Thanks to visit codestin.com
Credit goes to github.com

Skip to content

On 1.21.0 cri-o fails to start because of incorrect SELinux check #5097

New issue
New issue
Closed
Closed
On 1.21.0 cri-o fails to start because of incorrect SELinux check#5097
@Elettronik

Description

@Elettronik
Elettronik
opened on Jul 17, 2021

Description

CRI-O version 1.21.1 Fails to start because of an incorrect SELinux check

Steps to reproduce the issue:

  1. Start crio

Describe the results you received:
It fail to start

Describe the results you expected:
It started

Additional information you deem important (e.g. issue happens only occasionally):

Output of start

INFO[2021-07-17 11:53:31.852998073Z] Starting CRI-O, version: 1.21.0, git: bc1ef35a932acc2f6f3b6d3eb19a4f68aa9423f6(dirty) 
INFO[2021-07-17 11:53:31.853347428Z] Node configuration value for hugetlb cgroup is true 
INFO[2021-07-17 11:53:31.853458986Z] Node configuration value for pid cgroup is true 
INFO[2021-07-17 11:53:31.854167436Z] Node configuration value for memoryswap cgroup is true 
INFO[2021-07-17 11:53:31.860911621Z] Node configuration value for systemd CollectMode is true 
DEBU[2021-07-17 11:53:31.861982925Z] [graphdriver] trying provided driver "overlay"  file="drivers/driver.go:252"
DEBU[2021-07-17 11:53:31.933535724Z] Overlay test mount with multiple lowers failed invalid argument  file="overlay/overlay.go:559"
DEBU[2021-07-17 11:53:31.965836584Z] Overlay test mount with a single lower failed invalid argument  file="overlay/overlay.go:571"
ERRO[2021-07-17 11:53:31.966098625Z] 'overlay' is not supported over xfs at "/var/lib/crio/overlay"  file="overlay/overlay.go:573"
FATA[2021-07-17 11:53:31.966797714Z] Validating root config: failed to get store to set defaults: kernel does not support overlay fs: 'overlay' is not supported over xfs at "/var/lib/crio/overlay": backing file system is unsupported for this graph driver  file="crio/main.go:354"

The bug is related to containers/storage#963
It will be solved by bumping vendored go package github.com/containers/storage to at least 1.30.1, which contains a check for existence of "system_u:object_r:container_file_t:s0" SELinux label in the kernel

Output of crio --version:

crio version 1.21.0
Version:       1.21.0
GitCommit:     bc1ef35a932acc2f6f3b6d3eb19a4f68aa9423f6
GitTreeState:  dirty
BuildDate:     1980-01-01T00:00:00Z
GoVersion:     go1.15.7
Compiler:      gc
Platform:      linux/amd64
Linkmode:      static

Additional environment details (AWS, VirtualBox, physical, etc.):
VM Flatcar Linux stable

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions