Docker 및 libseccomp

Question

나는 도커에 문제가 있습니다. 여기에 libsscomp 라이브러리의 자체 빌드 버전이있는 OpenSuse 13.2가 있습니다. 2 주 전 새 버전 2.3.1입니다. 물론

hostname:/usr/lib/docker # docker run hello-world 
Unable to find image 'hello-world:latest' locally 
latest: Pulling from library/hello-world 
78445dd45222: Pull complete 
Digest: sha256:c5515758d4c5e1e838e9cd307f6c6a0d620b5e07e6f927b07d05f6d12a1ac8d7 
Status: Downloaded newer image for hello-world:latest 
container_linux.go:247: starting container process caused "conditional filtering requires libseccomp version >= 2.2.1" 
docker: Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "conditional filtering requires libseccomp version >= 2.2.1". 
ERRO[0002] error getting events from daemon: net/http: request canceled 

내가 옵션 --security - 옵트의 기는 seccomp 사용할 수 있습니다 : 내가 어떤 고정 표시기 컨테이너를 실행하는거야, 나는 다음과 같은 오류 얻을 컨테이너를 시작할 때 일축를, 그러나 이것은 내 삶의 목적이 아니다.

# rpm -qa libseccomp 
libseccomp-2.3.1-1.x86_64 

고정 표시기 정보 :

Containers: 1 
Running: 0 
Paused: 0 
Stopped: 1 
Images: 1 
Server Version: 1.13.0 
Storage Driver: devicemapper 
Pool Name: docker-254:2-655361-pool 
Pool Blocksize: 65.54 kB 
Base Device Size: 10.74 GB 
Backing Filesystem: ext4 
Data file: /dev/loop0 
Metadata file: /dev/loop1 
Data Space Used: 307.2 MB 
Data Space Total: 107.4 GB 
Data Space Available: 20.64 GB 
Metadata Space Used: 806.9 kB 
Metadata Space Total: 2.147 GB 
Metadata Space Available: 2.147 GB 
Thin Pool Minimum Free Space: 10.74 GB 
Udev Sync Supported: true 
Deferred Removal Enabled: false 
Deferred Deletion Enabled: false 
Deferred Deleted Device Count: 0 
Data loop file: /var/lib/docker/devicemapper/devicemapper/data 
WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device. 
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata 
Library Version: 1.03.01 (2011-10-15) 
Logging Driver: json-file 
Cgroup Driver: cgroupfs 
Plugins: 
Volume: local 
Network: bridge host macvlan null overlay 
Swarm: inactive 
Runtimes: oci runc 
Default Runtime: runc 
Init Binary: docker-init 
containerd version: (expected: 03e5862ec0d8d3b3f750e19fca3ee367e13c090e) 
runc version: N/A (expected: 2f7393a47307a16f8cee44a37b262e8b81021e3e) 
init version: N/A (expected: 949e6facb77383876aeff8a6944dde66b3089574) 
Security Options: 
apparmor 
seccomp 
    Profile: default 
Kernel Version: 3.16.7-53-desktop 
Operating System: openSUSE 13.2 (Harlequin) (x86_64) 
OSType: linux 
Architecture: x86_64 
CPUs: 4 
Total Memory: 3.868 GiB 
Name: hostname 
ID: DCOH:JZMG:ZUTM:5MSB:DVAG:SQXS:Z36N:5OXU:GQII:YTMO:RWDA:HYBJ 
Docker Root Dir: /var/lib/docker 
Debug Mode (client): false 
Debug Mode (server): false 
Registry: https://index.docker.io/v1/ 
WARNING: No swap limit support 
WARNING: No kernel memory limit support 
Experimental: false 
Insecure Registries: 
127.0.0.0/8 
Live Restore Enabled: false 

Answer 1

문제가 runc있을 수 있습니다 보인다. 나는 현재 도약 42.1과 동일한 동일한 오류를 OPC Virtualization : containers repo의 도커 & runc으로 돌리고 있습니다. 최신 셋업 패키지가 업데이트 될 때까지 설정이 잘 돌아가고있었습니다. 에

i | runc | package | 0.1.1+gitr2942_2f7393a-33.2 | x86_64 | Virtualization:containers (openSUSE_Leap_42.1) 
i | docker | package | 1.13.0-182.1    | x86_64 | Virtualization:containers (openSUSE_Leap_42.1) 

문자열은/usr/sbin에/runc 쇼 :

strings /usr/sbin/runc | grep 2.2.1 
[..] 
conditional filtering requires libseccomp version >= 2.2.1 
[..] 

더 추락, 변경 로그를 보여줍니다 :

* Fri Feb 24 2017 
- update to docker-1.13.0 requirement 
* Mon Dec 19 2016 
- update runc to the version used in docker 1.12.5 (bsc#1016307). 

그리고 패키지의 소스 라인이와 Godeps/_workspace/src/github.com/seccomp/libseccomp-golang/seccomp_internal.go있다 299 :

return fmt.Errorf("conditional filtering requires libseccomp version >= 2.2.1") 

가 지금 공식 버그 리포트, 그리고처럼 보이는이 문제의 영향이 REPO 사용하는 몇 가지 다른 SUSE 자료 :

https://bugzilla.opensuse.org/show_bug.cgi?id=1028639