https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Bug ID: 1109039 Summary: finalize namespace errors with docker run Product: Fedora Version: 20 Component: docker-io Assignee: lsm5@redhat.com Reporter: lsm5@redhat.com QA Contact: extras-qa@fedoraproject.org CC: admiller@redhat.com, golang@lists.fedoraproject.org, lsm5@redhat.com, mattdm@redhat.com, mgoldman@redhat.com, s@shk.io, vbatts@redhat.com
Description of problem:
docker run will fail at times with namespace errors
Version-Release number of selected component (if applicable): docker-io-1.0.0-1.fc20
How reproducible: pretty much random from what I've noticed
Steps to Reproduce: 1. docker run -it fedora bash 2. if you can't see the error in 1, run it again 3. repeat 2 until you see the error
Actual results: Here's a sample from my machine:
------------------------------
lsm5 @ naruto : /home/lsm5 $ docker run -it fedora:rawhide bash 2014/06/13 06:42:14 finalize namespace drop bounding set read /proc/1/status: bad file descriptor lsm5 @ naruto : /home/lsm5 $ docker run -it fedora:rawhide bash 2014/06/13 06:42:18 finalize namespace drop capabilities read /proc/1/status: bad file descriptor lsm5 @ naruto : /home/lsm5 $ docker run -it fedora:rawhide bash bash-4.3# exit exit lsm5 @ naruto : /home/lsm5 $ docker run -it fedora:rawhide bash 2014/06/13 06:42:25 finalize namespace drop bounding set read /proc/1/status: bad file descriptor
-------------------------------
Expected results: container shell should be accessible everytime
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
--- Comment #1 from Lokesh Mandvekar lsm5@redhat.com --- Hmm, I can't seem to be able to replicate this on my rawhide machine, no matter how many times I try this, regardless of the image (centos,fedora,debian,ubuntu)
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
--- Comment #2 from Vincent Batts vbatts@redhat.com --- using a newer version of gocapability (3c85049eae) fixes this for me, on RHEL6
https://github.com/dotcloud/docker/commit/4bf03a0fac48a06298afa149d433924573...
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Andy Grimm agrimm@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |agrimm@redhat.com
--- Comment #3 from Andy Grimm agrimm@redhat.com --- I confirmed that switching from f20 docker-io to rawhide docker-io fixed it for me.
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |MODIFIED
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
--- Comment #4 from Fedora Update System updates@fedoraproject.org --- golang-github-syndtr-gocapability-0-0.7.git3c85049.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/golang-github-syndtr-gocapability-0-...
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
--- Comment #5 from Fedora Update System updates@fedoraproject.org --- golang-github-syndtr-gocapability-0-0.7.git3c85049.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/golang-github-syndtr-gocapability-0-...
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
--- Comment #6 from Fedora Update System updates@fedoraproject.org --- golang-github-syndtr-gocapability-0-0.7.git3c85049.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/golang-github-syndtr-gocapability-0-...
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ON_QA
--- Comment #7 from Fedora Update System updates@fedoraproject.org --- Package golang-github-syndtr-gocapability-0-0.7.git3c85049.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing golang-github-syndtr-gocapability-0-0.7.git3c85049.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1647/golang-github-... then log in and leave karma (feedback).
