当我尝试构建docker映像时,我得到以下错误
OCI运行时创建失败:container_linux.go:346:启动容器进程导致"提供了seccomp:config,但不支持seccomp":未知
我正在运行docker build -t cprates/lws_base:latest -f Dockerfile.base .
Dockerfile是一个基本的Dockerfile,没有什么特别的
FROM golang:1.12.7-buster
WORKDIR /lws
COPY go.mod .
RUN go mod download
&& go get -u golang.org/x/lint/golint
我怀疑这是在系统更新后开始的,但不确定。我可以通过不使用--security-opt seccomp=unconfined的默认seccomp配置文件来运行容器。但是docker build不接受标志--security-opt。
我已经按照官方网站上的说明重新安装了docker ce。
我正在使用Fedora 30,根据文档,它是受支持的:
uname -srom
Linux 5.5.10-100.fc30.x86_64 x86_64 GNU/Linux
Docker版本
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:26:25 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:25:01 2020
OS/Arch: linux/amd64
Experimental: true
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc9+dev
GitCommit: 2186cfa3cd52b8e00b1de76db7859cacdf7b1f94
docker-init:
Version: 0.18.0
GitCommit: fec3683
Docker信息
Client:
Debug Mode: false
Server:
Containers: 9
Running: 0
Paused: 0
Stopped: 9
Images: 5
Server Version: 19.03.8
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: 2186cfa3cd52b8e00b1de76db7859cacdf7b1f94
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 5.5.10-100.fc30.x86_64
Operating System: Fedora 30 (Workstation Edition)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.53GiB
Name: taplop.taplopmain
ID: HT7E:UK3I:IYBL:FO46:PHZS:AV7O:GYCY:3QUS:7I6H:PIS4:LBJZ:VRLH
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
有什么线索表明问题出在哪里吗?
事实证明containerd获取了错误的runC。前段时间,我从github安装了runC,但完全忘记了。若你们想知道你们是否有同样的问题,运行以下命令来检查你们的系统中有多少runC二进制文件
$ whereis runc
runc: /usr/bin/runc
这对我来说是正确的,使用Fedora 30。