search

oracle / railcar

RailCar: Rust implementation of the Open Containers Initiative oci-runtime
Other
1.12k stars 101 forks source link

seccomp error: failed to add rule for 135 #38

Open alban opened 6 years ago

alban commented 6 years ago

I tried to run the OCI runtime validation tests and I've got this error:

$ sudo RUNTIME=/home/alban/git/railcar/railcar strace -f -s 512  validation/default.t
ERROR - seccomp error: 'failed to add rule for 135'
ERROR - stack backtrace:
   0:     0x560ff0b728f4 - backtrace::backtrace::libunwind::trace::hc45549482cbb1af4
                        at /home/alban/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.5/src/backtrace/libunwind.rs:53
                         - backtrace::backtrace::trace::h67495f0a5e257230
                        at /home/alban/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.5/src/backtrace/mod.rs:42
   1:     0x560ff0b6944c - backtrace::capture::Backtrace::new_unresolved::h7c0909f16975c7ed
                        at /home/alban/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.5/src/capture.rs:88
   2:     0x560ff0b6939e - backtrace::capture::Backtrace::new::h81d3fd7bfe948d65
                        at /home/alban/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.5/src/capture.rs:63
   3:     0x560ff0b511a2 - error_chain::make_backtrace::h31592abf2ad8bbb1
                        at /home/alban/.cargo/registry/src/github.com-1ecc6299db9ec823/error-chain-0.10.0/src/lib.rs:417
   4:     0x560ff0b5123f - <error_chain::State as core::default::Default>::default::h63520179be125c9a
                        at /home/alban/.cargo/registry/src/github.com-1ecc6299db9ec823/error-chain-0.10.0/src/lib.rs:504
   5:     0x560ff0a5712d - railcar::errors::Error::from_kind::h290f73054aec5f46
                        at /home/alban/git/railcar/<error_chain_processed macros>:52
   6:     0x560ff0a57567 - <railcar::errors::Error as core::convert::From<railcar::errors::ErrorKind>>::from::h04d5c4a374e144e8
                        at src/errors.rs:1
   7:     0x560ff0a58f77 - <T as core::convert::Into<U>>::into::hf93b14da50587807
                        at /builddir/build/BUILD/rustc-1.24.0-src/src/libcore/convert.rs:415
   8:     0x560ff0a6560a - railcar::seccomp::rule_add::h2580de477e336deb
                        at src/seccomp.rs:60
   9:     0x560ff0a66513 - railcar::seccomp::initialize_seccomp::h38e6ce8b17066776
                        at src/seccomp.rs:122
  10:     0x560ff0b20ca2 - railcar::run_container::h8f0d4093dbd38995
                        at src/main.rs:1311
  11:     0x560ff0b1c8d4 - railcar::safe_run_container::hd3d1aa7d25f8c9f8
                        at src/main.rs:1031
  12:     0x560ff0b0eef0 - railcar::finish_create::hde9faab9ba7307d4
                        at src/main.rs:618
  13:     0x560ff0b0cac5 - railcar::cmd_create::h54fdb4e81f5af2d0
                        at src/main.rs:533
  14:     0x560ff0b09fcd - railcar::run::ha775d7656c587058
                        at src/main.rs:410
  15:     0x560ff0b07a95 - railcar::main::h84535c10a40345aa
                        at src/main.rs:202
  16:     0x560ff0aa6fe1 - std::rt::lang_start::{{closure}}::h6f7b7051cc182dc6
                        at /builddir/build/BUILD/rustc-1.24.0-src/src/libstd/rt.rs:74
  17:     0x560ff0f623d7 - std::panicking::try::do_call::h2b4dea630c5a266b
  18:     0x560ff0f7bd4e - __rust_maybe_catch_panic
  19:     0x560ff0f67516 - std::rt::lang_start_internal::h59d916208fcf906e
  20:     0x560ff0aa6fc1 - std::rt::lang_start::h241bc6a443750730
                        at /builddir/build/BUILD/rustc-1.24.0-src/src/libstd/rt.rs:74
  21:     0x560ff0b2da0d - main
  22:     0x7f261c7fc009 - <unknown>
  23:     0x560ff0a1cc09 - _start
  24:                0x0 - <unknown>

(the error was not directly printed, I recovered it from the strace output)

vishvananda commented 6 years ago

thanks for reporting this. I will take a look

drahnr commented 6 years ago

@alban which platform are you using and how did you manage to build the runtime validation tools? I tried to have a quick look but go stuck with https://github.com/opencontainers/runtime-tools/issues/661 ( I am not a golang native though).

alban commented 6 years ago

@drahnr I have Fedora 27 and Go 1.10.1.

Have you tried removing GOROOT?

drahnr commented 6 years ago

@alban ~yes I did, no change~ figured it out, got the binary to work and now trying to reproduce

drahnr commented 6 years ago

sudo RUNTIME=/home/bernhard/.cargo/bin/railcar strace -f -s 512 ./validation/default/default.t > railcar-default.log wher my SELinux policy is enforcing and all bin

This is my output which has exit code 0.

railcar-default.tar.gz