Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

failed to map segment from shared object error on start #1339

Closed
gregaumann opened this issue Apr 24, 2015 · 34 comments
Closed

failed to map segment from shared object error on start #1339

gregaumann opened this issue Apr 24, 2015 · 34 comments

Comments

@gregaumann
Copy link

@gregaumann gregaumann commented Apr 24, 2015

When I run docker-compose --version on a host with noexec set on /tmp I get the following error:
docker-compose: error while loading shared libraries: libz.so.1: failed to map segment from shared object: Operation not permitted

This is docker-compose version 1.2.0 running on Centos 6

A google search turned up the same error happening with another application and they attributed it to noexec being set on /tmp http://admin-ahead.com/portal/knowledgebase/4/error-while-loading-shared-libraries-libzso1-failed-to-map-segment-from-shared-object-Operation-not-permitted.html

This server has noexec set on /tmp and the error message is the same so I expect that is the cause. Trying to set TMP to another location without noexec didn't work.

@kevana
Copy link

@kevana kevana commented May 8, 2015

Same issue,

Linux devdocker01 2.6.32-504.16.2.el6.x86_64 #1 SMP Tue Mar 10 17:01:00 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux

Client version: 1.5.0
Client API version: 1.17
Go version (client): go1.3.3
Git commit (client): a8a31ef/1.5.0
OS/Arch (client): linux/amd64
Server version: 1.5.0
Server API version: 1.17
Go version (server): go1.3.3
Git commit (server): a8a31ef/1.5.0

Containers: 98
Images: 892
Storage Driver: devicemapper
 Pool Name: docker-8:17-2097153-pool
 Pool Blocksize: 65.54 kB
 Backing Filesystem: extfs
 Data file: 
 Metadata file: 
 Data Space Used: 49.5 GB
 Data Space Total: 107.4 GB
 Metadata Space Used: 61.08 MB
 Metadata Space Total: 2.147 GB
 Udev Sync Supported: true
 Library Version: 1.02.89-RHEL6 (2014-09-01)
Execution Driver: native-0.2
Kernel Version: 2.6.32-504.16.2.el6.x86_64
Operating System: <unknown>
CPUs: 4
Total Memory: 31.35 GiB
Name: devdocker01
ID: ZXFF:IZ7S:IEWD:76ZV:B5WR:HWHI:G7WX:DD4T:YDYL:FPEG:D6SR:GSFU
Debug mode (server): false
Debug mode (client): true
Fds: 321
Goroutines: 200
EventsListeners: 0
Init SHA1: bd0359e86e0e97527aa6298afba8df863db179c8
Init Path: /usr/libexec/docker/dockerinit
Docker Root Dir: /var/lib/docker

How reproducible:

100%

Steps to Reproduce:

  1. download docker-compose 1.2.0
  2. $ docker-compose --version

Actual Results:

error while loading shared libraries: libz.so.1: failed to map segment from shared object: Operation not permitted

Expected Results:

docker-compose 1.2.0

Additional info:

This started when I upgraded to version 1.2.0 on RHEL 6.6 with noexec on /tmp
We got around the issue by setting TMP for 1.1.0, but it doesn't seem to work anymore

#!/bin/bash
TMP=/var/docker-compose-tmp
export TMP
/usr/local/bin/docker-compose-orig "$@"
@kevana
Copy link

@kevana kevana commented May 8, 2015

Well, this is awkward, it turned out to be a permissions issue with /var/docker-compose-tmp. Happy Friday....

@alexzeitgeist
Copy link

@alexzeitgeist alexzeitgeist commented Jun 17, 2015

FWIW this issue is still prevalent in Docker 1.3.0 RC3, requiring /tmp to be exec.

@AndrewSwerlick
Copy link

@AndrewSwerlick AndrewSwerlick commented Jul 11, 2015

This should probably be called out in documentation somewhere. Just got bit by the fact the this was configured differently on our staging and prod servers, so our new deployment workflow using compose failed in production.