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Lokesh Mandvekar lsm5@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|docker-io |golang-github-syndtr-gocapa | |bility Assignee|lsm5@redhat.com |vbatts@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Lokesh Mandvekar lsm5@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|vbatts@redhat.com |lsm5@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Lokesh Mandvekar lsm5@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1109533
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1109533 [Bug 1109533] finalize namespace errors with docker run
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Michael Scherer misc@zarb.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |misc@zarb.org
--- Comment #8 from Michael Scherer misc@zarb.org --- I do also see the same issue on RHEL 7. It work for the first container, but not the 2nd :
[misc@sarkhan ~]$ docker run -i -t fedora /bin/bash bash-4.2# id uid=0(root) gid=0(root) groups=0(root) bash-4.2# exit [misc@sarkhan ~]$ docker run -i -t fedora /bin/bash 2014/06/15 15:59:57 finalize namespace drop bounding set read /proc/1/status: bad file descriptor
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Sean Estabrooks seanlkml@sympatico.ca changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |seanlkml@sympatico.ca
--- Comment #9 from Sean Estabrooks seanlkml@sympatico.ca --- Apparently others have seen this and a fix was committed on dotcloud
https://github.com/dotcloud/docker/issues/6390
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Lokesh Mandvekar lsm5@switzerlandmail.ch changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |lsm5@switzerlandmail.ch Assignee|lsm5@redhat.com |lsm5@switzerlandmail.ch
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
--- Comment #10 from Thomas Crowe tcrowe@redhat.com --- I am also observing this problem on a freshly built, and updated, RHEL 7 server. <--- Begin Paste ---> [root@blade-3 docker]# docker run -i -t fedora /bin/bash 2014/06/27 20:28:03 finalize namespace drop bounding set read /proc/1/status: bad file descriptor [root@blade-3 docker]# docker version Client version: 1.0.0 Client API version: 1.12 Go version (client): go1.2.2 Git commit (client): 63fe64c/1.0.0 Server version: 1.0.0 Server API version: 1.12 Go version (server): go1.2.2 Git commit (server): 63fe64c/1.0.0 [root@blade-3 docker]# docker info Containers: 2 Images: 3 Storage Driver: devicemapper Pool Name: docker-253:0-134753531-pool Data file: /var/lib/docker/devicemapper/devicemapper/data Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata Data Space Used: 711.4 Mb Data Space Total: 102400.0 Mb Metadata Space Used: 1.1 Mb Metadata Space Total: 2048.0 Mb Execution Driver: native-0.2 Kernel Version: 3.10.0-123.el7.x86_64 [root@blade-3 docker]# docker run -i -t fedora /bin/bash 2014/06/27 20:58:51 finalize namespace drop bounding set read /proc/1/status: bad file descriptor [root@blade-3 docker]# docker run -i -t fedora /bin/bash 2014/06/27 20:58:53 finalize namespace drop bounding set read /proc/1/status: bad file descriptor [root@blade-3 docker]# docker run -i -t fedora /bin/bash 2014/06/27 20:58:54 finalize namespace drop bounding set read /proc/1/status: bad file descriptor [root@blade-3 docker]# docker run -i -t fedora /bin/bash 2014/06/27 20:58:56 finalize namespace drop bounding set read /proc/1/status: bad file descriptor [root@blade-3 docker]# docker run -i -t fedora /bin/bash 2014/06/27 20:58:57 finalize namespace drop capabilities read /proc/1/status: bad file descriptor [root@blade-3 docker]# docker run -i -t fedora /bin/bash bash-4.2# uname -a Linux 2dc3daacffdd 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux bash-4.2# hostname 2dc3daacffdd <--- End Paste --->
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
--- Comment #11 from Lokesh Mandvekar lsm5@switzerlandmail.ch --- Hi Thomas, what rpm/NVR are you using for docker 1.0.0 on RHEL-7? Is it from one of the fedoras? Or did you build it yourself?
docker-io-1.0.0-2 from fedora should have the fix for this problem, I'm guessing the one being built for RHEL-7 has it too. If it's not available already, it might be coming in soon (I guess).
Also see Bug 1109533
HTH.
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
--- Comment #12 from Thomas Crowe tcrowe@redhat.com --- The RPM came from the current RHEL7 EPEL repository. Here is the paste from my repo definition file <--- Begin Paste ---> [epel] name=Extra Packages for Enterprise Linux 7 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch failovermethod=priority enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
<--- End Paste --->
Installation History
<--- Begin Paste ---> [root@blade-3 docker]# yum history info 4 Loaded plugins: product-id, subscription-manager Transaction ID : 4 Begin time : Fri Jun 27 20:08:56 2014 Begin rpmdb : 330:7cd928feb4e923ad4b0d65be6e90af817c314fbe End time : 20:08:59 2014 (3 seconds) End rpmdb : 331:a48ccd48c187f1cdf9c9555c24958e1aa5371605 User : root <root> Return-Code : Success Command Line : -y install docker-io Transaction performed with: Installed rpm-4.11.1-16.el7.x86_64 @anaconda/7.0 Installed subscription-manager-1.10.14-9.el7_0.x86_64 @rhel-7-server-rpms Installed yum-3.4.3-118.el7.noarch @anaconda/7.0 Packages Altered: Install docker-io-1.0.0-1.el7.x86_64 @epel history info [root@blade-3 docker]# <--- End Paste --->
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
--- Comment #13 from Lokesh Mandvekar lsm5@switzerlandmail.ch --- Aah ok, the EPEL7 build has been gotten rid of since docker is now in RHEL7 proper. And that build didn't have the fix for this bug. Not sure about the current state or NVR of the RHEL7 build (brew might have more info), but I'd guess the rawhide/f20 builds would also work just fine on RHEL7.
