Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
The workaround is to use the scratch build available from comment #8 above (make sure to download it, as it goes away after some time.
The solution is to switch to OCP4.
The backport is very hard to do (I spent a few hours trying and got nowhere).
As the workaround is available, and it's impossible to have a backport, closing as WONTFIX.
Comment 11Vratislav Podzimek
2021-06-25 12:15:27 UTC
> The workaround is to use the scratch build available from comment #8 above (make sure to download it, as it goes away after some time.
Could you please share the workaround publicly? I cannot see comment #8 (marked as private, I guess).
> The solution is to switch to OCP4.
Please keep in mind people are using containers on RHEL 7 without OCP or even k8s.
> Could you please share the workaround publicly?
The suggested workaround is to disable docker seccomp.
Isn't docker seccomp configurable without patching it? I think the config file is in `/etc`.
> Could you please share the workaround publicly? I cannot see comment #8 (marked as private, I guess).
It was an internal build of the same docker version with seccomp support disabled.
In your case, I think, the best way is to either self-compile a fixed runc version
(1.0.0 is recommended, although you can use 1.0.0-rc93 or any later version), or
use a prebuilt static binary from https://github.com/opencontainers/runc/releases
(look for runc.amd64 file under "Assets"; again, version 1.0.0 is recommended),
AND making sure docker is using your version of runc.
Comment 14Vratislav Podzimek
2021-07-14 08:39:58 UTC
Please keep in mind this affects not only docker but also podman and buildah. But do I understand it correctly that they all use runc these days and so newer runc will just fix the issue for all of them? Will it be compatible with the older versions of the tools?
Upgrading runc for the version of Docker on RHEL 7 was not possible. Unless Kir corrects me, that's the only tool that can not handle the updated runc that has been put into play that contains the fix. The newer runc does fix the issue in other projects.
Comment 16Red Hat Bugzilla
2023-09-15 01:06:43 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days