[pkg-go] Bug#995777: podman: Cannot (effectively) use containers with glibc 2.33.9000 or newer

Reinhard Tartler siretart at gmail.com
Sat Oct 9 23:14:36 BST 2021

Control: fixed -1 3.3.1+ds2-1
Control: tags -1 bullseye

Thank you for your bugreport.

On Tue, Oct 5, 2021 at 10:51 AM Will Thompson <wjt at endlessos.org> wrote:

> Package: podman
> Version: 3.0.1+dfsg1-3+b2
> Severity: important
> podman embeds a default seccomp policy, which based on my research is
> identical to that used by docker. The policy embedded in the bullseye
> version of podman is buggy when used to run a container whose glibc is
> 2.33.9000 or newer, due to that version's use of the clone3 syscall. The
> lengthy commit message at
> https://github.com/moby/moby/commit/9f6b562dd12ef7b1f9e2f8e6f2ab6477790a6594
> explains the issue in considerable detail.

I believe this should be fixed with the changes I'm prepareing in the
context of #994451

Would you mind trying the packages at
https://people.debian.org/~siretart/bug.994451/ and let me know if they fix
this issue as well? I'm fairly confident that it does.

Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-go-maintainers/attachments/20211009/24967ddb/attachment.htm>

More information about the Pkg-go-maintainers mailing list