RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Created attachment 1891284 [details]
Patch applied to fix the issue.

Description of problem:
For OpenStack upgrade from OSP16.2 to OSP17.1 we are planing to go to intermediate step where we run OSP17 containers on RHEL8.4 before doing Leapp to RHEL9. We don't expect all of the containers work as we will have OVS incompatibility and probably Libvirt incompatibility but most of the OSP containers are simple python applications. When testing PoC we hit issue with mysql_upgrade failing to connect with error:

FATAL ERROR: popen("'mysql' --no-defaults --help 2>&1 > /dev/null ", "r") failed

Version-Release number of selected component (if applicable):
We use container-tools module 3.0 but we can switch to plain container-tools on 8.4. But we need backports of seccomp.json changes used in https://access.redhat.com/errata/RHSA-2021:4154

How reproducible:
Running mysqld with mysql_upgrade command fails always.


To solve this we did dnf module switch to container-tools and got containers-common-1.3.1-5.module+el8.4.0+11990+22932769.x86_64

This still didn't solve the issue but after creating patch that updates seccomp.json from linked advisory we got everything working.


This is blocking issue for OSP16.2 to OSP17.1 upgrade.

Assigning to Dan for now, most likely will move elsewhere.

I am not really sure of the question, but if you exec into the container as root, then you have the full list of capabilities in the EFF set, so you can take advantage of them
In the case of the actual container process, it does not get the capabilities by default but needs to use a SETUID or SETFCAP file to get additional capabilities.

@dwalsh any update on this?

Looks like we would need o back port the fix from 8.5 to make this work.

This should definitely not block next release, since the issue is with rhel8.4

Moving target release to 8.8.0, the fix is not ready yet, nor on the near horizon.