search

containers / podman

Podman: A tool for managing OCI containers and pods.
https://podman.io
Apache License 2.0
23.79k stars 2.42k forks source link

failed to write to /proc/self/oom_score_adj: Access Denied #20805

Closed edgarjoao closed 11 months ago

edgarjoao commented 11 months ago

Issue Description

Hi team, I just wanted to try podman in Fedora, the error is at the time to start the container.

Client: Podman Engine Version: 4.7.2 API Version: 4.7.2 Go Version: go1.21.1 Built: Tue Oct 31 08:32:01 2023 OS/Arch: linux/amd64

NAME="Fedora Linux" VERSION="39 (Server Edition)" ID=fedora VERSION_ID=39 VERSION_CODENAME="" PLATFORM_ID="platform:f39" PRETTY_NAME="Fedora Linux 39 (Server Edition)" ANSI_COLOR="0;38;2;60;110;180" LOGO=fedora-logo-icon CPE_NAME="cpe:/o:fedoraproject:fedora:39" HOME_URL="https://fedoraproject.org/" DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f39/system-administrators-guide/" SUPPORT_URL="https://ask.fedoraproject.org/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Fedora" REDHAT_BUGZILLA_PRODUCT_VERSION=39 REDHAT_SUPPORT_PRODUCT="Fedora" REDHAT_SUPPORT_PRODUCT_VERSION=39 SUPPORT_END=2024-05-14 VARIANT="Server Edition" VARIANT_ID=server

Edgar

Steps to reproduce the issue

Steps to reproduce the issue

  1. podman pull postgres:15.5
  2. podman run --name postgres -p 5432:5432 -e POSTGRES_PASSWORD=postgres -d postgres:15.5
  3. podman start d2bfc4104eef --log-level=debug

