:fe96:a076/64 scope link noprefixroute
       valid_lft forever preferred_lft forever


[root@localhost ~]# podman info
host:
  arch: amd64
  buildahVersion: 1.24.3
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.0-1.el9.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.0, commit: 8ef5de138efb6f0aad657082cdea22cf037792cb'
  cpus: 2
  distribution:
    distribution: '"centos"'
    version: "9"
  eventLogger: journald
  hostname: localhost.localdomain
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.14.0-80.el9.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 520843264
  memTotal: 1332518912
  networkBackend: cni
  ociRuntime:
    name: crun
    package: crun-1.4.4-1.el9.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.4.4
      commit: 6521fcc5806f20f6187eb933f9f45130c86da230
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.12-4.el9.x86_64
    version: |-
      slirp4netns version 1.1.12
      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 2147479552
  swapTotal: 2147479552
  uptime: 15m 7.41s
plugins:
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - quay.io
  - docker.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 2
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.0.3
  Built: 1648835798
  BuiltTime: Sat Apr  2 01:56:38 2022
  GitCommit: ""
  GoVersion: go1.17.5
  OsArch: linux/amd64
  Version: 4.0.3


[root@localhost ~]# cat ./cent9/Dockerfile
FROM centos:stream9
MAINTAINER ServerWorld <admin>

RUN dnf -y install nginx
RUN echo "Dockerfile Test on Nginx" > /usr/share/nginx/html/index.html

EXPOSE 80
CMD ["/usr/sbin/nginx", "-g", "daemon off;"]

[root@localhost ~]# podman build -t srv.world/centos9 ./cent9/
STEP 1/6: FROM centos:stream9
Resolved "centos" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull quay.io/centos/centos:stream9...
Getting image source signatures
Copying blob 5e157a9fab7d done
Copying config e97e3a1fb8 done
Writing manifest to image destination
Storing signatures
STEP 2/6: MAINTAINER ServerWorld <admin>
--> d6f122a5230
STEP 3/6: RUN dnf -y install nginx
error running container: error from /usr/bin/crun creating container for [/bin/sh -c dnf -y install nginx]: sd-bus call: Transport endpoint is not connected: Transport endpoint is not connected
: exit status 1
ERRO[0030] did not get container create message from subprocess: read |0: i/o timeout
Error: error building at STEP "RUN dnf -y install nginx": error while running runtime: exit status 1


[root@localhost ~]# date
Fri May  6 07:59:57 PM CST 2022
[root@localhost ~]# podman build -t srv.world/centos9 ./cent9/
STEP 1/6: FROM centos:stream9
STEP 2/6: MAINTAINER ServerWorld <admin>
--> Using cache d6f122a5230b39b4465b0afd53eac4c5570ffd62e35f12c4b0ddf93e8ad65c10
--> d6f122a5230
STEP 3/6: RUN dnf -y install nginx
error running container: error from /usr/bin/crun creating container for [/bin/sh -c dnf -y install nginx]: sd-bus call: Transport endpoint is not connected: Transport endpoint is not connected
: exit status 1
ERRO[0006] did not get container create message from subprocess: read |0: i/o timeout
Error: error building at STEP "RUN dnf -y install nginx": error while running runtime: exit status 1
[root@localhost ~]# journalctl --no-pager
May 06 19:57:00 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-bd7caf3b82b505e355d3daecaf1f6c4b30a25412a6bbbe4ef69eb7a6796c78c1-merged.mount: Deactivated successfully.
May 06 19:57:00 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-3589126c1905e4750f491732db75fdfdf4de2ad1540a4a972ed8a18538410a07-merged.mount: Deactivated successfully.
May 06 19:57:00 localhost.localdomain podman[4712]: 2022-05-06 19:57:00.758765705 +0800 CST m=+6.185582224 image build
May 06 20:00:07 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-fd08eb0e821644ee4c3d29b2e02cc4502765396592e836bfe5dc99809b05b9d7-merged.mount: Deactivated successfully.
May 06 20:00:07 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-731da45d5bc724280c09a1f86f574ec200db7be03b2814b2e32381e6dd18c5c5-merged.mount: Deactivated successfully.
May 06 20:00:07 localhost.localdomain podman[4787]: 2022-05-06 20:00:07.786173199 +0800 CST m=+6.622694545 image build








[root@localhost ~]# setenforce 0
[root@localhost ~]# podman build -t srv.world/centos9 ./cent9/
STEP 1/6: FROM centos:stream9
STEP 2/6: MAINTAINER ServerWorld <admin>
--> Using cache d6f122a5230b39b4465b0afd53eac4c5570ffd62e35f12c4b0ddf93e8ad65c10
--> d6f122a5230
STEP 3/6: RUN dnf -y install nginx
CentOS Stream 9 - BaseOS                        1.5 MB/s | 5.6 MB     00:03
CentOS Stream 9 - AppStream                     3.6 MB/s |  13 MB     00:03
CentOS Stream 9 - Extras packages               3.3 kB/s | 8.0 kB     00:02
Last metadata expiration check: 0:00:01 ago on Fri May  6 12:02:39 2022.
Dependencies resolved.
================================================================================
 Package                 Arch        Version               Repository      Size
================================================================================
Installing:
 nginx                   x86_64      1:1.20.1-10.el9       appstream      603 k
Installing dependencies:
 centos-logos-httpd      noarch      90.4-1.el9            appstream      252 k
 nginx-filesystem        noarch      1:1.20.1-10.el9       appstream       12 k
Installing weak dependencies:
 logrotate               x86_64      3.18.0-5.el9          baseos          76 k

Transaction Summary
================================================================================
Install  4 Packages

Total download size: 942 k
Installed size: 2.3 M
Downloading Packages:
(1/4): logrotate-3.18.0-5.el9.x86_64.rpm        254 kB/s |  76 kB     00:00
(2/4): centos-logos-httpd-90.4-1.el9.noarch.rpm 547 kB/s | 252 kB     00:00
(3/4): nginx-filesystem-1.20.1-10.el9.noarch.rp  51 kB/s |  12 kB     00:00
(4/4): nginx-1.20.1-10.el9.x86_64.rpm           824 kB/s | 603 kB     00:00
--------------------------------------------------------------------------------
Total                                           461 kB/s | 942 kB     00:02
CentOS Stream 9 - BaseOS                        1.6 MB/s | 1.6 kB     00:00
Importing GPG key 0x8483C65D:
 Userid     : "CentOS (CentOS Official Signing Key) <security>"
 Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1
  Running scriptlet: nginx-filesystem-1:1.20.1-10.el9.noarch                1/4
  Installing       : nginx-filesystem-1:1.20.1-10.el9.noarch                1/4
  Installing       : centos-logos-httpd-90.4-1.el9.noarch                   2/4
  Running scriptlet: logrotate-3.18.0-5.el9.x86_64                          3/4
  Installing       : logrotate-3.18.0-5.el9.x86_64                          3/4
  Running scriptlet: logrotate-3.18.0-5.el9.x86_64                          3/4
Created symlink /etc/systemd/system/timers.target.wants/logrotate.timer → /usr/lib/systemd/system/logrotate.timer.

  Installing       : nginx-1:1.20.1-10.el9.x86_64                           4/4
  Running scriptlet: nginx-1:1.20.1-10.el9.x86_64                           4/4
  Verifying        : logrotate-3.18.0-5.el9.x86_64                          1/4
  Verifying        : centos-logos-httpd-90.4-1.el9.noarch                   2/4
  Verifying        : nginx-1:1.20.1-10.el9.x86_64                           3/4
  Verifying        : nginx-filesystem-1:1.20.1-10.el9.noarch                4/4

Installed:
  centos-logos-httpd-90.4-1.el9.noarch  logrotate-3.18.0-5.el9.x86_64
  nginx-1:1.20.1-10.el9.x86_64          nginx-filesystem-1:1.20.1-10.el9.noarch

Complete!
--> 1caa1014554
STEP 4/6: RUN echo "Dockerfile Test on Nginx" > /usr/share/nginx/html/index.html
--> 431e060a1e3
STEP 5/6: EXPOSE 80
--> f2141c1ac38
STEP 6/6: CMD ["/usr/sbin/nginx", "-g", "daemon off;"]
COMMIT srv.world/centos9
--> e04ce13e806
Successfully tagged srv.world/centos9:latest
e04ce13e806584990ee83bb06b32c6259627735cddf8891759e7c9243122cada
[root@localhost ~]#  ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:96:a0:76 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.151/24 brd 192.168.122.255 scope global dynamic noprefixroute enp1s0
       valid_lft 2619sec preferred_lft 2619sec
    inet6 fe80::5054:ff:fe96:a076/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: cni-podman0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 86:13:72:33:1d:84 brd ff:ff:ff:ff:ff:ff
    inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
       valid_lft forever preferred_lft forever
    inet6 fe80::8413:72ff:fe33:1d84/64 scope link
       valid_lft forever preferred_lft forever



[root@localhost ~]# cp -r cent9 cent7
[root@localhost ~]# vi cent7/Dockerfile
[root@localhost ~]# cat cent7/Dockerfile
FROM centos:centos7
MAINTAINER ServerWorld <admin>

RUN yum -y install nginx
RUN echo "Dockerfile Test on Nginx" > /usr/share/nginx/html/index.html

EXPOSE 80
CMD ["/usr/sbin/nginx", "-g", "daemon off;"]

[root@localhost ~]# date
Fri May  6 08:05:25 PM CST 2022
[root@localhost ~]# podman build -t srv.world/centos7 ./cent7/
STEP 1/6: FROM centos:centos7
Resolved "centos" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull quay.io/centos/centos:centos7...
Getting image source signatures
Copying blob 2d473b07cdd5 done
Copying config 8652b9f0cb done
Writing manifest to image destination
Storing signatures
STEP 2/6: MAINTAINER ServerWorld <admin>
--> 8c7ec629e58
STEP 3/6: RUN yum -y install nginx
error running container: error from /usr/bin/crun creating container for [/bin/sh -c yum -y install nginx]: sd-bus call: Transport endpoint is not connected: Transport endpoint is not connected
: exit status 1
ERRO[0031] did not get container create message from subprocess: read |0: i/o timeout
Error: error building at STEP "RUN yum -y install nginx": error while running runtime: exit status 1

[root@localhost ~]# journalctl --no-pager |tail -100
......
May 06 20:02:26 localhost.localdomain dbus-broker-launch[756]: avc:  op=setenforce lsm=selinux enforcing=0 res=1
May 06 20:02:27 localhost.localdomain systemd[1]: Started libcrun container.
May 06 20:02:27 localhost.localdomain kernel: bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8301] manager: (cni-podman0): new Bridge device (/org/freedesktop/NetworkManager/Devices/3)
May 06 20:02:27 localhost.localdomain systemd-udevd[5170]: Using default interface naming scheme 'rhel-9.0'.
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8380] manager: (veth1f1457b3): new Veth device (/org/freedesktop/NetworkManager/Devices/4)
May 06 20:02:27 localhost.localdomain kernel: cni-podman0: port 1(veth1f1457b3) entered blocking state
May 06 20:02:27 localhost.localdomain kernel: cni-podman0: port 1(veth1f1457b3) entered disabled state
May 06 20:02:27 localhost.localdomain kernel: device veth1f1457b3 entered promiscuous mode
May 06 20:02:27 localhost.localdomain systemd-udevd[5176]: Using default interface naming scheme 'rhel-9.0'.
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8461] device (cni-podman0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8468] device (cni-podman0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8474] device (cni-podman0): Activation: starting connection 'cni-podman0' (5df00f90-1b2b-4ad3-bf67-c22aedee33a7)
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8475] device (cni-podman0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8477] device (cni-podman0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8479] device (cni-podman0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8481] device (cni-podman0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8530] device (veth1f1457b3): carrier: link connected
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8532] device (cni-podman0): carrier: link connected
May 06 20:02:27 localhost.localdomain kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
May 06 20:02:27 localhost.localdomain kernel: IPv6: ADDRCONF(NETDEV_CHANGE): veth1f1457b3: link becomes ready
May 06 20:02:27 localhost.localdomain kernel: cni-podman0: port 1(veth1f1457b3) entered blocking state
May 06 20:02:27 localhost.localdomain kernel: cni-podman0: port 1(veth1f1457b3) entered forwarding state
May 06 20:02:27 localhost.localdomain systemd[1]: Starting Network Manager Script Dispatcher Service...
May 06 20:02:27 localhost.localdomain systemd[1]: Started Network Manager Script Dispatcher Service.
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8613] device (cni-podman0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8615] device (cni-podman0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
May 06 20:02:27 localhost.localdomain NetworkManager[757]: <info>  [1651838547.8620] device (cni-podman0): Activation: successful, device activated.
May 06 20:02:27 localhost.localdomain systemd[1]: iscsi.service: Unit cannot be reloaded because it is inactive.
May 06 20:02:27 localhost.localdomain kernel: Warning: Deprecated Driver is detected: nft_compat will not be maintained in a future major release and may be disabled
May 06 20:02:37 localhost.localdomain systemd[1]: NetworkManager-dispatcher.service: Deactivated successfully.
May 06 20:02:43 localhost.localdomain systemd[1]: crun-buildah-buildah2246382207.scope: Deactivated successfully.
May 06 20:02:43 localhost.localdomain systemd[1]: crun-buildah-buildah2246382207.scope: Consumed 4.305s CPU time.
May 06 20:02:43 localhost.localdomain kernel: cni-podman0: port 1(veth1f1457b3) entered disabled state
May 06 20:02:43 localhost.localdomain kernel: device veth1f1457b3 left promiscuous mode
May 06 20:02:43 localhost.localdomain kernel: cni-podman0: port 1(veth1f1457b3) entered disabled state
May 06 20:02:43 localhost.localdomain NetworkManager[757]: <info>  [1651838563.7104] device (veth1f1457b3): released from master device cni-podman0
May 06 20:02:44 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-eae78f391ca77e458644d65bb454bfbc3f69140f5caa664b0caa48a24003ef87-merged.mount: Deactivated successfully.
May 06 20:02:47 localhost.localdomain systemd[1]: Started libcrun container.
May 06 20:02:47 localhost.localdomain NetworkManager[757]: <info>  [1651838567.5491] manager: (veth988d3f28): new Veth device (/org/freedesktop/NetworkManager/Devices/5)
May 06 20:02:47 localhost.localdomain systemd-udevd[5559]: Using default interface naming scheme 'rhel-9.0'.
May 06 20:02:47 localhost.localdomain kernel: cni-podman0: port 1(veth988d3f28) entered blocking state
May 06 20:02:47 localhost.localdomain kernel: cni-podman0: port 1(veth988d3f28) entered disabled state
May 06 20:02:47 localhost.localdomain kernel: device veth988d3f28 entered promiscuous mode
May 06 20:02:47 localhost.localdomain kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
May 06 20:02:47 localhost.localdomain kernel: IPv6: ADDRCONF(NETDEV_CHANGE): veth988d3f28: link becomes ready
May 06 20:02:47 localhost.localdomain kernel: cni-podman0: port 1(veth988d3f28) entered blocking state
May 06 20:02:47 localhost.localdomain kernel: cni-podman0: port 1(veth988d3f28) entered forwarding state
May 06 20:02:47 localhost.localdomain NetworkManager[757]: <info>  [1651838567.5543] device (veth988d3f28): carrier: link connected
May 06 20:02:47 localhost.localdomain NetworkManager[757]: <info>  [1651838567.5546] device (cni-podman0): carrier: link connected
May 06 20:02:47 localhost.localdomain systemd[1]: crun-buildah-buildah3590570443.scope: Deactivated successfully.
May 06 20:02:47 localhost.localdomain kernel: cni-podman0: port 1(veth988d3f28) entered disabled state
May 06 20:02:47 localhost.localdomain kernel: device veth988d3f28 left promiscuous mode
May 06 20:02:47 localhost.localdomain kernel: cni-podman0: port 1(veth988d3f28) entered disabled state
May 06 20:02:47 localhost.localdomain NetworkManager[757]: <info>  [1651838567.6105] device (veth988d3f28): released from master device cni-podman0
May 06 20:02:47 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-7196bb22026750ffb7a864aae23dea0e3eb0ffb9d3e6e76df88bdfcb61fabed7-merged.mount: Deactivated successfully.
May 06 20:02:49 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-5568ce530fa3cfc8a0b6766d17973063633ee11d22ca274842f2acae768a56a1-merged.mount: Deactivated successfully.
May 06 20:02:49 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-87bf3a781a4f5ab040c6d5cea7c24a5564bb2d6945397ad813303ba6a4bd245a-merged.mount: Deactivated successfully.
May 06 20:02:50 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-e82d26b0f4420a5bd55ae5bf2d309073f9aca7138a847cc1b30e7f9c2dc9abef-merged.mount: Deactivated successfully.
May 06 20:02:50 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-9489df6aa885b5162fd5a54cdbfbc53f5d6f3b7af3f52bc683441c1ca87f3a1e-merged.mount: Deactivated successfully.
May 06 20:02:50 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-f66893b0c364c75f4e0dec1fe6a48e1bac23314be28c571f6e92bd2ca21b9c41-merged.mount: Deactivated successfully.
May 06 20:02:50 localhost.localdomain podman[5115]: 2022-05-06 20:02:50.167706458 +0800 CST m=+23.315684904 image build  e04ce13e806584990ee83bb06b32c6259627735cddf8891759e7c9243122cada
May 06 20:02:50 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay.mount: Deactivated successfully.
May 06 20:05:34 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-bf6d0cde2709ec493c845fb3b6ae06d23cd431f88b57ce6a25a0e6ed7caf3795-merged.mount: Deactivated successfully.
May 06 20:05:34 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-bf031e7a09e5fc62d025fc5e30ca8205e682ad3e875290904a5e85b403428cd4-merged.mount: Deactivated successfully.
May 06 20:05:34 localhost.localdomain podman[5692]: 2022-05-06 20:05:34.675822776 +0800 CST m=+32.752966714 image build
[root@localhost ~]#

Comment 14 Daniel Walsh 2022-05-06 12:57:15 UTC

If you can not build with SELinux enabled, could you attach the AVC messages?

Comment 15 mx 2022-05-06 13:23:14 UTC

how to get the AVC messages?

[root@localhost audit]# ausearch -m AVC
<no matches>



By the way, do not know why can not setup the cni-podman0 bridge network, after SELINUX=disabled and reboot.


[root@localhost ~]# cat /etc/selinux/config  |grep ^SELINUX
SELINUX=disabled
SELINUXTYPE=targeted
[root@localhost ~]# reboot



