search

lockc-project / lockc

Making containers more secure with eBPF and Linux Security Modules (LSM)
https://lockc-project.github.io/
Apache License 2.0
218 stars 19 forks source link

runc: symbol lookup error: runc: undefined symbol: seccomp_notify_respond #178

Closed mjura closed 2 years ago

mjura commented 2 years ago

After containerd upgrade in upstream to v1.6.0 runc doesn't work

mj-k8s-master0:~ # runc
runc: symbol lookup error: runc: undefined symbol: seccomp_notify_respond
mjura commented 2 years ago

Issue was reported in upstream https://github.com/containerd/containerd/issues/6576

mjura commented 2 years ago

I have got answer from upstream

https://github.com/containerd/containerd/blob/main/releases/v1.6.0.toml#L64-L76

containerd/CNI/runc/critools tar bundle

The tar bundles released as cri-containerd-*.tar.gz contain a build of runc linked with a newer version of libseccomp. This dynamically-linked build of runc was built on Ubuntu 18.04 and will not work on some other distributions, such as RHEL 7 and Debian 10. Users of such distributions may get a statically-linked runc binary from https://github.com/opencontainers/runc/releases or build runc for their own environment.

Deprecation These tar bundles are now deprecated and will be removed or replaced in containerd 2.0. Projects relying on these tar bundles should use the containerd-*.tar.gz bundles or work with the containerd community on a suitable replacement in containerd 2.0.