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
--- Comment #14 from Thomas Crowe tcrowe@redhat.com --- Thanks for the update Lokesh. I am not finding docker-io in any of the RHEL7 repos that I have configured on subscribed server. Could you point me towards what repo docker-io will/should be in. I can share my repo configuration file with you if you need me to, but it's pretty generic for a subscribed system.
Thanks!
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Vivek Dasgupta vdasgupt@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |vdasgupt@redhat.com
--- Comment #16 from Vivek Dasgupta vdasgupt@redhat.com --- Steps to reproduce ::
1) On RHEL 7 host, try to download rhel7 docker image
#docker pull registry.access.redhat.com/rhel
2) Tag the image (NOTE this step may not be necessary to reproduce)
#docker tag registry.access.redhat.com/rhel rhel7
3) Run the image # docker run -i -t rhel7 /bin/bash
4) Quickly exit out of the image
5) Try to run it again. # docker run -i -t rhel7 /bin/bash 2014/07/15 14:23:32 finalize namespace drop bounding set read /proc/1/status: bad file descriptor
# docker info Containers: 10 Images: 7 Storage Driver: devicemapper Pool Name: docker-253:0-37070975-pool Data file: /var/lib/docker/devicemapper/devicemapper/data Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata Data Space Used: 905.4 Mb Data Space Total: 102400.0 Mb Metadata Space Used: 1.6 Mb Metadata Space Total: 2048.0 Mb Execution Driver: native-0.2 Kernel Version: 3.10.0-123.el7.x86_64
# docker version Client version: 1.0.0 Client API version: 1.12 Go version (client): go1.2.2 Git commit (client): 63fe64c/1.0.0 Server version: 1.0.0 Server API version: 1.12 Go version (server): go1.2.2 Git commit (server): 63fe64c/1.0.0
The issue can be reproduced easily if the container is re-run quickly after exiting. Otherwise the issue occurs occasionally.
-Vivek
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Lokesh Mandvekar lsm5@switzerlandmail.ch changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dwalsh@redhat.com, | |whenry@redhat.com
--- Comment #17 from Lokesh Mandvekar lsm5@switzerlandmail.ch --- (In reply to Vivek Dasgupta from comment #16)
Steps to reproduce ::
- On RHEL 7 host, try to download rhel7 docker image
William, Dan:
probably the rhel rpms for golang-github-syndtr-gocapability and docker need an update to take care of this bug (?)
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
--- Comment #18 from Daniel Walsh dwalsh@redhat.com --- In Fedora or RHEL?
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
--- Comment #19 from Lokesh Mandvekar lsm5@switzerlandmail.ch --- Vivek, you're using the RHEL7 docker rpm, correct? Or are you grabbing the one from fedora by any chance?
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
--- Comment #20 from Vivek Dasgupta vdasgupt@redhat.com --- Hi Lokesh
Yes I believe so. This is on a RHEL7 host using epel, I have installed the docker RPM.
# rpm -qa|grep docker docker-io-1.0.0-1.el7.x86_64
# rpm -qa|grep epel epel-release-7-0.2.noarch
I followed these instructions for docker installation on RHEL7
https://docs.docker.com/installation/rhel/
regards Vivek
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Fixed In Version| |golang-github-syndtr-gocapa | |bility-0-0.7.git3c85049.fc1 | |9 Resolution|--- |ERRATA Last Closed| |2014-07-25 06:06:57
--- Comment #23 from Fedora Update System updates@fedoraproject.org --- golang-github-syndtr-gocapability-0-0.7.git3c85049.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|golang-github-syndtr-gocapa |golang-github-syndtr-gocapa |bility-0-0.7.git3c85049.fc1 |bility-0-0.7.git3c85049.fc2 |9 |0
--- Comment #24 from Fedora Update System updates@fedoraproject.org --- golang-github-syndtr-gocapability-0-0.7.git3c85049.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1109039
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|golang-github-syndtr-gocapa |golang-github-syndtr-gocapa |bility-0-0.7.git3c85049.fc2 |bility-0-0.7.git3c85049.el6 |0 |
--- Comment #25 from Fedora Update System updates@fedoraproject.org --- golang-github-syndtr-gocapability-0-0.7.git3c85049.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
golang@lists.fedoraproject.org
-
Red Hat Bugzilla