[pkg-go] Bug#995777: podman: Cannot (effectively) use containers with glibc 2.33.9000 or newer
Will Thompson
wjt at endlessos.org
Mon Oct 11 11:01:00 BST 2021
Yes, after installing podman_3.0.1+dfsg1-4_amd64.deb and
golang-github-containers-common_0.33.4+ds1-2_all.deb from that page, the
Fedora 35 examples work as expected.
– Will
On Sat, 9 Oct 2021 at 23:14, Reinhard Tartler <siretart at gmail.com> wrote:
> Control: fixed -1 3.3.1+ds2-1
> Control: tags -1 bullseye
>
> Thank you for your bugreport.
>
> On Tue, Oct 5, 2021 at 10:51 AM Will Thompson <wjt at endlessos.org> wrote:
>
>> Package: podman
>> Version: 3.0.1+dfsg1-3+b2
>> Severity: important
>>
>> podman embeds a default seccomp policy, which based on my research is
>> identical to that used by docker. The policy embedded in the bullseye
>> version of podman is buggy when used to run a container whose glibc is
>> 2.33.9000 or newer, due to that version's use of the clone3 syscall. The
>> lengthy commit message at
>>
>> https://github.com/moby/moby/commit/9f6b562dd12ef7b1f9e2f8e6f2ab6477790a6594
>> explains the issue in considerable detail.
>>
>
> I believe this should be fixed with the changes I'm prepareing in the
> context of #994451
>
> Would you mind trying the packages at
> https://people.debian.org/~siretart/bug.994451/ and let me know if they
> fix this issue as well? I'm fairly confident that it does.
>
> Thank you.
>
>
> --
> regards,
> Reinhard
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-go-maintainers/attachments/20211011/e0068191/attachment.htm>
More information about the Pkg-go-maintainers
mailing list