[Podman] Re: Why can't I run a simple /bin/bash command from root on RHEL 8.5?

On Fri, Jan 28, 2022 at 5:18 PM Daniel Walsh <dwalsh(a)redhat.com&gt; wrote: On 1/28/22 16:52, Tom Sweeney wrote: > Saving the lives of countless bits by chopping the debug output down. > > This smells like it might be a conmon issue,  Peter Hunt, have > you run into this in the past? > > INFO[0000] Running conmon under slice machine.slice and unitName > libpod-conmon-c198a57f8fb8eebb2c8f391341fbb8bf0c02b84be2ee5b8b648e675adf07fb72.scope > INFO[0000] Got Conmon PID as 527872 > */bin/bash: error while loading shared libraries: libtinfo.so.6: > cannot change memory protections* > * > * > t > > > On 1/28/22 14:37, Peter Portante wrote: >> >> >> On Fri, Jan 28, 2022 at 11:30 AM Nalin Dahyabhai >> <nalin(a)redhat.com&gt; wrote: >> >> On Thu, Jan 27, 2022 at 12:17:52PM -0500, Peter Portante wrote: >> > We are struggling to understand why we can run rootless >> containers on RHEL >> > 8.5. >> > >> > Why can't I do the following (as described at [1]) as a >> non-root user: >> > >> > [pportant@intlab-006 ~]$ podman run --rm --name=myubi -it >> > registry.access.redhat.com/ubi8/ubi >> <http://registry.access.redhat.com/ubi8/ubi> /bin/bash >> > [pportant@intlab-006 ~]$ echo $? >> > 0 >> > >> > Shouldn't that start an interactive shell in the container? >> > >> > When I run as root I see: >> > >> > [root@intlab-006 ~]# podman run --rm --name=myubi -it >> > registry.access.redhat.com/ubi8/ubi >> <http://registry.access.redhat.com/ubi8/ubi> /bin/bash >> > [root@intlab-006 ~]# echo $? >> > 127 >> > >> > While on another RHEL 8.5 host it works just fine: >> > >> > [pportant@intlabproxy-002 ~]$ podman run --rm --name=myubi -it >> > registry.access.redhat.com/ubi8/ubi >> <http://registry.access.redhat.com/ubi8/ubi> /bin/bash >> > [root@a9ef24a2578b /]# >> > >> > Any help would be appreciated. >> >> What differences do you see between the two situations when >> you pass a >> --log-level=info, or --log-level=debug, to podman? >> >> >> *[root@intlab-006 ~]# podman --log-level=info run --rm >> --name=myubi -it registry.access.redhat.com/ubi8/ubi >> <http://registry.access.redhat.com/ubi8/ubi> /bin/bash >> *INFO[0000] podman filtering at log level info >> INFO[0000] Not using native diff for overlay, this may cause >> degraded performance for building images: kernel has >> CONFIG_OVERLAY_FS_REDIRECT_DIR enabled >> INFO[0000] Found CNI network podman (type=bridge) at >> /etc/cni/net.d/87-podman-bridge.conflist >> INFO[0000] Setting parallel job count to 97 >> INFO[0000] Got pod network &{Name:myubi Namespace:myubi >> ID:c198a57f8fb8eebb2c8f391341fbb8bf0c02b84be2ee5b8b648e675adf07fb72 >> NetNS:/run/netns/cni-e0647a42-5e73-d803-a59b-b6d7102a61d3 >> Networks:[{Name:podman Ifname:eth0}] >> RuntimeConfig:map[podman:{IP: MAC: PortMappings:[] >> Bandwidth:<nil> IpRanges:[]}] Aliases:map[]} >> INFO[0000] Adding pod myubi_myubi to CNI network "podman" >> (type=bridge) >> INFO[0000] Running conmon under slice machine.slice and unitName >> libpod-conmon-c198a57f8fb8eebb2c8f391341fbb8bf0c02b84be2ee5b8b648e675adf07fb72.scope >> INFO[0000] Got Conmon PID as 527872 >> */bin/bash: error while loading shared libraries: libtinfo.so.6: >> cannot change memory protections >> * >> SELinux labeling. restorecon -R -v $HOME/.lib/share/containers Did that, still no go. >> >> Nalin >> >> >> _______________________________________________ >> Podman mailing list --podman(a)lists.podman.io >> To unsubscribe send an email topodman-leave(a)lists.podman.io > > > > _______________________________________________ > Podman mailing list --podman(a)lists.podman.io > To unsubscribe send an email topodman-leave(a)lists.podman.io _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io