slapd: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied
Closed this issue · 6 comments
I tried to run the container with the simplest way:
docker run -d -p 389:389 -e SLAPD_PASSWORD=mysecretpassword -e SLAPD_DOMAIN=example.com --name openldap dinkel/openldap
It exits in a few seconds, and no log. Then I ran docker start openldap, but it exits again, and the log gave the following messages:
Info: Container already configured, therefore ignoring SLAPD_xxx environment variables
slapd: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied
Hi,
Thanks for reporting this issue ... although I unfortunately cannot reproduce your problem. The exact command given by you works with me (Docker versions 1.2.0 and 1.5.0).
What Docker version are use using docker -v?
Searching the web with your error message suggests that a SELinux policy is creating this error and there seem to be a few issues in the area. Therefore if you could give me some more detailed information about your environment might help.
A few other questions:
What do you mean by "it exists in a few seconds"?
Are you really sure it's not running anymore? What is the output of docker ps -a?
Yes, my original guess is also the SELinux policy. I set SELinux to permissive mode, but there is still an error:
550ca533 @(#) $OpenLDAP: slapd (Apr 23 2013 12:16:04) $
root@lupin:/tmp/buildd/openldap-2.4.31/debian/build/servers/slapd
550ca534 ch_calloc of 1048576 elems of 704 bytes failed
slapd: ../../../../servers/slapd/ch_malloc.c:107: ch_calloc: Assertion `0' failed.
docker ps -a outputs:
adc773d84dd2 dinkel/openldap:latest "/entrypoint.sh slap 19 seconds ago Exited (-1) 9 seconds ago openldap
The container was created 19 seconds ago but exited 9 seconds ago, so I would say it has ran approximately 10 seconds...
docker version: Docker version 1.3.2, build 39fa2fa/1.3.2
Thanks for the update.
Thanks to Docker-maintained APT-repository I could install the
Docker version 1.3.2, build 39fa2fa
and rerun test test on my Xubuntu 14.10 box.
But that's all the good news for you ... on my box it works flawlessly even with this version.
I must admit, that I never used SELinux stuff together with Docker, so I unfortunately cannot help that much as long as I cannot reproduce it ...
What is your host operating system?
I'm running it on CentOS 7. I don't think it's SELinux relavant, as I already set SELinux to permissive mode (that is, illegal actions will be recorded but allowed, which means that actually permission issues should be the same when there is no SELinux at all)...
I found this link. I guess there are some permission issues (not the SELinux type permission issues). I'll do more testing and let you know.
Thanks for helping!
It seems that the reason is that I don't have enough RAM on my machine. 1048576 elems of 704 bytes is 704M, which is not practical to run it on a cheap VPS... I guess there should be some options to use less memory. Thanks for your response here!
As a reference, moby/moby#8231