[Podman] Re: clock_gettime(CLOCK_MONOTONIC, _) failed: Operation not permitted (1)

On 2/1/21 03:48, Laurent Meunier wrote: > On 30/01/2021 14:00, Daniel Walsh wrote: >> On 1/29/21 11:40, Laurent Meunier wrote: >>> And the command to run the same image with podman: >>> $ podman run -it --rm --entrypoint /usr/local/sbin/ejabberdctl \ >>>          ejabberd:armv7-21.01 foreground >>> clock_gettime(CLOCK_MONOTONIC, _) failed: Operation not permitted (1) >>> Aborted >>> >>> I think this is related to the host architecture (armv7 / raspberry >>> pi 3 / raspbian) as I can't reproduce it on amd64. >> >> Check seccomp or SELinux. >> >> >> Look into /var/log/audit/audit.log to see if there are any messages >> about them in there. > > Hi Daniel, > > Thanks for your reply, but SELinux is not installed on my rpi3 and the > audit.log file is not present. > > I think this error is related to the musl upgrade to 1.2 coming with > Alpine 3.13 (see: > https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.13.0#musl_1.2). > > With Alpine 3.12 as my base image, I can't reproduce the error and the > application starts fine. I'll stay with Alpine 3.12 in the meantime. > > That being said, I still don't understand why buildah is working fine > with Alpine 3.13 but podman not. > > Best regards. Try running podman with `--security-opt seccomp=unconfined`. This will tell you whether this is a seccomp issue or not.  Not sure if Buildah is loading seccomp policy.