podman fails to start a container when fapolicyd is enabled, runc reports "/usr/bin/runc: error while loading shared libraries: libresolv.so.2: cannot openshared object file: Operation not permitted: OCI permission denied"

Solution In Progress - Updated -

Issue

  • Trying to start a container using podman on a system with fapolicyd enabled, the following error gets reported:
Error: unable to start container "<container-id>": runc: /usr/bin/runc: error while loading shared libraries: libresolv.so.2: cannot open shared object file: Operation not permitted: OCI permission denied
  • Attempts to start the container also showed this error:
Error: OCI runtime error: runc: exec failed: unable to start container process: waiting for init preliminary setup: read init-p: connection reset by peer

Environment

  • Red Hat Enterprise Linux 8
  • fapolicy
  • podman

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content