0

当我尝试构建 docker 映像时,出现以下错误

OCI 运行时创建失败:container_linux.go:346:启动容器进程导致“seccomp:提供配置但不支持 seccomp”:未知

我在跑docker build -t cprates/lws_base:latest -f Dockerfile.base .

Dockerfile 是一个基本的 dockerfile,没有什么特别之处

FROM golang:1.12.7-buster

WORKDIR /lws

COPY go.mod .

RUN go mod download \
    && go get -u golang.org/x/lint/golint

我怀疑这在系统更新后开始发生,但不确定。我可以不使用默认的 seccomp 配置文件来运行容器--security-opt seccomp=unconfined。但docker build不收旗--security-opt

我已经按照官网的说明重新安装了 docker-ce 。

我正在使用根据文档支持的 Fedora 30:

uname -srom
Linux 5.5.10-100.fc30.x86_64 x86_64 GNU/Linux

码头工人版本

Client: Docker Engine - Community
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.12.17
 Git commit:        afacb8b7f0
 Built:             Wed Mar 11 01:26:25 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.8
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.17
  Git commit:       afacb8b7f0
  Built:            Wed Mar 11 01:25:01 2020
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc9+dev
  GitCommit:        2186cfa3cd52b8e00b1de76db7859cacdf7b1f94
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

码头工人信息

Client:
 Debug Mode: false

Server:
 Containers: 9
  Running: 0
  Paused: 0
  Stopped: 9
 Images: 5
 Server Version: 19.03.8
 Storage Driver: overlay2
  Backing Filesystem: <unknown>
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc version: 2186cfa3cd52b8e00b1de76db7859cacdf7b1f94
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.5.10-100.fc30.x86_64
 Operating System: Fedora 30 (Workstation Edition)
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.53GiB
 Name: taplop.taplopmain
 ID: HT7E:UK3I:IYBL:FO46:PHZS:AV7O:GYCY:3QUS:7I6H:PIS4:LBJZ:VRLH
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: true
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

关于可能是什么问题的任何线索?

4

1 回答 1

0

事实证明,containerd 选择了错误的 runC。前段时间我从 github 安装了 runC 并完全忘记了。如果您想知道是否有同样的问题,请运行以下命令以检查系统中有多少 runC 二进制文件

$ whereis runc
runc: /usr/bin/runc

这对我来说是正确的,使用 Fedora 30。

于 2020-04-17T16:28:04.930 回答