Quay containers can't run due to missing runc files

Solution Verified - Updated

Environment

  • Red Hat Enterprise Linux
    • 8+
  • Red Hat Quay
    • 3.6+

Issue

  • Containers can't run due to missing runc files in the podman client tool.

  • When trying to start the container, podman throws the following error:

      # podman run --name quay-redis -e REDIS_PASSWORD=xxxx --pod=quay-pod --conmon-pidfile /run/quay-redis.service-pid --cidfile /run/quay-redis.service-cid --cgroups=no-conmon --replace registry.redhat.io/rhel8/redis-6:1-25

  Error: container_linux.go:380: starting container process caused: error adding seccomp filter rule for syscall bdflush: permission denied: OCI permission denied

Resolution

  • Updating the podman version, to get updated runc files. This helped containers to be successfully deployed. Command used to update podman is given below: 

    # yum update podman -y

Root Cause

  • Runc files that required were missing in the old podman version.

    # grep -i "podman\|conmon\|runc" installed-rpms 
cockpit-podman-29-2.module+el8.4.0+10607+f4da7515.noarch    Mon Apr 18 14:25:35 2022
conmon-2.0.26-1.module+el8.4.0+10607+f4da7515.x86_64        Mon Apr 18 14:25:01 2022
podman-4.1.1-2.module+el8.6.0+15917+093ca6f8.x86_64         Thu Sep 15 13:12:04 2022
podman-catatonit-4.1.1-2.module+el8.6.0+15917+093ca6f8.x86_64 Thu Sep 15 13:12:02 2022
podman-docker-4.1.1-2.module+el8.6.0+15917+093ca6f8.noarch  Thu Sep 15 13:12:06 2022
podman-gvproxy-4.1.1-2.module+el8.6.0+15917+093ca6f8.x86_64 Thu Sep 15 13:12:05 2022
podman-plugins-4.1.1-2.module+el8.6.0+15917+093ca6f8.x86_64 Thu Sep 15 13:12:05 2022
podman-remote-3.0.1-6.module+el8.4.0+10607+f4da7515.x86_64  Mon Apr 18 14:26:15 2022
podman-tests-4.1.1-2.module+el8.6.0+15917+093ca6f8.x86_64   Thu Sep 15 13:12:06 2022
runc-1.0.0-70.rc92.module+el8.4.0+10607+f4da7515.x86_64     Mon Apr 18 14:22:00 2022

  • The podman info output :

        cgroupManager: systemd
    cgroupVersion: v1
    conmon:
      package: conmon-2.0.26-1.module+el8.4.0+10607+f4da7515.x86_64
      path: /usr/bin/conmon
      version: 'conmon version 2.0.26, commit: b883692702312720058141f16b6002ab26ead2e7'

 ociRuntime:
    name: runc
    package: runc-1.0.0-70.rc92.module+el8.4.0+10607+f4da7515.x86_64
    path: /usr/bin/runc
    version: 'runc version spec: 1.0.2-dev'

Diagnostic Steps

  • Check the version of the conmon and runc packages:
    a. Before Update

    # rpm -qa|grep -i conmon
conmon-2.1.2-2.module+el8.6.0+15917+093ca6f8.x86_64
# rpm -qa|grep -i runc
runc-1.1.3-2.module+el8.6.0+15917+093ca6f8.x86_64

    b. After Update

    # rpm -qa|grep -i conmon
conmon-2.0.26-1.module+el8.4.0+10607+f4da7515.x86_64
# rpm -qa|grep -i runc
runc-1.0.0-70.rc92.module+el8.4.0+10607+f4da7515.x86_64
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.