@ChrisRut
Copy link

@ChrisRut ChrisRut commented Jul 14, 2015

Issue still prevalent in:

$ docker --version
Docker version 1.6.2, build 7c8fca2
$ docker-compose --version
docker-compose version: 1.3.2
CPython version: 2.7.9
OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013

@kevana's work around using a wrapper script that exports a different TMP works for me

@KalleDK
Copy link
Contributor

@KalleDK KalleDK commented Aug 20, 2015

If i manually do the export TMP to a new location it works with 1.4.0 RC3

@ChrisRut
Copy link

@ChrisRut ChrisRut commented Sep 9, 2015

Just upgraded, issue still prevalent in:

$ docker version
Client version: 1.7.1
Client API version: 1.19
Go version (client): go1.4.2
Git commit (client): 786b29d
OS/Arch (client): linux/amd64
Server version: 1.7.1
Server API version: 1.19
Go version (server): go1.4.2
Git commit (server): 786b29d
OS/Arch (server): linux/amd64
$ docker-compose version
docker-compose version: 1.4.0
docker-py version: 1.3.1
CPython version: 2.7.9
OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013

Still using @kevana's work around

@thjaeckle
Copy link

@thjaeckle thjaeckle commented Oct 30, 2015

Have the same issue on CentOS 6.7 with both compose version 1.4.2 and 1.5.0rc2 - unfortunately even the workaround doesn't work for me.
Any chances this will be fixed in the near future?

@dnephin
Copy link
Contributor

@dnephin dnephin commented Oct 30, 2015

I'd suggest using the workaround of setting a new temp directory (by setting TMPDIR I believe). There isn't much we can do about this. The installer need a place to extract and exec a file. The default place to do that type of operation on linux is /tmp. So either you set a different tmp, or you can't install using the binary.

Note there are other install options as well: https://github.com/docker/compose/blob/master/docs/install.md#alternative-install-options

@zerr0s
Copy link

@zerr0s zerr0s commented Jan 21, 2016

Hi, same issue with centos 7. The workaround doesn't works. Any suggestion ?
Thanks.

docker-compose: error while loading shared libraries: libz.so.1: failed to map segment from shared object: Operation not permitted

@dnephin
Copy link
Contributor

@dnephin dnephin commented Jan 21, 2016

You can also remount /tmp to add exec permission I believe.

@sizrar
Copy link

@sizrar sizrar commented Mar 15, 2016

sudo mount /tmp -o remount,exec might do the trick, yes.

@RafPe
Copy link

@RafPe RafPe commented Mar 25, 2016

Workaround given by @dnephin worked for me on CentOs 7 with SELinux being disabled.

@Kostanos
Copy link

@Kostanos Kostanos commented Jan 19, 2017

got error by trying Workaround by @dnephin @sizrar

root@fd24f6b228c7:~/app# mount /tmp -o remount,exec
mount: permission denied

@patakijv
Copy link

@patakijv patakijv commented Feb 4, 2017

@Kostanos It appears you are inside a container (from the root@fd24f6b228c7 prompt). The suggested command in this issue sudo mount /tmp -o remount,exec is for the host not inside a container.

@helmo
Copy link

@helmo helmo commented Mar 31, 2017

Wouldn't it be possible to add a check early in the code to see if tmp is mounted with the exec option? A useful error message would save time ;)

@shin- shin- closed this Jul 6, 2017
@sunilposhala
Copy link

@sunilposhala sunilposhala commented Sep 26, 2017

Thank you so much , this worked for me.
$mount /tmp -o remount,exec

@ronnicek
Copy link

@ronnicek ronnicek commented Nov 7, 2017

But mounting /tmp with exec is not so good for security :) (for example CIS need to have noexec on /tmp folder). And case was closed just.. like that without any word @shin- ?

@shin-
Copy link
Contributor

@shin- shin- commented Nov 7, 2017

If executing inside the temp folder is not an option for you, you can always use the python package.

@ronnicek
Copy link

@ronnicek ronnicek commented Nov 8, 2017

But I think that error message could be better ;-)

@dnephin
Copy link
Contributor

@dnephin dnephin commented Nov 8, 2017

Unfortunately the error is not from docker-compose. It comes from pyinstaller which is used to package it for the "single binary install" option, so the fix for the error message would need to be in pyinstaller.

