Podman container 23ai latest fails to start on Intel Mac; ending with ORA-27180: failed to create memory protection key error

[chrishoina]

The Error

Upon issuing the podman run command I am observing this error in the logs (and trace file):

ORA-27180: failed to create memory protection key

Podman run command used:

podman run -d -p 1521:1521 -e ORACLE_PASSWORD=xxxxxxxxx -v 23ai:/opt/oracle/oradata gvenzl/oracle-free:latest

This includes a separately created podman volume named 23ai.

Background:

I have been experiencing issues with the offical 23:latest image. It would consistently fail and present as unhealthy. I've performed a few full uninstalls/re-installs of podman, as well as podman machine resets (before a full uninstall/install) prior to uninstalling/re-installing.

I've attempted to install podman from the official site, via Homebrew, (both CLI and desktop app). Nothing has worked.¹

Logs, Errors, Trace file

MacBook Pro Details:

Name	Value
Specs	13-inch, 2020
Processor	2.3 GHz Quad-Core Intel Core i7
Memory	32 GB 3733 MHz LPDDR4X
macOS	15.4 (24E248)

Podman details:

👈🏼 Expand for Podman info

Client:
  APIVersion: 5.4.2
  BuildOrigin: brew
  Built: 1743601389
  BuiltTime: Wed Apr  2 09:43:09 2025
  GitCommit: ""
  GoVersion: go1.24.2
  Os: darwin
  OsArch: darwin/amd64
  Version: 5.4.2
host:
  arch: amd64
  buildahVersion: 1.39.4
  cgroupControllers:
  - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.12-3.fc41.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.12, commit: '
  cpuUtilization:
    idlePercent: 98.7
    systemPercent: 0.79
    userPercent: 0.51
  cpus: 2
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: coreos
    version: "41"
  eventLogger: journald
  freeLocks: 2046
  hostname: localhost.localdomain
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 1000000
    uidmap:
    - container_id: 0
      host_id: 501
      size: 1
    - container_id: 1
      host_id: 100000
      size: 1000000
  kernel: 6.12.13-200.fc41.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 101195776
  memTotal: 4092964864
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.14.0-1.fc41.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.14.0
    package: netavark-1.14.0-1.fc41.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.14.0
  ociRuntime:
    name: crun
    package: crun-1.20-2.fc41.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.20
      commit: 9c9a76ac11994701dd666c4f0b869ceffb599a66
      rundir: /run/user/501/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20250121.g4f2c8e7-2.fc41.x86_64
    version: |
      pasta 0^20250121.g4f2c8e7-2.fc41.x86_64
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: unix:///run/user/501/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.3.1-1.fc41.x86_64
    version: |-
      slirp4netns version 1.3.1
      commit: e5e368c4f5db6ae75c2fce786e31eef9da6bf236
      libslirp: 4.8.0
      SLIRP_CONFIG_VERSION_MAX: 5
      libseccomp: 2.5.5
  swapFree: 0
  swapTotal: 0
  uptime: 4h 25m 14.00s (Approximately 0.17 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /var/home/core/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 1
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/core/.local/share/containers/storage
  graphRootAllocated: 106521055232
  graphRootUsed: 19457257472
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 2
  runRoot: /run/user/501/containers
  transientStore: false
  volumePath: /var/home/core/.local/share/containers/storage/volumes
version:
  APIVersion: 5.4.2
  BuildOrigin: Fedora Project
  Built: 1743552000
  BuiltTime: Tue Apr  1 20:00:00 2025
  GitCommit: be85287fcf4590961614ee37be65eeb315e5d9ff
  GoVersion: go1.23.7
  Os: linux
  OsArch: linux/amd64
  Version: 5.4.2

👈🏼 Expand for Podman logs

Starting Oracle Net Listener.
Oracle Net Listener started.
Starting Oracle Database instance FREE.
Oracle Database instance FREE started.

