https://bugzilla.redhat.com/show_bug.cgi?id=1096276
Bug ID: 1096276
Summary: signal 27 (SIGPROF) not passed to container using
--sig-proxy
Product: Red Hat Enterprise Linux 7
Version: 7.1
Component: docker
Assignee: lsm5(a)redhat.com
Reporter: ldoktor(a)redhat.com
QA Contact: virt-bugs(a)redhat.com
CC: admiller(a)redhat.com, golang(a)lists.fedoraproject.org,
lsm5(a)redhat.com, mattdm(a)redhat.com,
mgoldman(a)redhat.com, skottler(a)redhat.com,
vbatts(a)redhat.com
Depends On: 1087720
+++ This bug was initially created as a clone of Bug #1087720 +++
Description of problem:
When I send signal 27 to the docker process, which is running with
--sig-proxy=true, it's not forwarded. Other signals are...
Version-Release number of selected component (if applicable):
docker-0.10.0-8.el7.x86_64
docker-io-0.9.1-1.fc21.x86_64
upstream Docker version 0.10.0, build dc9c28f/0.10.0
How reproducible:
always
Steps to Reproduce:
1. /usr/bin/docker -D run --tty=false --rm -i --name test_eoly
localhost:5000/ldoktor/fedora:latest bash -c 'for NUM in `seq 1 64`; do trap
"echo Received $NUM, ignoring..." $NUM; done; while :; do sleep 1; done'
2. ps ax |grep docker
3. kill -27 $PID
Actual results:
nothing
Expected results:
Received 27, ignoring...
Additional info:
When you send any other signal (apart from 19 or 9) it works fine.
--- Additional comment from Lukas Doktor on 2014-04-15 04:59:24 EDT ---
The signal 17 is also ignored.
--- Additional comment from Lukas Doktor on 2014-05-05 03:48:25 EDT ---
The same bug is in upstream Docker version 0.10.0, build dc9c28f/0.10.0
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1087720
[Bug 1087720] signal 27 (SIGPROF) not passed to container using --sig-proxy
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1217613
Bug ID: 1217613
Summary: Cannot start container [8] System error: mountpoint
for cpuset not found
Product: Fedora
Version: 21
Component: docker-io
Assignee: ichavero(a)redhat.com
Reporter: jiri.folta(a)centrum.cz
QA Contact: extras-qa(a)fedoraproject.org
CC: adimania(a)gmail.com, admiller(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
ichavero(a)redhat.com, jchaloup(a)redhat.com,
jperrin(a)centos.org, lsm5(a)redhat.com,
mattdm(a)redhat.com, mgoldman(a)redhat.com,
miminar(a)redhat.com, s(a)shk.io, thrcka(a)redhat.com,
vbatts(a)redhat.com
Created attachment 1020711
--> https://bugzilla.redhat.com/attachment.cgi?id=1020711&action=edit
screenshot of the error
Description of problem:
when trying to run a container using Cockpit I get "System error: mountpoint
for cpuset not found" error
Version-Release number of selected component (if applicable):
cockpit:
Version 0.27.
Built on Wed Mar 25 12:53:20 UTC 2015.
How reproducible:
allways
Steps to Reproduce:
1.Install minimal Fedora 21 for arm platform from
http://www.digitaldreamtime.co.uk/images/Fidora/21/
2.update the system
3.install cockpit and docker
4.login to the server using web interface https://ip:9090
5.download Image: docker.io/wordpress:latest
6. try running the image
Actual results:
you get an error message(attached)
Expected results:
actually running the image
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1174354
Bug ID: 1174354
Summary: Missing Requires: cadvisor
Product: Fedora
Version: 21
Component: kubernetes
Assignee: jchaloup(a)redhat.com
Reporter: tstclair(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eparis(a)redhat.com, golang(a)lists.fedoraproject.org,
jchaloup(a)redhat.com, lsm5(a)redhat.com,
nhorman(a)redhat.com, vbatts(a)redhat.com
Description of problem:
k8's has a missing run-time dependency on cadvisor that is not installed when
k8's is installed.
Version-Release number of selected component (if applicable):
0.6-4.0.git993ef88.fc21
How reproducible:
100%
Steps to Reproduce:
1. yum install kubernetes
2. check installation list
Actual results:
no cadvisor
Expected results:
install cadvisor
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1135152
Bug ID: 1135152
Summary: user: Current not implemented on linux/amd64
Product: Fedora
Version: 20
Component: golang
Assignee: vbatts(a)redhat.com
Reporter: adam(a)spicenitz.org
QA Contact: extras-qa(a)fedoraproject.org
CC: admiller(a)redhat.com, golang(a)lists.fedoraproject.org,
lemenkov(a)gmail.com, lsm5(a)fedoraproject.org,
renich(a)woralelandia.com, s(a)shk.io, vbatts(a)redhat.com
Description of problem:
golang seems to be using some cross-compiled components which are causing
problems. Specifically, Fedora has exactly the problem described here:
http://stackoverflow.com/questions/20609415/cross-compiling-user-current-no…
Here is the sample code from that page:
package main
import (
"fmt"
"os/user"
)
func main() {
fmt.Println(user.Current())
}
You can build the sample code and see the problem directly:
$ go build ./current.go
$ ./current
<nil> user: Current not implemented on linux/amd64
Version-Release number of selected component (if applicable):
golang-1.2.2-22.fc20.x86_64
How reproducible:
Always
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1206751
Bug ID: 1206751
Summary: Docker with overlay cannot run bash(prevented by
SELinx)
Product: Fedora
Version: 21
Component: docker-io
Severity: high
Assignee: ichavero(a)redhat.com
Reporter: robberphex(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: adimania(a)gmail.com, admiller(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
ichavero(a)redhat.com, jchaloup(a)redhat.com,
jperrin(a)centos.org, lsm5(a)redhat.com,
mattdm(a)redhat.com, mgoldman(a)redhat.com,
miminar(a)redhat.com, s(a)shk.io, thrcka(a)redhat.com,
vbatts(a)redhat.com
Description of problem:
the container cannot read .so file in overlay, and cannot relabel the file
system.
How reproducible:
Steps to Reproduce:
1. Add "DOCKER_STORAGE_OPTIONS= --storage-driver=overlay" to
/etc/sysconfig/docker-storage, and restart docker service.
2. repull the image(in my case, pull debian:jessie)
3. Run container(sudo docker run -it debian:jessie /bin/bash)
Actual results:
/bin/bash: error while loading shared libraries: libncurses.so.5: cannot open
shared object file: No such file or directory
(preventing by SELinx)
Expected results:
bash prompt in container
Additional info:
There is 4 SeLinux Alert:
----1----
SELinux is preventing docker from mount access on the filesystem /.
***** Plugin file (47.5 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
***** Plugin file (47.5 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
***** Plugin catchall (6.38 confidence) suggests **************************
If you believe that docker should be allowed mount access on the filesystem by
default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep docker /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:docker_t:s0
Target Context system_u:object_r:unlabeled_t:s0
Target Objects / [ filesystem ]
Source docker
Source Path docker
Port <Unknown>
Host rp.fedora
Source RPM Packages
Target RPM Packages filesystem-3.2-28.fc21.x86_64
Policy RPM selinux-policy-3.13.1-105.6.fc21.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name rp.fedora
Platform Linux rp.fedora 3.19.1-201.fc21.x86_64 #1 SMP Wed
Mar 18 04:29:24 UTC 2015 x86_64 x86_64
Alert Count 1
First Seen 2015-03-28 09:08:17 CST
Last Seen 2015-03-28 09:08:17 CST
Local ID fcd44130-63b9-4680-9975-4dc6a416b566
Raw Audit Messages
type=AVC msg=audit(1427504897.987:739): avc: denied { mount } for pid=1337
comm="docker" name="/" dev="overlay" ino=65132
scontext=system_u:system_r:docker_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
Hash: docker,docker_t,unlabeled_t,filesystem,mount
----2----
SELinux is preventing docker from unmount access on the filesystem .
***** Plugin file (47.5 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
***** Plugin file (47.5 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
***** Plugin catchall (6.38 confidence) suggests **************************
If you believe that docker should be allowed unmount access on the filesystem
by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep docker /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:docker_t:s0
Target Context system_u:object_r:unlabeled_t:s0
Target Objects [ filesystem ]
Source docker
Source Path docker
Port <Unknown>
Host rp.fedora
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-105.6.fc21.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name rp.fedora
Platform Linux rp.fedora 3.19.1-201.fc21.x86_64 #1 SMP Wed
Mar 18 04:29:24 UTC 2015 x86_64 x86_64
Alert Count 1
First Seen 2015-03-28 09:08:17 CST
Last Seen 2015-03-28 09:08:17 CST
Local ID c4a57cd0-ae92-4521-ad81-40a5e30a5627
Raw Audit Messages
type=AVC msg=audit(1427504897.990:740): avc: denied { unmount } for pid=1337
comm="docker" scontext=system_u:system_r:docker_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
Hash: docker,docker_t,unlabeled_t,filesystem,unmount
----3----
SELinux is preventing docker from relabelfrom access on the filesystem .
***** Plugin file (47.5 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
***** Plugin file (47.5 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
***** Plugin catchall (6.38 confidence) suggests **************************
If you believe that docker should be allowed relabelfrom access on the
filesystem by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep docker /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:docker_t:s0
Target Context system_u:object_r:unlabeled_t:s0
Target Objects [ filesystem ]
Source docker
Source Path docker
Port <Unknown>
Host rp.fedora
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-105.6.fc21.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name rp.fedora
Platform Linux rp.fedora 3.19.1-201.fc21.x86_64 #1 SMP Wed
Mar 18 04:29:24 UTC 2015 x86_64 x86_64
Alert Count 1
First Seen 2015-03-28 09:08:17 CST
Last Seen 2015-03-28 09:08:17 CST
Local ID ad86497a-be89-4611-8686-7aa67e73f523
Raw Audit Messages
type=AVC msg=audit(1427504897.998:741): avc: denied { relabelfrom } for
pid=1337 comm="docker" scontext=system_u:system_r:docker_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
Hash: docker,docker_t,unlabeled_t,filesystem,relabelfrom
----4----
SELinux is preventing bash from read access on the file
/var/lib/docker/overlay/1cbc0c1b2084b5f3c8fdc283032c124f6fb461242cc5b82fb183095a414869b9/root/lib/x86_64-linux-gnu/libncurses.so.5.9.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that bash should be allowed read access on the libncurses.so.5.9
file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep bash /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:svirt_lxc_net_t:s0:c156,c1000
Target Context system_u:object_r:docker_var_lib_t:s0
Target Objects
/var/lib/docker/overlay/1cbc0c1b2084b5f3c8fdc28303
2c124f6fb461242cc5b82fb183095a414869b9/root/lib/x8
6_64-linux-gnu/libncurses.so.5.9 [ file ]
Source bash
Source Path bash
Port <Unknown>
Host rp.fedora
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-105.6.fc21.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name rp.fedora
Platform Linux rp.fedora 3.19.1-201.fc21.x86_64 #1 SMP Wed
Mar 18 04:29:24 UTC 2015 x86_64 x86_64
Alert Count 1
First Seen 2015-03-28 09:08:18 CST
Last Seen 2015-03-28 09:08:18 CST
Local ID 2a5fbf0f-dc4e-489b-a9ca-2541bb55209e
Raw Audit Messages
type=AVC msg=audit(1427504898.269:754): avc: denied { read } for pid=10156
comm="bash" name="libncurses.so.5.9" dev="dm-0" ino=2100260
scontext=system_u:system_r:svirt_lxc_net_t:s0:c156,c1000
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file permissive=0
Hash: bash,svirt_lxc_net_t,docker_var_lib_t,file,read
----end----
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1195525
Bug ID: 1195525
Summary: Docker socket permissions prevent Cockpit integration
Product: Fedora
Version: 21
Component: docker-io
Severity: medium
Assignee: lsm5(a)redhat.com
Reporter: Benjamin(a)BGRoberts.id.au
QA Contact: extras-qa(a)fedoraproject.org
CC: adimania(a)gmail.com, admiller(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
jchaloup(a)redhat.com, jperrin(a)centos.org,
lsm5(a)redhat.com, mattdm(a)redhat.com,
mgoldman(a)redhat.com, miminar(a)redhat.com, s(a)shk.io,
thrcka(a)redhat.com, vbatts(a)redhat.com
Description of problem:
The removal of docker.socket and the docker user/group mean that docker cannot
be used as part of the cockpit console anymore (using non-root accounts). This
is because, although users can be added to the dockerroot group, the
permissions of the sockets are reset upon docker restart.
Version-Release number of selected component (if applicable):
docker-io-1.5.0-1.fc21.x86_64
cockpit-0.27-3.fc21.x86_64 / cockpit-head
Steps to Reproduce:
1. Add user to dockerroot
2. chown docker socket to root:dockerroot
3. Call a docker command from user (succeeds from CLI and cockpit)
4. restart docker
5. Call a docker command from user (fails from CLI and cockpit)
Actual results:
Ownership of docker socket are reset to root:root
Expected results:
Ownership of docker socket should be configurable and compatible with cockpit
Additional info:
related to https://bugzilla.redhat.com/show_bug.cgi?id=1192848
Relevant change in the rpm spec:
"* Fri Jan 16 2015 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 1.4.1-7
- docker group no longer used or created
- no socket activation
- config file updates to include info about docker_transition_unconfined
boolean"
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1227273
Bug ID: 1227273
Summary: Tracker for golang-googlecode-goauth2
Product: Fedora
Version: rawhide
Component: golang-googlecode-goauth2
Severity: low
Priority: low
Assignee: jchaloup(a)redhat.com
Reporter: jchaloup(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,
golang(a)lists.fedoraproject.org, jchaloup(a)redhat.com,
lsm5(a)redhat.com, vbatts(a)redhat.com
Tracker for async updates of golang-googlecode-goauth2 for rawhide and other
fedora distribution.
As golang devel packages are used only as a build-time dependency at the
moment, this tracker keeps updates and other information about this package,
e.g. broken dependencies, exceptions, important pieces of information and other
issues.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1214774
Bug ID: 1214774
Summary: Tracker for golang-github-spf13-cobra
Product: Fedora
Version: rawhide
Component: golang-github-rackspace-gophercloud
Assignee: jchaloup(a)redhat.com
Reporter: jchaloup(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,
golang(a)lists.fedoraproject.org, jchaloup(a)redhat.com,
lsm5(a)redhat.com, mattdm(a)redhat.com, vbatts(a)redhat.com
Tracker for async updates of golang-github-rackspace-gophercloud for rawhide
and other fedora distribution.
As golang devel packages are used only as a build-time dependency at the
moment, this tracker keeps updates and other information about this package,
e.g. broken dependencies, exceptions, important pieces of information and other
issues.
--
You are receiving this mail because:
You are on the CC list for the bug.