We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
On a newly-created Vagrant instance of CentOS Stream 9, I run:
sudo dnf install podman sudo podman run -it --rm --log-level=debug docker.io/bitnami/mongodb:6.0
You can see it crashes immediately. In /var/log/audit.log, there is:
/var/log/audit.log
type=AVC msg=audit(1670323793.223:651): avc: denied { read write } for pid=5215 comm="entrypoint.sh" path="/dev/pts/0" dev="devpts" ino=3 scontext=system_u:system_r:con tainer_t:s0:c353,c573 tcontext=system_u:object_r:container_file_t:s0:c353,c573 tclass=chr_file permissive=0 type=SYSCALL msg=audit(1670323793.223:651): arch=c000003e syscall=59 success=yes exit=0 a0=564baa4c7200 a1=564baa4dfef0 a2=564baa4d22f0 a3=0 items=0 ppid=5213 pid=5215 aui d=1000 uid=1001 gid=0 euid=1001 suid=1001 fsuid=1001 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="entrypoint.sh" exe="/bin/bash" subj=system_u:system_r:container_t:s0:c353 ,c573 key=(null)^]ARCH=x86_64 SYSCALL=execve AUID="vagrant" UID="unknown(1001)" GID="root" EUID="unknown(1001)" SUID="unknown(1001)" FSUID="unknown(1001)" EGID="root" SGID ="root" FSGID="root" type=EXECVE msg=audit(1670323793.223:651): argc=3 a0="/bin/bash" a1="/opt/bitnami/scripts/mongodb/entrypoint.sh" a2="/opt/bitnami/scripts/mongodb/run.sh" type=PROCTITLE msg=audit(1670323793.223:651): proctitle=2F62696E2F62617368002F6F70742F6269746E616D692F736372697074732F6D6F6E676F64622F656E747279706F696E742E7368002F6F70742 F6269746E616D692F736372697074732F6D6F6E676F64622F72756E2E7368 type=AVC msg=audit(1670323793.225:652): avc: denied { read } for pid=5215 comm="entrypoint.sh" path="/lib/x86_64-linux-gnu/libc-2.31.so" dev="dm-0" ino=259479 scontext= system_u:system_r:container_t:s0:c353,c573 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1670323793.225:652): arch=c000003e syscall=10 success=no exit=-13 a0=7fe3fa5aa000 a1=4000 a2=1 a3=468 items=0 ppid=5213 pid=5215 auid=1000 uid=1001 gid=0 euid=1001 suid=1001 fsuid=1001 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="entrypoint.sh" exe="/bin/bash" subj=system_u:system_r:container_t:s0:c353,c573 key=(null) ARCH=x86_64 SYSCALL=mprotect AUID="vagrant" UID="unknown(1001)" GID="root" EUID="unknown(1001)" SUID="unknown(1001)" FSUID="unknown(1001)" EGID="root" SGID="root" FSGID= "root"
This issue does not happen with images provided by the CentOS project. They don't provide a catalog file, but here is one:
{ "description": "", "short_description": "", "name": "centos/stream9", "versions": [ { "version": "20221129.1", "status": "active", "description_html": null, "description_markdown": "", "providers": [ { "name": "virtualbox", "url": "https://cloud.centos.org/centos/9-stream/x86_64/images/CentOS-Stream-Vagrant-9-20221129.1.x86_64.vagrant-virtualbox.box", "checksum": "e99b1d287df3d1d222881657059484d77e4ef940ae46dfc5af6f5d6c0f13e597", "checksum_type": "sha256" }, { "name": "libvirt", "url": "https://cloud.centos.org/centos/9-stream/x86_64/images/CentOS-Stream-Vagrant-9-20221129.1.x86_64.vagrant-libvirt.box", "checksum": "c46aa730c5ae97ce8fc2ea011685f6f73e79693b45d2a9e120fa924b1107e6a2", "checksum_type": "sha256" } ] } ] }
and in the Vagrantfile:
Vagrant.configure("2") do |config| config.vm.box = "centos/stream9" config.vm.box_url = "./stream9.json" end
The text was updated successfully, but these errors were encountered:
No branches or pull requests
On a newly-created Vagrant instance of CentOS Stream 9, I run:
You can see it crashes immediately. In
/var/log/audit.log, there is:This issue does not happen with images provided by the CentOS project. They don't provide a catalog file, but here is one:
{ "description": "", "short_description": "", "name": "centos/stream9", "versions": [ { "version": "20221129.1", "status": "active", "description_html": null, "description_markdown": "", "providers": [ { "name": "virtualbox", "url": "https://cloud.centos.org/centos/9-stream/x86_64/images/CentOS-Stream-Vagrant-9-20221129.1.x86_64.vagrant-virtualbox.box", "checksum": "e99b1d287df3d1d222881657059484d77e4ef940ae46dfc5af6f5d6c0f13e597", "checksum_type": "sha256" }, { "name": "libvirt", "url": "https://cloud.centos.org/centos/9-stream/x86_64/images/CentOS-Stream-Vagrant-9-20221129.1.x86_64.vagrant-libvirt.box", "checksum": "c46aa730c5ae97ce8fc2ea011685f6f73e79693b45d2a9e120fa924b1107e6a2", "checksum_type": "sha256" } ] } ] }and in the Vagrantfile:
The text was updated successfully, but these errors were encountered: