Compose: failed to map segment from shared object error on start

Same issue,

Linux devdocker01 2.6.32-504.16.2.el6.x86_64 #1 SMP Tue Mar 10 17:01:00 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux

Client version: 1.5.0
Client API version: 1.17
Go version (client): go1.3.3
Git commit (client): a8a31ef/1.5.0
OS/Arch (client): linux/amd64
Server version: 1.5.0
Server API version: 1.17
Go version (server): go1.3.3
Git commit (server): a8a31ef/1.5.0

Containers: 98
Images: 892
Storage Driver: devicemapper
 Pool Name: docker-8:17-2097153-pool
 Pool Blocksize: 65.54 kB
 Backing Filesystem: extfs
 Data file: 
 Metadata file: 
 Data Space Used: 49.5 GB
 Data Space Total: 107.4 GB
 Metadata Space Used: 61.08 MB
 Metadata Space Total: 2.147 GB
 Udev Sync Supported: true
 Library Version: 1.02.89-RHEL6 (2014-09-01)
Execution Driver: native-0.2
Kernel Version: 2.6.32-504.16.2.el6.x86_64
Operating System: <unknown>
CPUs: 4
Total Memory: 31.35 GiB
Name: devdocker01
ID: ZXFF:IZ7S:IEWD:76ZV:B5WR:HWHI:G7WX:DD4T:YDYL:FPEG:D6SR:GSFU
Debug mode (server): false
Debug mode (client): true
Fds: 321
Goroutines: 200
EventsListeners: 0
Init SHA1: bd0359e86e0e97527aa6298afba8df863db179c8
Init Path: /usr/libexec/docker/dockerinit
Docker Root Dir: /var/lib/docker

How reproducible:

100%

Steps to Reproduce:

1. download docker-compose 1.2.0
2. $ docker-compose --version

Actual Results:

error while loading shared libraries: libz.so.1: failed to map segment from shared object: Operation not permitted

Expected Results:

docker-compose 1.2.0

Additional info:

This started when I upgraded to version 1.2.0 on RHEL 6.6 with noexec on /tmp
We got around the issue by setting TMP for 1.1.0, but it doesn't seem to work anymore

#!/bin/bash
TMP=/var/docker-compose-tmp
export TMP
/usr/local/bin/docker-compose-orig "$@"

Well, this is awkward, it turned out to be a permissions issue with /var/docker-compose-tmp. Happy Friday....

FWIW this issue is still prevalent in Docker 1.3.0 RC3, requiring /tmp to be exec.

This should probably be called out in documentation somewhere. Just got bit by the fact the this was configured differently on our staging and prod servers, so our new deployment workflow using compose failed in production.

Issue still prevalent in:

$ docker --version
Docker version 1.6.2, build 7c8fca2
$ docker-compose --version
docker-compose version: 1.3.2
CPython version: 2.7.9
OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013

@kevana's work around using a wrapper script that exports a different TMP works for me

If i manually do the export TMP to a new location it works with 1.4.0 RC3

Just upgraded, issue still prevalent in:

$ docker version
Client version: 1.7.1
Client API version: 1.19
Go version (client): go1.4.2
Git commit (client): 786b29d
OS/Arch (client): linux/amd64
Server version: 1.7.1
Server API version: 1.19
Go version (server): go1.4.2
Git commit (server): 786b29d
OS/Arch (server): linux/amd64
$ docker-compose version
docker-compose version: 1.4.0
docker-py version: 1.3.1
CPython version: 2.7.9
OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013

Still using @kevana's work around

Have the same issue on CentOS 6.7 with both compose version 1.4.2 and 1.5.0rc2 - unfortunately even the workaround doesn't work for me.
Any chances this will be fixed in the near future?

I'd suggest using the workaround of setting a new temp directory (by setting TMPDIR I believe). There isn't much we can do about this. The installer need a place to extract and exec a file. The default place to do that type of operation on linux is /tmp. So either you set a different tmp, or you can't install using the binary.

Note there are other install options as well: https://github.com/docker/compose/blob/master/docs/install.md#alternative-install-options

Hi, same issue with centos 7. The workaround doesn't works. Any suggestion ?
Thanks.

docker-compose: error while loading shared libraries: libz.so.1: failed to map segment from shared object: Operation not permitted

You can also remount /tmp to add exec permission I believe.

sudo mount /tmp -o remount,exec might do the trick, yes.

Workaround given by @dnephin worked for me on CentOs 7 with SELinux being disabled.

got error by trying Workaround by @dnephin @sizrar

root@fd24f6b228c7:~/app# mount /tmp -o remount,exec
mount: permission denied

@Kostanos It appears you are inside a container (from the root@fd24f6b228c7 prompt). The suggested command in this issue sudo mount /tmp -o remount,exec is for the host not inside a container.

Wouldn't it be possible to add a check early in the code to see if tmp is mounted with the exec option? A useful error message would save time ;)

Thank you so much , this worked for me.
$mount /tmp -o remount,exec

But mounting /tmp with exec is not so good for security :) (for example CIS need to have noexec on /tmp folder). And case was closed just.. like that without any word @shin- ?

If executing inside the temp folder is not an option for you, you can always use the python package.

But I think that error message could be better ;-)

Unfortunately the error is not from docker-compose. It comes from pyinstaller which is used to package it for the "single binary install" option, so the fix for the error message would need to be in pyinstaller.

To summarize the workarounds (for anyone else who hits this issue):

• use the environment variable TMPDIR to point at a directory that has permission to execute files
• remount /tmp with exec (sudo mount /tmp -o remount,exec)
• use a different install option: https://docs.docker.com/compose/install/#install-compose

Thanks @dnephin
we were in such environment where we do not have root access.
use the environment variable TMPDIR to point at a directory that has permission to execute files
worked for me.

1. Move /usr/local/bin/docker-compose to /usr/local/bin/docker-compose-with-tmp
2. Create /usr/local/bin/docker-compose with contents below.
3. Execute chmod +x /usr/local/bin/docker-compose.
4. Create a folder /srv/compose-tmp (or to your own choice, then also change below) and give it execute rights.

#!/bin/bash
export TMPDIR=/srv/compose-tmp
/usr/local/bin/docker-compose-with-tmp "$@"

Basically it is a proxy.

if noexec on /tmp
docker-compose throw this error

Docker 17.06.0-ce
Docker-compose 1.23.2

The following command works for me (Centos 7):
sudo mount /tmp -o remount,exec

I've been having a failed to map segment from shared object coming out of a binary dependency of a Node (npm) package.

I've been running Docker with docker-compose and mounting a tmp folder to a RAM disk with tmpfs.

None of the solutions mentioned above helped, but I've managed to overcome the problem by adding :exec to my docker-compose.yml config like this:

    tmpfs:
      - /myapp/tmp:exec,mode=1777

Other workaround not already mentioned:

Add the following line to ~/.bashrc or ~/.bash_aliases

alias docker-compose='TMPDIR=/var/tmp/ docker-compose'

Edit: Sorry for the dumb question. I didn't see the word "message" on first read.
Edit 2: request for better error message in pyinstaller

to install docker-compose in CentOS 7 only pip.