1

When I try to build a docker image I get the following error

OCI runtime create failed: container_linux.go:346: starting container process caused "seccomp: config provided but seccomp not supported": unknown

I'm running docker build -t cprates/lws_base:latest -f Dockerfile.base .

The Dockerfile is a basic dockerfile with nothing special to it

FROM golang:1.12.7-buster

WORKDIR /lws

COPY go.mod .

RUN go mod download \
    && go get -u golang.org/x/lint/golint

I suspect that this started happening after a system update, but not sure. I can run a container by not using the default seccomp profile with --security-opt seccomp=unconfined. But docker build does not accept the flag --security-opt.

I already re-installed docker-ce following the instructions in the official website.

I'm using Fedora 30 which according to the docs is supported:

uname -srom
Linux 5.5.10-100.fc30.x86_64 x86_64 GNU/Linux

Docker version

Client: Docker Engine - Community
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.12.17
 Git commit:        afacb8b7f0
 Built:             Wed Mar 11 01:26:25 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.8
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.17
  Git commit:       afacb8b7f0
  Built:            Wed Mar 11 01:25:01 2020
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc9+dev
  GitCommit:        2186cfa3cd52b8e00b1de76db7859cacdf7b1f94
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Docker info

Client:
 Debug Mode: false

Server:
 Containers: 9
  Running: 0
  Paused: 0
  Stopped: 9
 Images: 5
 Server Version: 19.03.8
 Storage Driver: overlay2
  Backing Filesystem: <unknown>
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc version: 2186cfa3cd52b8e00b1de76db7859cacdf7b1f94
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.5.10-100.fc30.x86_64
 Operating System: Fedora 30 (Workstation Edition)
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.53GiB
 Name: taplop.taplopmain
 ID: HT7E:UK3I:IYBL:FO46:PHZS:AV7O:GYCY:3QUS:7I6H:PIS4:LBJZ:VRLH
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: true
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Any clue on what could be the problem?

cpr4t3s
  • 1,345
  • 1
  • 11
  • 15

1 Answers1

1

It turns out that containerd was picking up the wrong runC. Some time ago I installed runC from github and completely forgot. If you're wondering if you have the same problem, run to following command to check how many runC binaries you have in your system

$ whereis runc
runc: /usr/bin/runc

This is the correct one for me, using Fedora 30.

cpr4t3s
  • 1,345
  • 1
  • 11
  • 15