Description of problem: Docker in its default configuration in Fedora doesn't allow the recently introduced statx syscall. This breaks builds of software that uses qt5, which use this syscall. It's a known issue, discussed in: https://github.com/docker/for-linux/issues/208 https://github.com/moby/moby/pull/36417 I have created a test program to easily demonstrate the issue. Version-Release number of selected component (if applicable): How reproducible: Reliably Steps to Reproduce: Test in docker, which fails: 1. sudo docker pull vatral/statx-repro 2. sudo docker run -it vatral/statx-repro 3. git clone https://github.com/vatral/docker-statx-repro 4. cd docker-statx-repro 5. make 6. ./statx Test outside docker, which works: 1. git clone https://github.com/vatral/docker-statx-repro 2. cd docker-statx-repro 3. make 4. ./statx Actual results: Program fails with "statx failed: Operation not permitted" Expected results: Program should succeed with "File's owner is 1000" Additional info:
Could you check this against Podman to see if podman supports the sycall?
Works under podman. $ podman run -it fedora sh sh-4.4# dnf install -y gcc make git sh-4.4# git clone https://github.com/vatral/docker-statx-repro sh-4.4# cd docker-statx-repro/ sh-4.4# make cc -Wall -c -o statx.o statx.c cc statx.o -o statx sh-4.4# ./statx Creating testfile File's owner is 0
I thought so. I will see about getting a back port into Docker, but Docker is going away in Fedora 31. You can use Podman or moby-engine as an alternative. (I would prefer podman) :^)
BTW, I believe you can simply # cp /usr/share/containers/seccomp.json /etc/docker/seccomp.json And it should fix the issue you are seeing.
Huh, I actually didn't know about Podman. Thanks, that looks good. I did succeed in working around the issue since as you say the configuration can be changed. But I intend to distribute a container that will build a qt app to other people, so it's rather inconvenient to have to tell them they need to make manual changes on their systems.
This message is a reminder that Fedora 30 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 30 on 2020-05-26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '30'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 30 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 30 changed to end-of-life (EOL) status on 2020-05-26. Fedora 30 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.