I was running into an issue today while setting up a container on Rocky Linux. Basically, the image would fail ~50 seconds after being started with exit code 139 and an otherwise unhelpful log.
docker inspect <cointainer_id>
Also showed codes 139 and 137.
I tried a couple of things to get it working again with no success, until I suspected that SELinux maybe was killing the process for whatever reason.
SELinux is preventing /android/sdk/emulator/qemu/linux-x86_64/qemu-system-i386-headless from using the execheap access on a process.
***** Plugin allow_execheap (53.1 confidence) suggests ********************
If you do not think /android/sdk/emulator/qemu/linux-x86_64/qemu-system-i386-headless should need to map heap memory that is both writable and executable.
Then you need to report a bug. This is a potentially dangerous access.
Do
contact your security administrator and report this issue.
***** Plugin catchall_boolean (42.6 confidence) suggests ******************
If you want to allow selinuxuser to execheap
Then you must tell SELinux about this by enabling the 'selinuxuser_execheap' boolean.
Do
setsebool -P selinuxuser_execheap 1
***** Plugin catchall (5.76 confidence) suggests **************************
If you believe that qemu-system-i386-headless should be allowed execheap access on processes labeled spc_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'qemu-system-i38' --raw | audit2allow -M my-qemusystemi38
# semodule -X 300 -i my-qemusystemi38.pp
I'm not holding my breath for a fix that removes the need for execheap access, so I opted for the second suggestion given by SELinux (local policy module) and now the container seems to be working and adb connects without error.
This wasn't really an obvious one to me, and adding a note to TROUBLESHOOTING.md might save some people from going to forums or losing time chasing the problem down.
Hi folks,
I was running into an issue today while setting up a container on Rocky Linux. Basically, the image would fail ~50 seconds after being started with exit code 139 and an otherwise unhelpful log.
Also showed codes 139 and 137.
I tried a couple of things to get it working again with no success, until I suspected that SELinux maybe was killing the process for whatever reason.
A combination of
and
Showed
I'm not holding my breath for a fix that removes the need for execheap access, so I opted for the second suggestion given by SELinux (local policy module) and now the container seems to be working and adb connects without error.
This wasn't really an obvious one to me, and adding a note to TROUBLESHOOTING.md might save some people from going to forums or losing time chasing the problem down.