-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] rootless seccomp warnings during the build steps #42154
Comments
Node kernel version: 5.4.91-41.139.amzn2.x86_64 Seccomp enabled on the node: |
Is the containerised docker a static build, or installed from a .deb or .rpm package? If it's a static build, it could possibly be related to / addressed by #42054. Where are the messages appearing? Is that in the daemon logs, the output of the Overall, I think these messages should be safe to ignore; they're likely related to a chicken-and-egg situation where our seccomp profile includes syscalls in the "allow" list, but either libseccomp (and/or the kernel) or the OCI runtime does not yet support those calls, and therefore produces the informational message. |
oh; I see you're not running with the default OCI runtime (runc), but with crun instead (based on the version output |
Hi @thaJeztah Thanks for your reply
I am using kubernetes, so the DIND rootless container running in Kubernetes POD, am not sure if this can be an issue. |
Were you still running into that issue with docker 20.10.4 and up? (I know we updated to runc v1.0.0-rc93 in those versions, so mostly curious if that version of runc resolved the issue)
Actually, I see you're running kernel 5.4, and if I'm not mistaken, |
I tried with Kubernetes host is using docker v19.3.13. regarding the kernel, ok but what about the other syscalls e.g. |
close_range requires kernel 5.9. |
I have upgraded crun to the latest version and now messages are gone. Thanks a lot @thaJeztah and @AkihiroSuda. This can be closed. |
Good to hear 👍 |
Description
I am using Dind Rootless setup and during the docker build process showing the following warnings and I am not sure if it has any bad impact or a way to fix it
Is it sth can be ignored, and if yes is there any way to disable this kind of warnings?
Thanks in advance for help!
Steps to reproduce the issue:
run docker build in rootless Dind setup
Describe the results you received:
docker build succeeded but with unknown syscomp calls
Output of
docker version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.):
Running on kubernetes EKS version 1.19.6
The text was updated successfully, but these errors were encountered: