Closed manuasir closed 7 months ago
The same problem on php:8.1-fpm
I'm not able to reproduce, can you please provide a bit more information about what you're doing?
Hello @tianon ,
Thanks for the reply. I'm just trying to build a Dockerfile in CircleCI. The process crashes when executing the RUN I attached before. It always was fine until today without any changes on our side. I'll be happy to provide any information that you might need.
As a workaround, you can update your Dockerfile
to be FROM php:8.2-fpm-bullseye
(which is probably a good idea anyways so that you're controlling when those Debian updates apply to your images).
It sounds like this is probably seccomp issues and you'll need to make sure your host's libseccomp, runc, and Docker are of a sufficiently recent version (I believe that's something like 2.5.1 on libseccomp and 20.10.10+ on Docker).
In my case, I run a docker build from GitLab-runner. Gitlab-runner and a docker in a host machine have the latest version. As a Hotfix, I had to change the image in my Dockerfile to php:8.1.19-fpm instead of php:8.1-fpm(php:8.1.20-fpm). Locally, I couldn't reproduce this problem.
same as @vdt-mik here
The error is coming from apt update
. The GPG keys in the docker image seem to be expired. Not sure how to resolve. For now, will pin on bullseye
Same answer as https://github.com/docker-library/python/issues/837#issuecomment-1593437629:
I am unable to reproduce. I'd suggest updating docker and libseccomp on the host. Newer base OS's use newer system calls and an older libseccomp can block them since they are unknown to it. You can verify that it is libseccomp by running the bookworm image with
--security-opt seccomp=unconfined
.
I think @tianon and @yosifkit are on the right track. I can't replicate on libseccomp 2.5.1 and Docker 20.10.21.
I was able to replicate in CI job which was running in docker:19.03.12
and docker:19.03.12-dind
. Upgrading the job to 20.10.21
fixed the issue.
I met same problem in 8.3 bookworm fpm.
I'd suggest updating docker and libseccomp on the host. Newer base OS's use newer system calls and an older libseccomp can block them since they are unknown to it. You can verify that it is libseccomp by running the bookworm image with
--security-opt seccomp=unconfined
.
I'm facing these errors after the today's retag:
In this step