The Oracle base remains unchanged with value /opt/oracle
#####################################
########### E R R O R ###############
DATABASE SETUP WAS NOT SUCCESSFUL!
Please check output for further info!
########### E R R O R ###############
#####################################
The following output is now a tail of the alert.log:
  db_name                  = "FREE"
  open_cursors             = 300
  pga_aggregate_target     = 512M
  diagnostic_dest          = "/opt/oracle"
  enable_pluggable_database= TRUE
2025-04-22T23:59:09.346263+00:00
Errors in file /opt/oracle/diag/rdbms/free/FREE/trace/FREE_ora_51.trc:
ORA-27180: failed to create memory protection key
Linux-x86_64 Error: 22: Invalid argument

👈🏼 Expand for FREE_ora_51.trc trace file

Trace file /opt/oracle/diag/rdbms/free/FREE/trace/FREE_ora_51.trc
Oracle Database 23ai Free Release 23.0.0.0.0 - Develop, Learn, and Run for Free
Version 23.7.0.25.01
Build label:    RDBMS_23.7.0.25.01DBRU_LINUX.X64_250123.FREE
ORACLE_HOME:    /opt/oracle/product/23ai/dbhomeFree
System name:	Linux
Node name:	095df7b27ed7
Release:	6.12.13-200.fc41.x86_64
Version:	#1 SMP PREEMPT_DYNAMIC Sat Feb  8 20:05:26 UTC 2025
Machine:	x86_64
Storage:	?
CLID:	U
Instance name: FREE
Instance number: 0 <none>
Database name: N/A 
Database unique name: N/A 
Database id: N/A
Database role: N/A
Redo thread mounted by this instance: 0 <none>
Oracle process number: 0
Unix process pid: 51, NID: 4026532653, image: 


*** 2025-04-22T23:59:08.824921+00:00
SGA (id: 1) creation time at startup: 3 ms
sksxp_get_netcaps: no CI IPs
I:2025-04-22 23:59:08.931 : [    GPNP][    GPNP]  clsgpnp_Init init failed. Error: CLSGPNP_ERR (1) .
I:2025-04-22 23:59:08.934 : [ CLSINET][ CLSINET]  Failed to initialize clsgpnp context grv 1
I:2025-04-22 23:59:08.936 : [    GPNP][    GPNP]  clsgpnp_Init init failed. Error: CLSGPNP_ERR (1) .
I:2025-04-22 23:59:08.937 : [ CLSINET][ CLSINET]  Failed to initialize clsgpnp context grv 1
sksxp_get_netcaps: no KGGPNP IPs
Lockdown sysfs /sys/kernel/security/lockdown doesn't exist. Set to default KSCXCAPTYPEKERNELSEC_NONE 
KSIPC: KSIPC SERVICE ENV 0x0
KSIPC SERVICE MASK MGAON:[INETOFF]:[IPCLWON]:[GRPAM]:[PRON]:[TOPOON]:[DLLON]:[KSGLOFF][RSTFWOFF]:[RDMAPINGON]:[SHREGON]:MEMCBON:[STATSFWON]:[SNOFF]:[DGOFF]:[ORDNFY]:[RDSTCPBSON][SHREGODPON]:[SIGSAFEON]:[THRPOOLON]:[VNICOFF]
KSNMON: Initial Config: enable=0x7fffffff, maxflow=65535, minstsint=5000
KSNMON: Runtime Config: service enabled=0x3ff
kcrlnfy: Enable RFS client   [kcrlc.c:609]
kcrfwy: minimum sleep (disk) is 1376 usecs (overhead is 376 usecs)
init table done
Running with 1 strand for Non-Enterprise Edition
Running without dynamic strands for Non-Enterprise Edition
NOTE: Cluster configuration type = NONE [2]
sskgm_mpkey_create failed: 22
kcrfw_mpkey_init: Failed to initialize memory protection key
ORA-27180: failed to create memory protection key
Linux-x86_64 Error: 22: Invalid argument
Additional information: 16723
<error barrier> at 0x7fffae92d1e8 placed kcrfw.c@39499
sskgm_mpkey_set_prot invalid key:0
Protecting shared strand buffer via memory protection key failed
KJHA:2phase 010 opi_error:27103
ksdddnfy(): KSDDD private context array is NULL

👈🏼 Container /bin/bash ENV variables

SETUP_LINUX_FILE=setupLinuxEnv.sh
ORACLE_SID=FREE
BLOBREADER=blobReader.py
ORACLE_BASE=/opt/oracle
CHECK_SPACE_FILE=checkSpace.sh
ORACLE_HOME=/opt/oracle/product/23ai/dbhomeFree
SETUPTC=setup.sh
SSHARD_PY=orasshard.py
INSTALL_FILE_1=oracle-database-free-23ai-1.0-1.el8.x86_64.rpm
ORACLE_PDB=
LOGGER_PY=oralogger.py
MAIN_PY=main.py
container=podman
SCATALOG_PY=orascatalog.py
PYTHON3_FILE=/usr/libexec/platform-python3.6
PWD=/opt/oracle/diag/rdbms/free/FREE/trace
AUTO_MEM_CALCULATION=false
HOME=/home/oracle
CONFIG_TCPS_FILE=configTcps.sh
ORACLE_PWD=
PCATALOG_PY=orapcatalog.py
CREATE_BLOB_SCRIPT=createBlob.sh
PYTHON_FILE=/usr/bin/python
SHARD_PY=orapshard.py
GSM_PY=oragsm.py
COMMON_PY=oracommon.py
CMD_EXEC=cmdExec
ENABLE_ARCHIVELOG=true
CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1
TERM=xterm
CONF_FILE=oracle-free-23ai.conf
REGISTER_TC_SVCS_SCRIPT=registerService.sh
MACHINE_PY=oramachine.py
USER_SCRIPTS_FILE=runUserScripts.sh
RUN_SHARD_FILE=runOraShardSetup.sh
ENV_PY=oraenv.py
FACTORY_PY=orafactory.py
CHECK_DB_FILE=checkDBStatus.sh
DECRYPT_PWD_FILE=decryptPassword.sh
PWD_FILE=setPassword.sh
CREATE_DB_FILE=createDB.sh
SHLVL=1
SHARD_SETUP=false
CREATE_TC_SVCS_SCRIPT=createService.sh
ENABLE_FORCE_LOGGING=true
ORACLE_DOCKER_INSTALL=true
DEMO_APP=demoapp.sql
PATH=/opt/oracle/product/23ai/dbhomeFree/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
RUN_FILE=runOracle.sh
INSTALL_DIR=/install
CHECKPOINT_FILE_EXTN=.created
_=/usr/bin/env
OLDPWD=/opt/oracle/diag/rdbms/free/FREE

FYI

@gvenzl has a version that is working! Just pulled and all looks good so far. Thank you to him as well 😀

choina@MacBook-Pro-2 ~ % podman ps
CONTAINER ID  IMAGE                                COMMAND     CREATED         STATUS         PORTS                   NAMES
b82c4b9f7480  docker.io/gvenzl/oracle-free:latest              18 minutes ago  Up 18 minutes  0.0.0.0:1521->1521/tcp  upbeat_darwin
choina@MacBook-Pro-2 ~ % sql sys/Password1234@//localhost:1521/FREEPDB1 as sysdba


SQLcl: Release 24.4 Production on Wed Apr 23 07:56:47 2025

Copyright (c) 1982, 2025, Oracle.  All rights reserved.

Connected to:
Oracle Database 23ai Free Release 23.0.0.0.0 - Develop, Learn, and Run for Free
Version 23.7.0.25.01

SQL> 

Footnotes

1. There is currently a separate bug that prevents Intel Macs from starting a podman machine, but that is another issue. ↩

[oraclesean]

This should be in a textbook as an example of an ideal way of reporting an issue.

[yunus-qureshi]

@chrishoina btw, an updated 23.7 lite image has been uploaded with the fix for this issue. Please try that

container-registry.oracle.com/database/free:23.7.0.0-lite