Describe the results you received

[conmon:d]: failed to write to /proc/self/oom_score_adj: Access denied

Describe the results you expected

i'm expecting to see my container up and running. podman ps

podman info output

If you are unable to run podman info for any reason, please provide the podman version, operating system and its version and the architecture you are running.INFO[0000] podman filtering at log level debug          
DEBU[0000] Called start.PersistentPreRunE(podman start d2bfc4104eef --log-level=debug) 
DEBU[0000] Using conmon: "/usr/bin/conmon"              
DEBU[0000] Initializing boltdb state at /home/edgar/.local/share/containers/storage/libpod/bolt_state.db 
DEBU[0000] systemd-logind: Unknown object '/'.          
DEBU[0000] Using graph driver overlay                   
DEBU[0000] Using graph root /home/edgar/.local/share/containers/storage 
DEBU[0000] Using run root /run/user/1001/containers     
DEBU[0000] Using static dir /home/edgar/.local/share/containers/storage/libpod 
DEBU[0000] Using tmp dir /run/user/1001/libpod/tmp      
DEBU[0000] Using volume path /home/edgar/.local/share/containers/storage/volumes 
DEBU[0000] Using transient store: false                 
DEBU[0000] [graphdriver] trying provided driver "overlay" 
DEBU[0000] Cached value indicated that overlay is supported 
DEBU[0000] Cached value indicated that overlay is supported 
DEBU[0000] Cached value indicated that metacopy is not being used 
DEBU[0000] Cached value indicated that native-diff is usable 
DEBU[0000] backingFs=xfs, projectQuotaSupported=false, useNativeDiff=true, usingMetacopy=false 
DEBU[0000] Initializing event backend journald          
DEBU[0000] Configured OCI runtime kata initialization failed: no valid executable found for OCI runtime kata: invalid argument 
DEBU[0000] Configured OCI runtime runsc initialization failed: no valid executable found for OCI runtime runsc: invalid argument 
DEBU[0000] Configured OCI runtime ocijail initialization failed: no valid executable found for OCI runtime ocijail: invalid argument 
DEBU[0000] Configured OCI runtime crun-wasm initialization failed: no valid executable found for OCI runtime crun-wasm: invalid argument 
DEBU[0000] Configured OCI runtime runc initialization failed: no valid executable found for OCI runtime runc: invalid argument 
DEBU[0000] Configured OCI runtime runj initialization failed: no valid executable found for OCI runtime runj: invalid argument 
DEBU[0000] Configured OCI runtime youki initialization failed: no valid executable found for OCI runtime youki: invalid argument 
DEBU[0000] Configured OCI runtime krun initialization failed: no valid executable found for OCI runtime krun: invalid argument 
DEBU[0000] Using OCI runtime "/usr/bin/crun"            
INFO[0000] Setting parallel job count to 4              
DEBU[0000] Check for idmapped mounts support create mapped mount: operation not permitted 
DEBU[0000] Made network namespace at /run/user/1001/netns/netns-7df1d384-753c-9373-d4cf-e38150a9f424 for container d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce 
DEBU[0000] slirp4netns command: /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp --enable-ipv6 -c -r 3 -e 4 --netns-type=path /run/user/1001/netns/netns-7df1d384-753c-9373-d4cf-e38150a9f424 tap0 
DEBU[0000] overlay: mount_data=lowerdir=/home/edgar/.local/share/containers/storage/overlay/l/IOF6GCMOY5IW5AT7DFY5J24FDE:/home/edgar/.local/share/containers/storage/overlay/l/VQLZZFK27UN2QZOC35UZLNAIDX:/home/edgar/.local/share/containers/storage/overlay/l/XKS4IKVC4OXGXH3M5NA2Y3NG6L:/home/edgar/.local/share/containers/storage/overlay/l/3XQUY6256MYCXJIKAMJS2BDCHI:/home/edgar/.local/share/containers/storage/overlay/l/XJWOUFKP73HI3YTIE6NIUGT2B3:/home/edgar/.local/share/containers/storage/overlay/l/3KTMBQZVLULANJGCGWRA2E3YMK:/home/edgar/.local/share/containers/storage/overlay/l/RV5R5EFGFUTZV3SAZ5OCHGJ5D6:/home/edgar/.local/share/containers/storage/overlay/l/KY3S7NP4YHE4DCWKM5J7LUTLK4:/home/edgar/.local/share/containers/storage/overlay/l/O254CHKK5D5ALTCFBE5HOJQUAU:/home/edgar/.local/share/containers/storage/overlay/l/4NCHNKTWY5RCTTMOSQAM2XHSKY:/home/edgar/.local/share/containers/storage/overlay/l/R7LFVA5EO3K52ECBXMHS2QE6XH:/home/edgar/.local/share/containers/storage/overlay/l/TNTHRY73NLPSTBSKKLDH5LFNFD:/home/edgar/.local/share/containers/storage/overlay/l/VOXBZVP3VGFU4J62MMZFSEUA4Y,upperdir=/home/edgar/.local/share/containers/storage/overlay/818150fd809eea1c1124e498c464a7c8c61798a3b1abf8f80e8e4d9ab33792a5/diff,workdir=/home/edgar/.local/share/containers/storage/overlay/818150fd809eea1c1124e498c464a7c8c61798a3b1abf8f80e8e4d9ab33792a5/work,,userxattr,context="system_u:object_r:container_file_t:s0:c289,c959" 
DEBU[0000] Mounted container "d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce" at "/home/edgar/.local/share/containers/storage/overlay/818150fd809eea1c1124e498c464a7c8c61798a3b1abf8f80e8e4d9ab33792a5/merged" 
DEBU[0000] rootlessport: time="2023-11-27T20:17:23-06:00" level=info msg="Starting parent driver" 
DEBU[0000] rootlessport: time="2023-11-27T20:17:23-06:00" level=info msg="opaque=map[builtin.readypipepath:/run/user/1001/libpod/tmp/rootlessport3857958712/.bp-ready.pipe builtin.socketpath:/run/user/1001/libpod/tmp/rootlessport3857958712/.bp.sock]" 
DEBU[0000] rootlessport: time="2023-11-27T20:17:23-06:00" level=info msg="Starting child driver in child netns (\"/proc/self/exe\" [rootlessport-child])" 
DEBU[0000] rootlessport: time="2023-11-27T20:17:23-06:00" level=info msg="Waiting for initComplete" 
DEBU[0000] rootlessport: time="2023-11-27T20:17:23-06:00" level=info msg="initComplete is closed; parent and child established the communication channel"
time="2023-11-27T20:17:23-06:00" level=info msg="Exposing ports [{ 5432 5432 1 tcp}]" 
DEBU[0000] rootlessport: time="2023-11-27T20:17:23-06:00" level=info msg=Ready 
DEBU[0000] rootlessport is ready                        
DEBU[0000] Going to mount named volume 8272bfaa5cfb10d23239a323020254a9a84bfd198855d22d6e4b4b872f695cfd 
DEBU[0000] Copying up contents from container d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce to volume 8272bfaa5cfb10d23239a323020254a9a84bfd198855d22d6e4b4b872f695cfd 
DEBU[0000] Created root filesystem for container d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce at /home/edgar/.local/share/containers/storage/overlay/818150fd809eea1c1124e498c464a7c8c61798a3b1abf8f80e8e4d9ab33792a5/merged 
DEBU[0000] /etc/system-fips does not exist on host, not mounting FIPS mode subscription 
DEBU[0000] Setting Cgroups for container d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce to user.slice:libpod:d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce 
DEBU[0000] reading hooks from /usr/share/containers/oci/hooks.d 
DEBU[0000] Workdir "/" resolved to host path "/home/edgar/.local/share/containers/storage/overlay/818150fd809eea1c1124e498c464a7c8c61798a3b1abf8f80e8e4d9ab33792a5/merged" 
DEBU[0000] Created OCI spec for container d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce at /home/edgar/.local/share/containers/storage/overlay-containers/d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce/userdata/config.json 
DEBU[0000] /usr/bin/conmon messages will be logged to syslog 
DEBU[0000] running conmon: /usr/bin/conmon               args="[--api-version 1 -c d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce -u d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce -r /usr/bin/crun -b /home/edgar/.local/share/containers/storage/overlay-containers/d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce/userdata -p /run/user/1001/containers/overlay-containers/d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce/userdata/pidfile -n postgres --exit-dir /run/user/1001/libpod/tmp/exits --full-attach -s -l journald --log-level debug --syslog --conmon-pidfile /run/user/1001/containers/overlay-containers/d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce/userdata/conmon.pid --exit-command /usr/bin/podman --exit-command-arg --root --exit-command-arg /home/edgar/.local/share/containers/storage --exit-command-arg --runroot --exit-command-arg /run/user/1001/containers --exit-command-arg --log-level --exit-command-arg debug --exit-command-arg --cgroup-manager --exit-command-arg systemd --exit-command-arg --tmpdir --exit-command-arg /run/user/1001/libpod/tmp --exit-command-arg --network-config-dir --exit-command-arg  --exit-command-arg --network-backend --exit-command-arg netavark --exit-command-arg --volumepath --exit-command-arg /home/edgar/.local/share/containers/storage/volumes --exit-command-arg --db-backend --exit-command-arg boltdb --exit-command-arg --transient-store=false --exit-command-arg --runtime --exit-command-arg crun --exit-command-arg --storage-driver --exit-command-arg overlay --exit-command-arg --events-backend --exit-command-arg journald --exit-command-arg --syslog --exit-command-arg container --exit-command-arg cleanup --exit-command-arg d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce]"
INFO[0000] Running conmon under slice user.slice and unitName libpod-conmon-d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce.scope 
[conmon:d]: failed to write to /proc/self/oom_score_adj: Permiso denegado

DEBU[0000] Received: 2303                               
INFO[0000] Got Conmon PID as 2301                       
DEBU[0000] Created container d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce in OCI runtime 
DEBU[0000] found local resolver, using "/run/systemd/resolve/resolv.conf" to get the nameservers 
DEBU[0000] Starting container d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce with command [docker-entrypoint.sh postgres] 
DEBU[0000] Started container d2bfc4104eef77005e41d24b3b3c61f97d927eef6ba49238fc4ee2f7d513b4ce 
DEBU[0000] Notify sent successfully                     
d2bfc4104eef
DEBU[0000] Called start.PersistentPostRunE(podman start d2bfc4104eef --log-level=debug) 
DEBU[0000] Shutting down engines

Podman in a container

No

Privileged Or Rootless

None

Upstream Latest Release

Yes

Additional environment details

VM with Fedora Server

Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting

BlackHole1 commented 11 months ago

Related issue: https://github.com/containers/podman/issues/3024. You can try the solution mentioned in #3024.

giuseppe commented 11 months ago

closing as a duplicate of #3024.

Either upgrade Podman, or downgrade crun (this is a workaround, because crun was ignoring oom_score_adj set to 0)

edgarjoao commented 11 months ago

Hi @giuseppe I'm using crun version 1.11.2 and podman 4.7.2, What would be the crun version best fit for podman I have installed?

edgarjoao commented 11 months ago

I just downgraded crun to version 1.9 still getting same error.

edgarjoao commented 11 months ago

Hi there, As soon I installed Docker I was able to run podman, is this something to considere in a future installations?