On Mon, Jan 31, 2022 at 10:53 AM Daniel Walsh <dwalsh@redhat.com> wrote:
On 1/28/22 17:43, Peter Portante wrote:


On Fri, Jan 28, 2022 at 5:18 PM Daniel Walsh <dwalsh@redhat.com> wrote:
On 1/28/22 16:52, Tom Sweeney wrote:
Saving the lives of countless bits by chopping the debug output down.

This smells like it might be a conmon issue,  Peter Hunt, have you run into this in the past?

INFO[0000] Running conmon under slice machine.slice and unitName libpod-conmon-c198a57f8fb8eebb2c8f391341fbb8bf0c02b84be2ee5b8b648e675adf07fb72.scope
INFO[0000] Got Conmon PID as 527872
/bin/bash: error while loading shared libraries: libtinfo.so.6: cannot change memory protections

t


On 1/28/22 14:37, Peter Portante wrote:


On Fri, Jan 28, 2022 at 11:30 AM Nalin Dahyabhai <nalin@redhat.com> wrote:
On Thu, Jan 27, 2022 at 12:17:52PM -0500, Peter Portante wrote:
> We are struggling to understand why we can run rootless containers on RHEL
> 8.5.
>
> Why can't I do the following (as described at [1]) as a non-root user:
>
> [pportant@intlab-006 ~]$ podman run --rm --name=myubi -it
> registry.access.redhat.com/ubi8/ubi /bin/bash
> [pportant@intlab-006 ~]$ echo $?
> 0
>
> Shouldn't that start an interactive shell in the container?
>
> When I run as root I see:
>
> [root@intlab-006 ~]# podman run --rm --name=myubi -it
> registry.access.redhat.com/ubi8/ubi /bin/bash
> [root@intlab-006 ~]# echo $?
> 127
>
> While on another RHEL 8.5 host it works just fine:
>
> [pportant@intlabproxy-002 ~]$ podman run --rm --name=myubi -it
> registry.access.redhat.com/ubi8/ubi /bin/bash
> [root@a9ef24a2578b /]#
>
> Any help would be appreciated.

What differences do you see between the two situations when you pass a
--log-level=info, or --log-level=debug, to podman?

[root@intlab-006 ~]# podman --log-level=info run --rm --name=myubi -it registry.access.redhat.com/ubi8/ubi /bin/bash
INFO[0000] podman filtering at log level info
INFO[0000] Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled
INFO[0000] Found CNI network podman (type=bridge) at /etc/cni/net.d/87-podman-bridge.conflist
INFO[0000] Setting parallel job count to 97
INFO[0000] Got pod network &{Name:myubi Namespace:myubi ID:c198a57f8fb8eebb2c8f391341fbb8bf0c02b84be2ee5b8b648e675adf07fb72 NetNS:/run/netns/cni-e0647a42-5e73-d803-a59b-b6d7102a61d3 Networks:[{Name:podman Ifname:eth0}] RuntimeConfig:map[podman:{IP: MAC: PortMappings:[] Bandwidth:<nil> IpRanges:[]}] Aliases:map[]}
INFO[0000] Adding pod myubi_myubi to CNI network "podman" (type=bridge)
INFO[0000] Running conmon under slice machine.slice and unitName libpod-conmon-c198a57f8fb8eebb2c8f391341fbb8bf0c02b84be2ee5b8b648e675adf07fb72.scope
INFO[0000] Got Conmon PID as 527872
/bin/bash: error while loading shared libraries: libtinfo.so.6: cannot change memory protections


SELinux labeling.

restorecon -R -v $HOME/.lib/share/containers


Did that, still no go.



Nalin


_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io



_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io


_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io

Does setenforce 0, make it work?


Thanks for all the help.  We don't know exactly what solved it.  A reboot of the offending node, intlab-006, seems to have made this work again.

It is likely pilot error of some sort on our part.  Please pardon all the time spent on this.

Sincerely,

-Peter