[pkg-go] Bug#1012030: (no subject)
Vicente Olivert Riera
vincent.olivert.riera at gmail.com
Tue May 31 00:37:18 BST 2022
Dear Reinhard Tartler,
I have tried what you suggested, and indeed, it does work. See:
$ # CHECK BOTH CRUN AND RUNC ARE INSTALLED
$ dpkg -s runc | grep -E '^Status'
Status: install ok installed
$dpkg -s crun | grep -E '^Status'
Status: install ok installed
$ # RUN COMMAND WITHOUT THE SUGGESTED WORKAROUND
$ podman run --runtime runc --rm -it debian date
Error: container_linux.go:367: starting container process caused: error
adding seccomp filter rule for syscall bdflush: permission denied: OCI
permission denied
$ # RUN COMMAND WITH THE SUGGESTED WORKAROUND
$ podman run --runtime runc --security-opt=seccomp=unconfined --rm -it
debian date
Mon May 30 23:33:32 UTC 2022
Thanks,
Vincent
On 31/05/2022 04:28, Reinhard Tartler wrote:
>
> I wonder whether this may be related to upstream report at
> https://github.com/containers/common/issues/631
> <https://github.com/containers/common/issues/631>
>
> It seems that in debian/bullseye, podman is only able to work in crun,
> since the version of runc we have in stable seems to have issues with
> seccomp. Can you please try the following for me with both crun and
> runc installed:
>
> root at pve:~# podman run --runtime runc --security-opt=seccomp=unconfined
> --rm -it debian date
> Mon May 30 19:18:05 UTC 2022
>
> That does appear to work at least on my system.
>
> This might indicate that this is actually a change that needs to go into
> golang-github-containers-common then...
>
> On Mon, May 30, 2022 at 9:15 AM Vicente Olivert Riera
> <vincent.olivert.riera at gmail.com
> <mailto:vincent.olivert.riera at gmail.com>> wrote:
>
> I've found the problem appears to be between podman and runc.
>
> I have runc installed in my system because I also use docker.io
> <http://docker.io>, and
> that package depends on it.
> runc is also a dependency of podman, so podman uses it. However, podman
> can also use crun. But, since runc was already installed, and podman
> can
> depend on either of them, crun was not installed as a dependecy.
>
> Now, if I manually install crun, podman works again and the error is
> gone. I think if podman finds that crun is installed, it will use it.
> Otherwise it will use runc as a fallback.
>
> Since both runc and crun packages can coexist in the system, I think a
> quick fix could be removing the runc dependency on podman, so it will
> always pull in crun as a dependency. At least until the root cause of
> this problem is found and fixed.
>
>
>
> --
> regards,
> Reinhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x5DE0950419F6E531.asc
Type: application/pgp-keys
Size: 3163 bytes
Desc: OpenPGP public key
URL: <http://alioth-lists.debian.net/pipermail/pkg-go-maintainers/attachments/20220531/322f47b4/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-go-maintainers/attachments/20220531/322f47b4/attachment-0001.sig>
More information about the Pkg-go-maintainers
mailing list