evgeniagusakova
commented
1 year ago have the same issue
Closed sirmax123 closed 8 months ago
evgeniagusakova
commented
1 year ago have the same issue
yosifkit
commented
1 year ago I am unable to reproduce. I'd suggest updating docker and libseccomp on the host. Newer base OS's use newer system calls and an older libseccomp can block them since they are unknown to it. You can verify that it is libseccomp by running the bookworm image with --security-opt seccomp=unconfined.
This is similar to the update to Ubuntu focal: https://github.com/docker-library/mongo/issues/606#issuecomment-1424965831
Same as https://github.com/docker-library/python/issues/837#issuecomment-1593437629
Related: https://github.com/docker-library/postgres/issues/1099
Chaoste
commented
1 year ago It also breaks all our services when booting postgres:13 within our CircleCI pipelines. We're able to hotfix it for the moment by setting the image to postgres:13-bullseye. The logs didn't tell us anything about the reason behind it. One service was crashing right away with exit code 2, and the other one timed out after 10 minutes.
fallenreaper
commented
1 year ago Confirmed with @Chaoste , I am trying to build AMD64 version of postgres:13. I tested with 13+ and bullseye/bookworm. Does not like the update command. I also updated my Docker for Desktop on my Mac to see if that fixed things, but it did not.
ColinChartier
commented
1 year ago Also running into this issue on ubuntu 18, docker 23.05-1. Dmesg says:
bash[6496]: segfault at 56473bc14000 ip 00007fb59281fb97 sp 00007fff8864a568 error 6 in libc.so.6[7fb5926f3000+155000]
[ 676.608738] Code: 00 00 c5 7d e7 8f 20 20 00 00 c5 7d e7 97 40 20 00 00 c5 7d e7 9f 60 20 00 00 c5 7d e7 a7 00 30 00 00 c5 7d e7 af 20 30 00 00 <c5> 7d e7 b7 40 30 00 00 c5 7d e7 bf 60 30 00 00 48 83 ef 80 ff c9so it's bash that's segfaulting before the process even hits postgres
yosifkit
commented
1 year ago (basically the same comment as https://github.com/docker-library/redis/issues/365#issuecomment-1599633849 and https://github.com/docker-library/python/issues/837#issuecomment-1599640563)
Root cause: it is very likely Docker with libseccomp so a newer syscall used in Debian Bookworm packages/libs is being blocked.
libseccomp lets you configure allowed syscalls for a process. Docker sets a default seccomp profile for all containers such that only certain syscalls are allowed and everything else is blocked (so, newer syscalls that are not yet known to libseccomp or docker are blocked).
libseccomp by running the Bookworm-based image with --security-opt seccomp=unconfined
libseccomp and docker on the host running the containers*bullseye images (in the postgres images, these will continue to be maintained/updated until the respective PostgreSQL end of life or the next Debian release, Debian Trixie)
DCCInterstellar
commented
1 year ago I was referred from https://github.com/docker-library/postgres/issues/1015 to this issue regarding an error involving around "pg_stat_tmp/global.stat": Permission Denied" error.
Is anyone having this issue? I've changed permissions multiple times for the file but it doesn't work unless I manually restart postgres14 then it works temporarily.
tianon
commented
8 months ago 
jhuguetn
commented
2 months ago Regarding the fix proposed above by @yosifkit,
update libseccomp and docker on the host running the containers
Are there any specific versions to which both Docker and libseccomp should be updated to?
tianon
commented
2 months ago Maybe https://github.com/docker-library/official-images/issues/16829 is helpful? At the very least, one of Docker 26.0.0, 25.0.3, 24.0.10, and 23.0.10, and likely libseccomp2 version 2.5.5+ (or the recently-Debian-backported 2.5.4-1+deb12u1; https://github.com/docker-library/official-images/issues/16830#issuecomment-2204093314).
Updated docker image with tag
postgres:14is brokenSteps to reproduce:
docker buildcommand:Workaround:
Replace
FROM postgres:14withFROM postgres:14-bullseye(not possible to fix in my upstream repo, so I have to usesedin the build pipeline to do the fix on-the-fly)