[root@localhost ~]# getenforce
Disabled
[root@localhost ~]# date
Fri May  6 09:07:39 PM CST 2022
[root@localhost ~]# podman build -t srv.world/centos7 ./cent7/
STEP 1/6: FROM centos:centos7
STEP 2/6: MAINTAINER ServerWorld <admin>
--> Using cache 8c7ec629e580f5ce4958ccf04ecd44ac2156b36a5a04d59c2048d1cb31791909
--> 8c7ec629e58
STEP 3/6: RUN yum -y install nginx
error running container: error from /usr/bin/crun creating container for [/bin/sh -c yum -y install nginx]: sd-bus call: Transport endpoint is not connected: Transport endpoint is not connected
: exit status 1
ERRO[0005] did not get container create message from subprocess: read |0: i/o timeout
Error: error building at STEP "RUN yum -y install nginx": error while running runtime: exit status 1
[root@localhost ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:96:a0:76 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.151/24 brd 192.168.122.255 scope global dynamic noprefixroute enp1s0
       valid_lft 3545sec preferred_lft 3545sec
    inet6 fe80::5054:ff:fe96:a076/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
[root@localhost ~]# journalctl --no-pager |tail -50
May 06 21:07:13 localhost.localdomain systemd[1]: Reached target Multi-User System.
May 06 21:07:13 localhost.localdomain systemd[1]: Starting Record Runlevel Change in UTMP...
May 06 21:07:13 localhost.localdomain systemd[1]: systemd-update-utmp-runlevel.service: Deactivated successfully.
May 06 21:07:13 localhost.localdomain systemd[1]: Finished Record Runlevel Change in UTMP.
May 06 21:07:13 localhost.localdomain NetworkManager[734]: <info>  [1651842433.1401] policy: set-hostname: set hostname to 'localhost.localdomain' (no hostname found)
May 06 21:07:13 localhost.localdomain kdumpctl[839]: kdump: kexec: loaded kdump kernel
May 06 21:07:13 localhost.localdomain kdumpctl[839]: kdump: Starting kdump: [OK]
May 06 21:07:13 localhost.localdomain systemd[1]: Finished Crash recovery kernel arming.
May 06 21:07:13 localhost.localdomain systemd[1]: Startup finished in 625ms (kernel) + 1.617s (initrd) + 6.159s (userspace) = 8.402s.
May 06 21:07:19 localhost.localdomain sshd[1206]: Accepted password for test from 192.168.122.1 port 35222 ssh2
May 06 21:07:19 localhost.localdomain systemd[1]: Created slice User Slice of UID 1000.
May 06 21:07:19 localhost.localdomain systemd[1]: Starting User Runtime Directory /run/user/1000...
May 06 21:07:19 localhost.localdomain systemd-logind[724]: New session 1 of user test.
May 06 21:07:19 localhost.localdomain systemd[1]: Finished User Runtime Directory /run/user/1000.
May 06 21:07:19 localhost.localdomain systemd[1]: Starting User Manager for UID 1000...
May 06 21:07:19 localhost.localdomain systemd[1209]: pam_unix(systemd-user:session): session opened for user test(uid=1000) by (uid=0)
May 06 21:07:19 localhost.localdomain systemd[1209]: Queued start job for default target Main User Target.
May 06 21:07:19 localhost.localdomain systemd[1209]: Created slice User Application Slice.
May 06 21:07:19 localhost.localdomain systemd[1209]: Started Mark boot as successful after the user session has run 2 minutes.
May 06 21:07:19 localhost.localdomain systemd[1209]: Started Daily Cleanup of User's Temporary Directories.
May 06 21:07:19 localhost.localdomain systemd[1209]: Reached target Paths.
May 06 21:07:19 localhost.localdomain systemd[1209]: Reached target Timers.
May 06 21:07:19 localhost.localdomain systemd[1209]: Starting D-Bus User Message Bus Socket...
May 06 21:07:19 localhost.localdomain systemd[1209]: Starting Create User's Volatile Files and Directories...
May 06 21:07:19 localhost.localdomain systemd[1209]: Finished Create User's Volatile Files and Directories.
May 06 21:07:19 localhost.localdomain systemd[1209]: Listening on D-Bus User Message Bus Socket.
May 06 21:07:19 localhost.localdomain systemd[1209]: Reached target Sockets.
May 06 21:07:19 localhost.localdomain systemd[1209]: Reached target Basic System.
May 06 21:07:19 localhost.localdomain systemd[1209]: Reached target Main User Target.
May 06 21:07:19 localhost.localdomain systemd[1209]: Startup finished in 40ms.
May 06 21:07:19 localhost.localdomain systemd[1]: Started User Manager for UID 1000.
May 06 21:07:19 localhost.localdomain systemd[1]: Started Session 1 of User test.
May 06 21:07:19 localhost.localdomain sshd[1206]: pam_unix(sshd:session): session opened for user test(uid=1000) by (uid=0)
May 06 21:07:20 localhost.localdomain chronyd[729]: Selected source 119.28.183.184 (2.centos.pool.ntp.org)
May 06 21:07:20 localhost.localdomain chronyd[729]: System clock TAI offset set to 37 seconds
May 06 21:07:23 localhost.localdomain systemd[1]: NetworkManager-dispatcher.service: Deactivated successfully.
May 06 21:07:23 localhost.localdomain su[1239]: (to root) test on pts/0
May 06 21:07:23 localhost.localdomain su[1239]: pam_unix(su:session): session opened for user root(uid=0) by test(uid=1000)
May 06 21:07:47 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-compat2842544328-merged.mount: Deactivated successfully.
May 06 21:07:47 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-metacopy\x2dcheck4129253761-merged.mount: Deactivated successfully.
May 06 21:07:48 localhost.localdomain podman[1257]: 2022-05-06 21:07:48.093147969 +0800 CST m=+0.264477194 system refresh
May 06 21:07:48 localhost.localdomain systemd[1209]: Starting D-Bus User Message Bus...
May 06 21:07:48 localhost.localdomain dbus-broker-launch[1307]: Policy to allow eavesdropping in /usr/share/dbus-1/session.conf +31: Eavesdropping is deprecated and ignored
May 06 21:07:48 localhost.localdomain dbus-broker-launch[1307]: Policy to allow eavesdropping in /usr/share/dbus-1/session.conf +33: Eavesdropping is deprecated and ignored
May 06 21:07:48 localhost.localdomain systemd[1209]: Started D-Bus User Message Bus.
May 06 21:07:48 localhost.localdomain dbus-broker-lau[1307]: Ready
May 06 21:07:49 localhost.localdomain systemd[1]: systemd-hostnamed.service: Deactivated successfully.
May 06 21:07:53 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-dd95fcc6da6f525b42eab8baf370a7dc6e53c6879dcfdc8dc1ecb91832f5ddb0-merged.mount: Deactivated successfully.
May 06 21:07:53 localhost.localdomain systemd[1]: var-lib-containers-storage-overlay-3a82df92d2eed8dd2970ded187a2ed45bacd4def0849743c9b40be3e95a5bee6-merged.mount: Deactivated successfully.
May 06 21:07:54 localhost.localdomain podman[1257]: 2022-05-06 21:07:54.036702539 +0800 CST m=+6.208031765 image build

Comment 16 Giuseppe Scrivano 2022-05-06 13:59:44 UTC

if you completely disable SELinux then it won't log any error.

You need to set it in permissive mode and before you attempt the test run `semodule -DB` to enable dontaudit rules as well

Comment 17 mx 2022-05-06 14:21:58 UTC

I do not know why it can build centos7 container, just after tens seconds of unable-build.


[root@localhost ~]# cat /etc/selinux/config  |grep ^SELINUX
SELINUX=permissive
SELINUXTYPE=targeted
[root@localhost ~]# reboot



[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# date
Fri May  6 10:08:30 PM CST 2022
[root@localhost ~]# podman build -t srv.world/centos7 ./cent7/
STEP 1/6: FROM centos:centos7
STEP 2/6: MAINTAINER ServerWorld <admin>
--> Using cache 8c7ec629e580f5ce4958ccf04ecd44ac2156b36a5a04d59c2048d1cb31791909
--> 8c7ec629e58
STEP 3/6: RUN yum -y install nginx
error running container: error from /usr/bin/crun creating container for [/bin/sh -c yum -y install nginx]: sd-bus call: Transport endpoint is not connected: Transport endpoint is not connected
: exit status 1
ERRO[0005] did not get container create message from subprocess: read |0: i/o timeout
Error: error building at STEP "RUN yum -y install nginx": error while running runtime: exit status 1
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# date
Fri May  6 10:08:46 PM CST 2022
[root@localhost ~]# semodule -DB
[root@localhost ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:96:a0:76 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.151/24 brd 192.168.122.255 scope global dynamic noprefixroute enp1s0
       valid_lft 3474sec preferred_lft 3474sec
    inet6 fe80::5054:ff:fe96:a076/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
[root@localhost ~]# podman build -t srv.world/centos7 ./cent7/
STEP 1/6: FROM centos:centos7
STEP 2/6: MAINTAINER ServerWorld <admin>
--> Using cache 8c7ec629e580f5ce4958ccf04ecd44ac2156b36a5a04d59c2048d1cb31791909
--> 8c7ec629e58
STEP 3/6: RUN yum -y install nginx
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
^C   ##### its building, I cancaled.

[root@localhost ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:96:a0:76 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.151/24 brd 192.168.122.255 scope global dynamic noprefixroute enp1s0
       valid_lft 3448sec preferred_lft 3448sec
    inet6 fe80::5054:ff:fe96:a076/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: cni-podman0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether ee:94:20:41:3c:f6 brd ff:ff:ff:ff:ff:ff
    inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
       valid_lft forever preferred_lft forever
    inet6 fe80::ec94:20ff:fe41:3cf6/64 scope link
       valid_lft forever preferred_lft forever

[root@localhost ~]# ausearch -m AVC
----
time->Fri May  6 22:06:57 2022
type=PROCTITLE msg=audit(1651846017.522:96): proctitle=2F7573722F62696E2F62617368002F7573722F6C69622F6472616375742F6472616375742D696E697472616D66732D726573746F7265
type=EXECVE msg=audit(1651846017.522:96): argc=2 a0="/usr/bin/bash" a1="/usr/lib/dracut/dracut-initramfs-restore"
type=SYSCALL msg=audit(1651846017.522:96): arch=c000003e syscall=59 success=yes exit=0 a0=5645e13f8310 a1=5645e1443260 a2=5645e1447240 a3=1 items=0 ppid=1 pid=1430 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dracut-initramf" exe="/usr/bin/bash" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
type=AVC msg=audit(1651846017.522:96): avc:  denied  { siginh } for  pid=1430 comm="dracut-initramf" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process permissive=1
----
time->Fri May  6 22:06:59 2022
type=PROCTITLE msg=audit(1651846019.851:121): proctitle=2F7573722F7362696E2F65627461626C6573002D2D636F6E63757272656E74002D740062726F757465002D4C
type=PATH msg=audit(1651846019.851:121): item=0 name="/lib64/ld-linux-x86-64.so.2" inode=50504137 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1651846019.851:121): cwd="/"
type=EXECVE msg=audit(1651846019.851:121): argc=5 a0="/usr/sbin/ebtables" a1="--concurrent" a2="-t" a3="broute" a4="-L"
type=BPRM_FCAPS msg=audit(1651846019.851:121): fver=0 fp=0 fi=0 fe=0 old_pp=0000000000003000 old_pi=0 old_pe=0000000000003000 old_pa=0 pp=0000000000003000 pi=0 pe=0000000000003000 pa=0 frootid=0
type=SYSCALL msg=audit(1651846019.851:121): arch=c000003e syscall=59 success=yes exit=0 a0=7f6fbb7d3a30 a1=7f6fbb762480 a2=7f6fbb8bf430 a3=0 items=1 ppid=716 pid=1454 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ebtables" exe="/usr/sbin/xtables-nft-multi" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1651846019.851:121): avc:  denied  { siginh } for  pid=1454 comm="ebtables" scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846019.851:121): avc:  denied  { rlimitinh } for  pid=1454 comm="ebtables" scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846019.851:121): avc:  denied  { noatsecure } for  pid=1454 comm="firewalld" scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=process permissive=1
----
time->Fri May  6 22:07:11 2022
type=PROCTITLE msg=audit(1651846031.082:9): proctitle=2F7573722F62696E2F7368002F7362696E2F617567656E72756C6573002D2D6C6F6164
type=EXECVE msg=audit(1651846031.082:9): argc=3 a0="/usr/bin/sh" a1="/sbin/augenrules" a2="--load"
type=SYSCALL msg=audit(1651846031.082:9): arch=c000003e syscall=59 success=yes exit=0 a0=55a2e85cd520 a1=55a2e859d600 a2=55a2e858f880 a3=1 items=0 ppid=1 pid=696 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="augenrules" exe="/usr/bin/bash" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
type=AVC msg=audit(1651846031.082:9): avc:  denied  { siginh } for  pid=696 comm="augenrules" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process permissive=1
----
time->Fri May  6 22:07:11 2022
type=PROCTITLE msg=audit(1651846031.201:27): proctitle=2F7573722F62696E2F646275732D62726F6B65722D6C61756E6368002D2D73636F70650073797374656D002D2D6175646974
type=SYSCALL msg=audit(1651846031.201:27): arch=c000003e syscall=54 success=yes exit=0 a0=8 a1=1 a2=20 a3=7ffc1a8b4a74 items=0 ppid=1 pid=730 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dbus-broker-lau" exe="/usr/bin/dbus-broker-launch" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1651846031.201:27): avc:  denied  { net_admin } for  pid=730 comm="dbus-broker-lau" capability=12  scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=capability permissive=1
----
time->Fri May  6 22:07:11 2022
type=PROCTITLE msg=audit(1651846031.231:30): proctitle=2F7573722F62696E2F707974686F6E33002D73002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
type=SYSCALL msg=audit(1651846031.231:30): arch=c000003e syscall=91 success=yes exit=0 a0=3 a1=1a0 a2=0 a3=7ff13a5dfe7e items=0 ppid=1 pid=715 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python3.9" subj=system_u:system_r:firewalld_t:s0 key=(null)
type=AVC msg=audit(1651846031.231:30): avc:  denied  { fowner } for  pid=715 comm="firewalld" capability=3  scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:firewalld_t:s0 tclass=capability permissive=1
----
time->Fri May  6 22:07:11 2022
type=PROCTITLE msg=audit(1651846031.328:32): proctitle=2F7573722F7362696E2F69707461626C6573002D77002D4C002D6E
type=PATH msg=audit(1651846031.328:32): item=0 name="/lib64/ld-linux-x86-64.so.2" inode=50504137 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1651846031.328:32): cwd="/"
type=EXECVE msg=audit(1651846031.328:32): argc=4 a0="/usr/sbin/iptables" a1="-w" a2="-L" a3="-n"
type=BPRM_FCAPS msg=audit(1651846031.328:32): fver=0 fp=0 fi=0 fe=0 old_pp=0000000000003000 old_pi=0 old_pe=0000000000003000 old_pa=0 pp=0000000000003000 pi=0 pe=0000000000003000 pa=0 frootid=0
type=SYSCALL msg=audit(1651846031.328:32): arch=c000003e syscall=59 success=yes exit=0 a0=7ff138057310 a1=7ff138059420 a2=7ff138711f40 a3=0 items=1 ppid=715 pid=732 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-nft-multi" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1651846031.328:32): avc:  denied  { siginh } for  pid=732 comm="iptables" scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846031.328:32): avc:  denied  { rlimitinh } for  pid=732 comm="iptables" scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846031.328:32): avc:  denied  { noatsecure } for  pid=732 comm="firewalld" scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=process permissive=1
----
time->Fri May  6 22:07:11 2022
type=PROCTITLE msg=audit(1651846031.349:34): proctitle=2F7573722F62696E2F6E6D2D6F6E6C696E65002D73002D71
type=EXECVE msg=audit(1651846031.349:34): argc=3 a0="/usr/bin/nm-online" a1="-s" a2="-q"
type=SYSCALL msg=audit(1651846031.349:34): arch=c000003e syscall=59 success=yes exit=0 a0=55a2e85c1590 a1=55a2e85bd960 a2=55a2e849fdd0 a3=55a2e85c1640 items=0 ppid=1 pid=738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nm-online" exe="/usr/bin/nm-online" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
type=AVC msg=audit(1651846031.349:34): avc:  denied  { siginh } for  pid=738 comm="nm-online" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process permissive=1
----
time->Fri May  6 22:07:11 2022
type=PROCTITLE msg=audit(1651846031.434:40): proctitle=2F7573722F62696E2F7368002F7573722F6C69622F4E6574776F726B4D616E616765722F646973706174636865722E642F30342D6973637369006E6F6E6500686F73746E616D65
type=PATH msg=audit(1651846031.434:40): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=50504137 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(1651846031.434:40): item=0 name="/usr/bin/sh" inode=33693795 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1651846031.434:40): cwd="/"
type=EXECVE msg=audit(1651846031.434:40): argc=4 a0="/usr/bin/sh" a1="/usr/lib/NetworkManager/dispatcher.d/04-iscsi" a2="none" a3="hostname"
type=SYSCALL msg=audit(1651846031.434:40): arch=c000003e syscall=59 success=yes exit=0 a0=55878a1b4f10 a1=7fff7abfbb50 a2=55878a1b0610 a3=0 items=2 ppid=756 pid=760 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="04-iscsi" exe="/usr/bin/bash" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1651846031.434:40): avc:  denied  { siginh } for  pid=760 comm="04-iscsi" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846031.434:40): avc:  denied  { rlimitinh } for  pid=760 comm="04-iscsi" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846031.434:40): avc:  denied  { noatsecure } for  pid=760 comm="nm-dispatcher" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process permissive=1
----
time->Fri May  6 22:07:11 2022
type=PROCTITLE msg=audit(1651846031.436:41): proctitle=2F7573722F62696E2F7368002F7573722F6C69622F4E6574776F726B4D616E616765722F646973706174636865722E642F32302D6368726F6E792D64686370006E6F6E6500686F73746E616D65
type=PATH msg=audit(1651846031.436:41): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=50504137 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(1651846031.436:41): item=0 name="/usr/bin/sh" inode=33693795 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1651846031.436:41): cwd="/"
type=EXECVE msg=audit(1651846031.436:41): argc=4 a0="/usr/bin/sh" a1="/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp" a2="none" a3="hostname"
type=SYSCALL msg=audit(1651846031.436:41): arch=c000003e syscall=59 success=yes exit=0 a0=55878a1b4f50 a1=7fff7abfbf50 a2=55878a1b0610 a3=0 items=2 ppid=756 pid=761 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="20-chrony-dhcp" exe="/usr/bin/bash" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1651846031.436:41): avc:  denied  { siginh } for  pid=761 comm="20-chrony-dhcp" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846031.436:41): avc:  denied  { rlimitinh } for  pid=761 comm="20-chrony-dhcp" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846031.436:41): avc:  denied  { noatsecure } for  pid=761 comm="nm-dispatcher" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process permissive=1
----
time->Fri May  6 22:07:11 2022
type=PROCTITLE msg=audit(1651846031.488:42): proctitle=2F7573722F7362696E2F69707461626C6573002D773130002D74007365637572697479002D4C002D6E
type=PATH msg=audit(1651846031.488:42): item=0 name="/lib64/ld-linux-x86-64.so.2" inode=50504137 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1651846031.488:42): cwd="/"
type=EXECVE msg=audit(1651846031.488:42): argc=6 a0="/usr/sbin/iptables" a1="-w10" a2="-t" a3="security" a4="-L" a5="-n"
type=BPRM_FCAPS msg=audit(1651846031.488:42): fver=0 fp=0 fi=0 fe=0 old_pp=0000000000003000 old_pi=0 old_pe=0000000000003000 old_pa=0 pp=0000000000003000 pi=0 pe=0000000000003000 pa=0 frootid=0
type=SYSCALL msg=audit(1651846031.488:42): arch=c000003e syscall=59 success=yes exit=0 a0=7ff137c25b30 a1=7ff137c44af0 a2=7ff137c7f450 a3=0 items=1 ppid=715 pid=774 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-nft-multi" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1651846031.488:42): avc:  denied  { siginh } for  pid=774 comm="iptables" scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846031.488:42): avc:  denied  { rlimitinh } for  pid=774 comm="iptables" scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846031.488:42): avc:  denied  { noatsecure } for  pid=774 comm="firewalld" scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=process permissive=1
----
time->Fri May  6 22:07:14 2022
type=PROCTITLE msg=audit(1651846034.249:49): proctitle=2F7573722F62696E2F707974686F6E33002F7573722F73686172652F736574726F75626C6573686F6F742F536574726F75626C6573686F6F7450726976696C656765642E7079
type=EXECVE msg=audit(1651846034.249:49): argc=2 a0="/usr/bin/python3" a1="/usr/share/setroubleshoot/SetroubleshootPrivileged.py"
type=SYSCALL msg=audit(1651846034.249:49): arch=c000003e syscall=59 success=yes exit=0 a0=55a2e85ea560 a1=55a2e85f5db0 a2=55a2e85c0fa0 a3=7f34d3afe8db items=0 ppid=1 pid=834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="SetroubleshootP" exe="/usr/bin/python3.9" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
type=AVC msg=audit(1651846034.249:49): avc:  denied  { siginh } for  pid=834 comm="SetroubleshootP" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process permissive=1
----
time->Fri May  6 22:07:16 2022
type=PROCTITLE msg=audit(1651846036.127:60): proctitle=2F7573722F62696E2F7368002F7573722F6C69622F4E6574776F726B4D616E616765722F646973706174636865722E642F32302D6368726F6E792D6F6E6F66666C696E650000636F6E6E65637469766974792D6368616E6765
type=PATH msg=audit(1651846036.127:60): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=50504137 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(1651846036.127:60): item=0 name="/usr/bin/sh" inode=33693795 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1651846036.127:60): cwd="/"
type=EXECVE msg=audit(1651846036.127:60): argc=4 a0="/usr/bin/sh" a1="/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline" a2="" a3="connectivity-change"
type=SYSCALL msg=audit(1651846036.127:60): arch=c000003e syscall=59 success=yes exit=0 a0=55878a1b4e60 a1=7fff7abfbf50 a2=55878a19b330 a3=0 items=2 ppid=756 pid=916 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="20-chrony-onoff" exe="/usr/bin/bash" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1651846036.127:60): avc:  denied  { siginh } for  pid=916 comm="20-chrony-onoff" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846036.127:60): avc:  denied  { rlimitinh } for  pid=916 comm="20-chrony-onoff" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846036.127:60): avc:  denied  { noatsecure } for  pid=916 comm="nm-dispatcher" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process permissive=1
----
time->Fri May  6 22:07:50 2022
type=PROCTITLE msg=audit(1651846070.520:71): proctitle=2F7573722F7362696E2F756E69785F63686B7077640074657374006E6F6E756C6C
type=PATH msg=audit(1651846070.520:71): item=0 name="/lib64/ld-linux-x86-64.so.2" inode=50504137 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1651846070.520:71): cwd="/"
type=EXECVE msg=audit(1651846070.520:71): argc=3 a0="/usr/sbin/unix_chkpwd" a1="test" a2="nonull"
type=SYSCALL msg=audit(1651846070.520:71): arch=c000003e syscall=59 success=yes exit=0 a0=7f75691b304a a1=7fff67f2c940 a2=7f75691b7040 a3=7fff67f2c8f0 items=1 ppid=1274 pid=1276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=system_u:system_r:chkpwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1651846070.520:71): avc:  denied  { siginh } for  pid=1276 comm="unix_chkpwd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:chkpwd_t:s0-s0:c0.c1023 tclass=process permissive=1
type=AVC msg=audit(1651846070.520:71): avc:  denied  { rlimitinh } for  pid=1276 comm="unix_chkpwd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:chkpwd_t:s0-s0:c0.c1023 tclass=process permissive=1
type=AVC msg=audit(1651846070.520:71): avc:  denied  { noatsecure } for  pid=1276 comm="sshd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:chkpwd_t:s0-s0:c0.c1023 tclass=process permissive=1
----
time->Fri May  6 22:07:50 2022
type=PROCTITLE msg=audit(1651846070.545:79): proctitle=737368643A2074657374205B707269765D
type=SYSCALL msg=audit(1651846070.545:79): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=7f75697fecd5 a2=80000 a3=0 items=0 ppid=739 pid=1274 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1651846070.545:79): avc:  denied  { open } for  pid=1274 comm="sshd" path="/etc/shadow" dev="dm-0" ino=34512556 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=1
type=AVC msg=audit(1651846070.545:79): avc:  denied  { read } for  pid=1274 comm="sshd" name="shadow" dev="dm-0" ino=34512556 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=1
----
time->Fri May  6 22:07:50 2022
type=PROCTITLE msg=audit(1651846070.545:80): proctitle=737368643A2074657374205B707269765D
type=SYSCALL msg=audit(1651846070.545:80): arch=c000003e syscall=262 success=yes exit=0 a0=3 a1=7f75697faf15 a2=7fff67f2c890 a3=1000 items=0 ppid=739 pid=1274 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1651846070.545:80): avc:  denied  { getattr } for  pid=1274 comm="sshd" path="/etc/shadow" dev="dm-0" ino=34512556 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=1
----
time->Fri May  6 22:07:50 2022
type=PROCTITLE msg=audit(1651846070.560:81): proctitle=2F7573722F6C69622F73797374656D642F73797374656D642D757365722D72756E74696D652D6469720073746172740031303030
type=SYSCALL msg=audit(1651846070.560:81): arch=c000003e syscall=54 success=yes exit=0 a0=3 a1=1 a2=21 a3=7ffe34aa7c24 items=0 ppid=1 pid=1279 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-user-ru" exe="/usr/lib/systemd/systemd-user-runtime-dir" subj=system_u:system_r:systemd_logind_t:s0 key=(null)
type=AVC msg=audit(1651846070.560:81): avc:  denied  { net_admin } for  pid=1279 comm="systemd-user-ru" capability=12  scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=capability permissive=1
----
time->Fri May  6 22:07:50 2022
type=PROCTITLE msg=audit(1651846070.583:83): proctitle=2F7573722F7362696E2F756E69785F63686B70776400746573740063686B657870697279
type=EXECVE msg=audit(1651846070.583:83): argc=3 a0="/usr/sbin/unix_chkpwd" a1="test" a2="chkexpiry"
type=SYSCALL msg=audit(1651846070.583:83): arch=c000003e syscall=59 success=yes exit=0 a0=7f34d2f8304a a1=7ffc3a524d00 a2=7f34d2f93060 a3=7ffc3a524cb0 items=0 ppid=1280 pid=1281 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=system_u:system_r:chkpwd_t:s0 key=(null)
type=AVC msg=audit(1651846070.583:83): avc:  denied  { siginh } for  pid=1281 comm="unix_chkpwd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:chkpwd_t:s0 tclass=process permissive=1
----
time->Fri May  6 22:07:50 2022
type=PROCTITLE msg=audit(1651846070.586:88): proctitle="(systemd)"
type=SYSCALL msg=audit(1651846070.586:88): arch=c000003e syscall=257 success=yes exit=7 a0=ffffff9c a1=7f34d3c7bcd5 a2=80000 a3=0 items=0 ppid=1 pid=1280 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
type=AVC msg=audit(1651846070.586:88): avc:  denied  { open } for  pid=1280 comm="(systemd)" path="/etc/shadow" dev="dm-0" ino=34512556 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=1
type=AVC msg=audit(1651846070.586:88): avc:  denied  { read } for  pid=1280 comm="(systemd)" name="shadow" dev="dm-0" ino=34512556 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=1
----
time->Fri May  6 22:07:50 2022
type=PROCTITLE msg=audit(1651846070.587:90): proctitle=2F7573722F6C69622F73797374656D642F73797374656D64002D2D75736572
type=EXECVE msg=audit(1651846070.587:90): argc=2 a0="/usr/lib/systemd/systemd" a1="--user"
type=SYSCALL msg=audit(1651846070.587:90): arch=c000003e syscall=59 success=yes exit=0 a0=55a2e85ee680 a1=55a2e85bfe20 a2=55a2e85bdde0 a3=7f34d3cb5aa0 items=0 ppid=1 pid=1280 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="systemd" exe="/usr/lib/systemd/systemd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1651846070.587:90): avc:  denied  { siginh } for  pid=1280 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=1
----
time->Fri May  6 22:07:51 2022
type=PROCTITLE msg=audit(1651846071.071:102): proctitle=2F7573722F62696E2F707974686F6E33002F7573722F73686172652F736574726F75626C6573686F6F742F536574726F75626C6573686F6F7450726976696C656765642E7079
type=EXECVE msg=audit(1651846071.071:102): argc=2 a0="/usr/bin/python3" a1="/usr/share/setroubleshoot/SetroubleshootPrivileged.py"
type=SYSCALL msg=audit(1651846071.071:102): arch=c000003e syscall=59 success=yes exit=0 a0=55a2e85f5b20 a1=55a2e85be230 a2=55a2e85b67b0 a3=1 items=0 ppid=1 pid=1323 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="SetroubleshootP" exe="/usr/bin/python3.9" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
type=AVC msg=audit(1651846071.071:102): avc:  denied  { siginh } for  pid=1323 comm="SetroubleshootP" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process permissive=1
----
time->Fri May  6 22:07:53 2022
type=PROCTITLE msg=audit(1651846073.857:103): proctitle=2F7573722F7362696E2F756E69785F63686B70776400726F6F74006E756C6C6F6B
type=EXECVE msg=audit(1651846073.857:103): argc=3 a0="/usr/sbin/unix_chkpwd" a1="root" a2="nullok"
type=SYSCALL msg=audit(1651846073.857:103): arch=c000003e syscall=59 success=yes exit=0 a0=7f85990a404a a1=7ffd516e1e70 a2=7f85990a8040 a3=7ffd516e1e20 items=0 ppid=1356 pid=1357 auid=1000 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=1 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=unconfined_u:unconfined_r:chkpwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1651846073.857:103): avc:  denied  { read write } for  pid=1357 comm="unix_chkpwd" path="/dev/pts/0" dev="devpts" ino=3 scontext=unconfined_u:unconfined_r:chkpwd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_devpts_t:s0 tclass=chr_file permissive=1
----
time->Fri May  6 22:09:34 2022
type=PROCTITLE msg=audit(1651846174.378:140): proctitle=2F7573722F62696E2F7368002F7573722F6C69622F4E6574776F726B4D616E616765722F646973706174636865722E642F30342D697363736900636E692D706F646D616E30007570
type=PATH msg=audit(1651846174.378:140): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=50504137 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(1651846174.378:140): item=0 name="/usr/bin/sh" inode=33693795 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1651846174.378:140): cwd="/"
type=EXECVE msg=audit(1651846174.378:140): argc=4 a0="/usr/bin/sh" a1="/usr/lib/NetworkManager/dispatcher.d/04-iscsi" a2="cni-podman0" a3="up"
type=SYSCALL msg=audit(1651846174.378:140): arch=c000003e syscall=59 success=yes exit=0 a0=7fab6c00fda0 a1=7fff5eeb6210 a2=56431d25ee10 a3=0 items=2 ppid=1534 pid=1542 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="04-iscsi" exe="/usr/bin/bash" subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1651846174.378:140): avc:  denied  { siginh } for  pid=1542 comm="04-iscsi" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846174.378:140): avc:  denied  { rlimitinh } for  pid=1542 comm="04-iscsi" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process permissive=1
type=AVC msg=audit(1651846174.378:140): avc:  denied  { noatsecure } for  pid=1542 comm="nm-dispatcher" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process permissive=1
----
time->Fri May  6 22:09:37 2022
type=PROCTITLE msg=audit(1651846177.213:147): proctitle=2F7573722F62696E2F707974686F6E33002F7573722F73686172652F736574726F75626C6573686F6F742F536574726F75626C6573686F6F7450726976696C656765642E7079
type=EXECVE msg=audit(1651846177.213:147): argc=2 a0="/usr/bin/python3" a1="/usr/share/setroubleshoot/SetroubleshootPrivileged.py"
type=SYSCALL msg=audit(1651846177.213:147): arch=c000003e syscall=59 success=yes exit=0 a0=55a2e836f480 a1=55a2e8399690 a2=55a2e839b440 a3=1 items=0 ppid=1 pid=1650 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="SetroubleshootP" exe="/usr/bin/python3.9" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
type=AVC msg=audit(1651846177.213:147): avc:  denied  { siginh } for  pid=1650 comm="SetroubleshootP" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process permissive=1

Comment 18 Giuseppe Scrivano 2022-05-06 16:09:21 UTC

these errors seem to explain the failure you've seen:

type=AVC msg=audit(1651846031.201:27): avc:  denied  { net_admin } for  pid=730 comm="dbus-broker-lau" capability=12  scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=capability permissive=1

type=AVC msg=audit(1651846070.560:81): avc:  denied  { net_admin } for  pid=1279 comm="systemd-user-ru" capability=12  scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=capability permissive=1

I've these two packages:

# rpm -q selinux-policy container-selinux
selinux-policy-34.1.30-2.el9.noarch
container-selinux-2.183.0-1.el9.noarch

Comment 19 mx 2022-05-07 07:21:34 UTC

the same packages as you:

[root@localhost ~]# rpm -q selinux-policy container-selinux
selinux-policy-34.1.30-2.el9.noarch
container-selinux-2.183.0-1.el9.noarch

Comment 20 mx 2022-05-07 07:46:29 UTC

it seem build-able now for all Dockerfiles with SELINUX=enforcing, after:

'''
ausearch -c 'dbus-broker-lau' --raw | audit2allow -M my-dbusbrokerlau
semodule -X 300 -i my-dbusbrokerlau.pp

ausearch -c 'systemd-user-ru' --raw | audit2allow -M my-systemduserru
semodule -X 300 -i my-systemduserru.pp
'''


[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# cat /etc/selinux/config  |grep ^SELINUX
SELINUX=enforcing
SELINUXTYPE=targeted

Comment 21 mx 2022-05-07 11:03:34 UTC

Supplementary information: 

The Selinux configuration commands(`ausearch` and `semodule` as the previous Comment) has been run, and can build. then no reboot, no any change, and the terminal is not closed. Dozens of minutes latter,it is un-build-able again, the same "Transport endpoint is not connected". This is confusing.

However, After re-run the selinux commands(ausearch and semodule) , it is build-able again.

Comment 22 Jindrich Novy 2022-05-09 06:55:20 UTC

Dan, does this require any container-selinux related changes? See comment #18

Comment 23 Giuseppe Scrivano 2022-07-25 09:25:19 UTC

It looks like something has overwritten the selinux profile again.  What services do you have running?

Comment 24 mx 2022-08-02 03:31:54 UTC

It is just tested in a fresh installed CentOS Stream 9 kvm virtual machine, without any custem services.

Good news: REHL9 or its down streams have not this issue. 

it is months after the previous test, this issue may have been solved now. (I don't have time to test it now)

Comment 25 Tom Sweeney 2022-08-02 14:43:09 UTC

As the issue is no longer reproducible with the latest versions for several months and the engineering team has not been able to replicate it, I'm closing this for now.  Please reopen or create a new BZ if the issue occurs again.

Comment 26 Red Hat Bugzilla 2023-09-15 01:50:45 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days