New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RHEL 7 installation regression on 1.5.7: runc: symbol lookup error: runc: undefined symbol: seccomp_api_get #6209
Comments
Opened new issue since it's unrelated to original post: Note that containerd 1.4.11 does work from the tar install |
this is also occuring in 1.5.8 for RHEL 7 |
The release tars are dynamically linked and built against Ubuntu 18.04. |
wave.. Lib libseccomp 2.4 added seccomp_api_get. suggested resolution, move up version of libseccomp > 2.4 to provide seccomp_api_get used by runc |
We are starting to see this issue in the kOps periodic tests for Debian 10 too. Did not have time to dig deeper, but I assume there is some new package update for libseccomp. |
IIRC, CentOS 7 and RHEL 7 don't have that version yet; see docker/containerd-packaging#112 ((perhaps they did add it later though) That said; if I'm not mistaken; when compiling against the older version, the new API isn't used, and it's possible to run it on a system that has a newer libseccomp installed (but I don't know if this has other consequences) |
Oh I see Ubuntu has added seccomp 2.5, which is possibly what we are compiling against (almost certainly on HEAD). |
So it seems to me there is a regression: @mikebrow @thaJeztah just to confirm because it seems like that issue has no movement is there a planned course of action to get containerd working with RHEL 7 or is the community saying they are dropping support for it? |
This should fix it: #6447 I would personally advise people to use binaries targeted at their distro, though. |
So it looks like that issue was closed @cpuguy83 and not merged: My larger point here is it seems like there's suggestions but no official statement on how to install containerd on an operating system like RHEL 7: We cannot use our own runc as the one included in the release tarball overwrites it....... Are we now going to move to another tarball that doesn't include runc? |
I do think we need some kind of path for RHEL 7 going forward: it would be a problem from an IBM perspective at least if that support just got dropped without notification. We need to stay on current releases for security reasons and right now we are stuck at 1.4 |
Has the 1.1.1 release resolved this issue? ~]# yum info libseccomp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.bupt.edu.cn
* extras: mirrors.bupt.edu.cn
* updates: mirrors.huaweicloud.com
Installed Packages
Name : libseccomp
Arch : x86_64
Version : 2.3.1
Release : 4.el7
Size : 297 k
Repo : installed
From repo : base
Summary : Enhanced seccomp library
URL : https://github.com/seccomp/libseccomp
License : LGPLv2
Description : The libseccomp library provides an easy to use interface to the Linux Kernel's
: syscall filtering mechanism, seccomp. The libseccomp API allows an application
: to specify which syscalls, and optionally which syscall arguments, the
: application is allowed to execute, all of which are enforced by the Linux
: Kernel.
Available Packages
Name : libseccomp
Arch : i686
Version : 2.3.1
Release : 4.el7
Size : 53 k
Repo : base/7/x86_64
Summary : Enhanced seccomp library
URL : https://github.com/seccomp/libseccomp
License : LGPLv2
Description : The libseccomp library provides an easy to use interface to the Linux Kernel's
: syscall filtering mechanism, seccomp. The libseccomp API allows an application
: to specify which syscalls, and optionally which syscall arguments, the
: application is allowed to execute, all of which are enforced by the Linux
: Kernel.
~]# ./runc.amd64 -v
runc version 1.1.1
commit: v1.1.0-20-g52de29d7
spec: 1.0.2-dev
go: go1.17.6
libseccomp: 2.5.3
~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core) |
runc should be now installed separately from https://github.com/opencontainers/runc/releases |
When trying to install containerd using the published
linux
tars on RHEL 7 we get the following errorhttps://github.com/containerd/containerd/releases/tag/v1.5.7
It has libseccomp-dev installed.
What is the recommended and supported way to install containerd on RHEL 7? Not this dependency was not in existance on the previous containerd 1.5 release
The text was updated successfully, but these errors were encountered: