-
Notifications
You must be signed in to change notification settings - Fork 771
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
seccomp: config provided but seccomp not supported #467
Comments
The storage.conf should come from skopeo-containers, but not sure if this has been packaged for "Arch Linux" yet. |
buildah should be able to work even if seccomp is not enabled. I believe this error is coming from runc, which buildah is executing to run the containers. What version of runc are you using? |
Is I installed
|
skopeo-containers is a subpackage of skopeo, at least that is what we ship in Fedora and I believe in our version for Ubuntu. Your version of runc looks recent enough. On Fedora
|
I don't know if it is of any help, but I tried to manually mount the working container, and create a container from it with
|
Apparently, the arch package lacks two files:
|
/usr/share/containers/mounts.conf
|
These are all defaulted, but helpful to the admin to understand options available to them. |
@etnbrd I believe your system has a version of |
The fact that you can start the container from the spec seems to undermine this, but I'm pretty familiar with the |
I will try to compile |
Ok I will close this, reopen if it turns out to be an issue with buildah. @etnbrd If you make your alpine versions available in public we will update the docs to point at them. |
When compiling runc, you have to use a BUILDTAG with "seccomp". |
It turns out the problem seems to come from the PKGBUILD (the distro-specific file used to build runc and install it into my system).
I will now investigate the problem in the PKGBUILD, and report it to its maintainer. Thanks a lot for your help :) |
@rhatdan, I believe that you meant the Arch package, when you said 'your alpine version' :) |
Yes, I confused another Issue which was looking at Alpine and wrote the message here. Bottom line we are thrilled to see people attempting to use some of these tools on different Linux versions, then we manage. We would love to see buildah, CRI-O, Skopeo, Podman available on lots of Linux Variants and would love to link to where users of these distros could get packaged versions of our tools. |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #467 Approved by: baude
I get the same error on F28 with the latest updates installed,
Tried using compiled |
You potentially have a kernel without seccomp support. I don't know if there's an easy way to test this, though. |
If it's a standard Fedora kernel, it definitely would have support, though |
@mheon this issue has dreaded me for a while, I have to mostly compile these tools from source without seccomp support, any help would be appreciated. |
@frezbo Can you get a |
This could be a runc without seccomp support. |
If runc does not have seccomp support it will reject the seccomp file handed to it by buildah. |
Just pending a kernel update rebboot 😉 @rhatdan I tried compiling runc with and without seccomp and always see this. I even used the bundled runc from podman rpm |
Those certainly look like official Fedora packages, and they are definitely built with seccomp |
config provided but seccomp not supported is a runc error.
I think you are definitely using a runc without seccomp built in. |
@frezbo That message is only in |
@giuseppe #467 (comment) that would explain why plain runc works rootless |
I am not able to reproduce it using buildah-1.3-1 and runc-1.0.0-46 from Bodhi. Have you used these versions? |
I am using the rpm's. I could compile from source and check as the buildah version differs significanlty |
@giuseppe just build buildah from source:
|
another thing to check, how many subuids/subgids are available to your user? They are defined in the |
I hope this is not an issue:
|
or even better, what commit exactly are you using for the build? :-) |
@giuseppe I do have that commit:
and I'm at master on |
buildah has a nice feature to create an usernamespace and run a command in it. Could you try |
|
do you have a similar outputh with |
I could uninstall buildah and try, I prefer using compiled binaries in GOPATH |
it might be something wrong in the re-exec code in buildah, could you just move the compiled buildah in |
same sadly ⭕
|
oh it can be that the storage got corrupted from the previous broken version. Could you try to nuke the storage before the build? |
I've just spawned a new F28 droplet on Digital Ocean to try again on a clean system: this is all I've done:
|
I thought I ha removed that, yeh it worked. Thanks. So I assume the next set of upcoming rpms fix it. |
@giuseppe Thanks for all the help. Even the compiled runc works. |
great! @rhatdan I think we can close this issue |
ahh so builda does not cache stages, woudn't that slow the builds, I was thinking of benchmarking with |
@frezbo |
@frezbo Also if you want to default to buildah --layers. then set the environment variable. export BUILDAH_LAYERS=true And you will get it by default. |
hey i am also facing the same error? did you find anything on this issue? |
You quoted a comment about f28 which has been dead for a long time now. Perhaps better to file a new issue. |
Description
When running a command in a container, the process exits with the error :
I am not exactly sure it is a bug from buildah itself.
I guess I have to somehow enable seccomp, but I don't know how, and it seems to be already enabled :
So it might be an issue completely unrelated to seccomp altogether, but I lack the general knowledge to understand what is wrong, or where to look for clues.
Steps to reproduce the issue:
Output of
rpm -q buildah
orapt list buildah
:I'm running Arch, and used yaourt to install buildah from git using this PKGBUILD.
It builds
buildah
from the source of this repo, and as I installed it just now (to be sure it isn't an issue already fixed), the version referes to the very last commit (46c1a54) as of now.Output of
buildah version
:Output of
cat /etc/*release
:Output of
uname -a
:Output of
cat /etc/containers/storage.conf
:The text was updated successfully, but these errors were encountered: