2042582 – F35 container does not work on RHEL-7/CentOS7 host (getaddrinfo)

Bug 2042582 - F35 container does not work on RHEL-7/CentOS7 host (getaddrinfo)

Summary: F35 container does not work on RHEL-7/CentOS7 host (getaddrinfo)

Keywords:
Status:	CLOSED CANTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	glibc
Sub Component:
Version:	35
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Carlos O'Donell
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-01-19 18:18 UTC by Honza Horak
Modified:	2022-01-19 18:31 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2022-01-19 18:31:26 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1908281	1	None	None	None	2022-01-19 18:31:25 UTC
Red Hat Bugzilla	1961206	1	high	CLOSED	Backport runc fix for faccessat2 handling	2023-09-15 01:06:42 UTC
Red Hat Bugzilla	2034209	1	unspecified	CLOSED	Seccomp rules break F35 container DNS resolution	2022-02-26 17:58:19 UTC

Description Honza Horak 2022-01-19 18:18:34 UTC

Description of problem:
Running F35 docker container with default settings on RHEL7.9/CentOS7 does not work in the most common use cases. It fails with the following error:

curl: (6) getaddrinfo() thread failed to start

Version-Release number of selected component (if applicable):
glibc-2.34-8.fc35.x86_64

How reproducible:
easily with F35 container and RHEL7/CentOS7 host

Steps to Reproduce:
1. yum install -y docker
2. service docker start
3. docker pull registry.fedoraproject.org/fedora:35

Actual results:
# docker run -ti --rm  registry.fedoraproject.org/fedora:35 bash -c 'curl "https://mirrors.fedoraproject.org"'
curl: (6) getaddrinfo() thread failed to start

Expected results:
# docker run -ti --rm  registry.fedoraproject.org/fedora:35 bash -c 'curl "https://mirrors.fedoraproject.org"'
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://mirrors.fedoraproject.org/publiclist/">here</a>.</p>
<hr>
<address>Apache Server at mirrors.fedoraproject.org Port 443</address>
</body></html>


Additional info:
* it works fine with podman on RHEL-8
* it also starts to work with "docker run --privileged..." option

Comment 1 Florian Weimer 2022-01-19 18:31:26 UTC

This is an issue with the container host.

I've linked a few relevant Red Hat Enterprise Linux 7 bugs. Most of them are CLOSED/WONTFIX unfortunately, and dealt with the earlier but similar faccessat2 issue. (In your case, you do not even get so far that the older issue impacts you.)

I believe there are third-party container engines that can run Fedora 35 images on Red Hat Enterprise Linux 7.

Note You need to log in before you can comment on or make changes to this bug.