Closed smondet closed 1 year ago
Looks like Docker's default security policy blocks it. I guess we'll need to add a work-around for this.
What version of docker is that, @smondet?
It's what apt
gives me in the default Ubuntu 22.04 LTS image in EC2's “click yes almost everywhere” console :)
$ docker --version
Docker version 20.10.21, build 20.10.21-0ubuntu1~22.04.3
It looks like Docker's "fix" for clone3
support (in https://github.com/moby/moby/pull/42836/files) was actually just changing the return value from EPERM
to ENOSYS
.
https://github.com/moby/moby/pull/42681#issuecomment-916325271 explains the reasoning behind this decision more. I guess we also need to fallback to clone
, but consider what usecases are only possible with clone3
in order to consider a future case to opening up the 'docker syscall firewall'.
It's a case of “it works on my laptop but fails in the CI (AWS + Docker)” ;)
In the container all calls fail with:
This is the host's info:
If I replace
Eio_main
withEio_posix
it seems to work.