This error can happen running any image with kernel between 5.1 and 5.3.15, 5.4.2, or 5.5. This happens because root runs with more strict RLIMIT_MEMLOCK limit. Go 1.14 attempts to mlock thread stacks to workaround a Linux kernel bug, trips over the limit, and dies. You'll find messages like these in the gofer log:
runtime: mlock of signal stack failed: 12
runtime: increase the mlock limit (ulimit -l) or
runtime: update your kernel to 5.3.15+, 5.4.2+, or 5.5+
fatal error: mlock failed
To workaround it, add the following line to the [Service] section in /lib/systemd/system/containerd.service:
Then run: systemctl daemon-reload && systemctl restart containerd
This error can happen running any image with kernel between 5.1 and 5.3.15, 5.4.2, or 5.5. This happens because root runs with more strict
RLIMIT_MEMLOCKlimit. Go 1.14 attempts to mlock thread stacks to workaround a Linux kernel bug, trips over the limit, and dies. You'll find messages like these in the gofer log:To workaround it, add the following line to the
[Service]section in/lib/systemd/system/containerd.service:Then run:
systemctl daemon-reload && systemctl restart containerd