Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Running dotnet in Dockerfile fails with "lttng-ust-comm.c:1446: lttng_ust_init: Assertion `!ret' failed." #1582
When trying to create new docker image using dotnet command in Dockerfile, it fails with following error:
Steps to reproduce
Same problem with microsoft/dotnet:latest.
Step 4 : RUN dotnet new
The workaround @ppanyukov suggested is not working for me:
Step 4 : RUN dotnet -v 1>/dev/null 2>/dev/null
This was referenced
Feb 29, 2016
I do not believe this issue is specific to dotnet. You can reproduce the same behavior with the following Dockerfile
This appears to be a regression in docker between 1.9.1 and 1.10.2. It also appears Boot2Docker related as I cannot reproduce it in an Ubuntu environment.
A better workaround other than
I am following up with both Docker and LTTNG to get them to address this issue.
Just posting to confirm both workarounds; I reported rendlelabs/docknet-docker#1, let me know if there's more I can help with.
This change in behavior is a result of the new seccomp feature that was added to Docker in 1.10.
The default profile is restricting syscalls that LTTng is making which is causing the assert. LTTng acknowledged the assert behavior is wrong and will try to get a more specific error message. They are also going to identify which syscalls they make so that Docker users can create the appropriate profile to use with the library.
The seccomp feature is not enabled/supported on all platforms by default which is why some Docker users are not affected by this.
Until the syscalls made by LTTng are identified, another workaround would be to use the unconfined profile which I believe is equivalent to the pre 1.10 behavior. This obviously is just a workaround for now.
The syscall LTTng makes was identified - restart_syscall. (Ref http://lists.lttng.org/pipermail/lttng-dev/2016-March/025573.html) You can define a custom profile based on the default (https://github.com/docker/docker/blob/master/profiles/seccomp/default.json) and add this syscall instead of using unconfined.
Waiting to see if Docker and LTTng can come up with a solution that works out of the box.
Docker made a change (moby/moby#21117) to allow the restart_syscall by default. With the next release of Docker (1.11.0), this issue will be addressed and you will no longer encounter it with the default experience. Additionally a change (lttng/lttng-ust@8aadb54) was made to the LTTng library to provide a better error experience when this does occur so that users will be provided with more information on what happened rather than a failed assert.
Both the microsoft/dotnet and microsoft/dotnet-preview images were updated with a workaround so that users do not encounter this issue with the out of box experience. This allows customers to kick the tires and have a better initial experience with the dotnet images.
It is recommended that if you encounter this issue within your own Dockerfiles that you use one of the workarounds mentioned earlier in this thread (change the seccomp profile you are running with or set the LTTNG_UST_REGISTER_TIMEOUT variable accordingly) or update your Docker to 1.11.0 once it is released.