-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2.24.2 docker image not working in rootless mode on Ubuntu 22.04 host #220
Comments
Could you share your docker-compose file, and hopefully we'll be able to reproduce the error? |
Sorry, sure. I did try looking into the actual reason (which could be Qt libs or seccomp problems) but didn't manage to find anything. The host is fully updated, on kernel 5.15.0-88 and uses cgroup2.
(other containers removed) |
2.24.1 unfortunately did not work for me. I have not tested 2.24. I went back to 2.23.2. |
@matthias-burgfried same issue as @troed ? If it is a different one please open a new issue. |
@phdelodder: yes, same issue. |
When adding |
Unfortunately it will be difficult for me to test that since it's not rootless anymore if adding that privilege. It risks messing up the installation, sorry. |
@troed it seems to be a issue with permissions https://www.reddit.com/r/docker/comments/vc1rkn/problem_with_threads_in_container/ |
You could checkout https://docs.docker.com/engine/security/seccomp/ and docker-library/golang#467 (comment) as it seems to be related to your issue. |
Alright, I'll look into using a seccomp profile. Any hint as to what has changed from 2.24.0 to 2.24.2 that could trip one of the permissions listed on the seccomp page? |
Upgraded the Debian base image to the latest |
Confirmed - changing to unconfined seccomp makes 2.24.2 start here. I might try to figure out exactly which permission is needed instead of just running unconfined.
|
I found anything newer than image ID 38c2213ae52e (2.24.1) made the container startup "freezing"; i.e. perpetually listed in "health: starting"-status for docker, with the "QThread::start: Thread creation error (Operation not permitted)" error as the last entry in the log. Even the current 2.24.1 tag has the same problem. The 2.24.0 tag works fine. What changed after the 38c2213ae52e image ID to make this break? What is the recommended fix (or workaround), besides using the "unconfined" seccomp option as described above? |
Bump... or, is the conclusion that only setting the seccomp option to "unconfined" will make this work? |
@bhsolberg introduced NON_ROOT env option, could see if it's fixed? |
Will close this issue in a couple of days due to it going stale |
Downgrading to 2.24.0 works fine. I did not test 2.24.1
The issue presents as the following in the log:
The text was updated successfully, but these errors were encountered: