Merge pull request #4614 from bfallik/patch-1

troubleshooting: warn about secure boot

1 files changed, 14 insertions, 1 deletions

diff --git a/troubleshooting.md b/troubleshooting.md
index c4e577645..9def0e08b 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -413,7 +413,6 @@ You'll need to either:
 
 ### 17) rootless containers exit once the user session exits
 
-
 You need to set lingering mode through loginctl to prevent user processes to be killed once
 the user session completed.
 
@@ -429,3 +428,17 @@ You'll need to either:
 or as root if your user has not enough privileges.
 
 * sudo loginctl enable-linger $UID
+
+### 18) `podman run` fails with "bpf create: permission denied error"
+
+The Kernel Lockdown patches deny eBPF programs when Secure Boot is enabled in the BIOS. [Matthew Garrett's post](https://mjg59.dreamwidth.org/50577.html) desribes the relationship between Lockdown and Secure Boot and [Jan-Philip Gehrcke's](https://gehrcke.de/2019/09/running-an-ebpf-program-may-require-lifting-the-kernel-lockdown/) connects this with eBPF. [RH bug 1768125](https://bugzilla.redhat.com/show_bug.cgi?id=1768125) contains some additional details.
+
+#### Symptom
+
+Attempts to run podman result in
+
+```Error: bpf create : Operation not permitted: OCI runtime permission denied error```
+
+#### Solution
+
+One workaround is to disable Secure Boot in your BIOS.