[Podman] Re: clock_gettime(CLOCK_MONOTONIC, _) failed: Operation not permitted (1)

On 01/02/2021 20:45, Daniel Walsh wrote: > On 2/1/21 03:48, Laurent Meunier wrote: >> On 30/01/2021 14:00, Daniel Walsh wrote: >>> On 1/29/21 11:40, Laurent Meunier wrote: >>>> And the command to run the same image with podman: >>>> $ podman run -it --rm --entrypoint /usr/local/sbin/ejabberdctl \ >>>>          ejabberd:armv7-21.01 foreground >>>> clock_gettime(CLOCK_MONOTONIC, _) failed: Operation not permitted (1) >>>> Aborted >>>> >>>> I think this is related to the host architecture (armv7 / >>>> raspberry pi 3 / raspbian) as I can't reproduce it on amd64. >>> >>> Check seccomp or SELinux. >>> >>> >>> Look into /var/log/audit/audit.log to see if there are any messages >>> about them in there. >> >> Hi Daniel, >> >> Thanks for your reply, but SELinux is not installed on my rpi3 and >> the audit.log file is not present. >> >> I think this error is related to the musl upgrade to 1.2 coming with >> Alpine 3.13 (see: >> https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.13.0#musl_1.2). >> >> With Alpine 3.12 as my base image, I can't reproduce the error and >> the application starts fine. I'll stay with Alpine 3.12 in the >> meantime. >> >> That being said, I still don't understand why buildah is working >> fine with Alpine 3.13 but podman not. >> >> Best regards. > > Try running podman with `--security-opt seccomp=unconfined`. This > will tell you whether this is a seccomp issue or not.  Not sure if > Buildah is loading seccomp policy. I confirm that running podman with `--security-opt seccomp=unconfined` fix my issue. The container starts without errors and the application works as expected with Alpine 3.13 _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io