To summarize the workarounds (for anyone else who hits this issue):

@vishalvsh1
Copy link

@vishalvsh1 vishalvsh1 commented Mar 7, 2018

Thanks @dnephin
we were in such environment where we do not have root access.
use the environment variable TMPDIR to point at a directory that has permission to execute files
worked for me.

@frederikbosch
Copy link

@frederikbosch frederikbosch commented Aug 22, 2018

  1. Move /usr/local/bin/docker-compose to /usr/local/bin/docker-compose-with-tmp
  2. Create /usr/local/bin/docker-compose with contents below.
  3. Execute chmod +x /usr/local/bin/docker-compose.
  4. Create a folder /srv/compose-tmp (or to your own choice, then also change below) and give it execute rights.
#!/bin/bash
export TMPDIR=/srv/compose-tmp
/usr/local/bin/docker-compose-with-tmp "$@"

Basically it is a proxy.

@JOduMonT
Copy link

@JOduMonT JOduMonT commented Dec 21, 2018

if noexec on /tmp
docker-compose throw this error

Docker 17.06.0-ce
Docker-compose 1.23.2

@Dennyss
Copy link

@Dennyss Dennyss commented Apr 15, 2019

The following command works for me (Centos 7):
sudo mount /tmp -o remount,exec

@lolmaus
Copy link

@lolmaus lolmaus commented Jul 5, 2019

I've been having a failed to map segment from shared object coming out of a binary dependency of a Node (npm) package.

I've been running Docker with docker-compose and mounting a tmp folder to a RAM disk with tmpfs.

None of the solutions mentioned above helped, but I've managed to overcome the problem by adding :exec to my docker-compose.yml config like this:

    tmpfs:
      - /myapp/tmp:exec,mode=1777
@chris03
Copy link

@chris03 chris03 commented Jul 10, 2019

Other workaround not already mentioned:

Add the following line to ~/.bashrc or ~/.bash_aliases

alias docker-compose='TMPDIR=/var/tmp/ docker-compose'
@mk-pmb
Copy link

@mk-pmb mk-pmb commented Nov 21, 2019

@dnephin wrote:

the fix for the error message would need to be in pyinstaller.

Does it mean there's no way for docker-compose to provide a more helpful error message?

Edit: Sorry for the dumb question. I didn't see the word "message" on first read.
Edit 2: request for better error message in pyinstaller

mikedep333 added a commit to mikedep333/ansible-pulp that referenced this issue Mar 2, 2020
Problem:
In ansible-pulp CI, pip builds often fail to access .so files under /tmp

Solution: Mount /tmp with exec in molecule.yml per:
docker/compose#1339 (comment)

fixes: #6266
mikedep333 added a commit to mikedep333/ansible-pulp that referenced this issue Mar 2, 2020
…s under /tmp

Solution: Mount /tmp with exec in molecule.yml per:
docker/compose#1339 (comment)

fixes: #6266
@LaurianoElmiroDuarte
Copy link

@LaurianoElmiroDuarte LaurianoElmiroDuarte commented Jul 20, 2020

to install docker-compose in CentOS 7 only pip.

@imthenachoman
Copy link

@imthenachoman imthenachoman commented Dec 30, 2020

Is there any plan to add some kind of config file to specify where docker-compose uses for tmp? The hack fixes above work but I'm thinking its better suited as a config option or something, no?

@mk-pmb
Copy link

@mk-pmb mk-pmb commented Dec 30, 2020

I now use a dockerized version of docker-compose. With that, you can mount /tmp whereever you want, if it's still needed.

@imthenachoman
Copy link

@imthenachoman imthenachoman commented Dec 30, 2020

@mk-pmb How are you doing that?

@mk-pmb
Copy link

@mk-pmb mk-pmb commented Dec 31, 2020

docker run …options… docker/compose:latest …command…

@imthenachoman
Copy link

@imthenachoman imthenachoman commented Dec 31, 2020

Oh. Ha. I didn't get what you meant at first. That is kinda funny. Docker to run Compose to run Docker. Dockception. :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet