search

osrf / rocker

A tool to run docker containers with overlays and convenient options for things like GUIs etc.
Apache License 2.0
567 stars 74 forks source link

Broken os_detect #255

Closed v-lopez closed 10 months ago

v-lopez commented 10 months ago

rocker --nvidia ubuntu

Fails with the following:

Active extensions ['nvidia']
Step 1/6 : FROM golang:1.19 as detector
 ---> 80b76a6c918c
Step 2/6 : RUN git clone -q https://github.com/dekobon/distro-detect.git &&     cd distro-detect &&     git checkout -q 5f5b9c724b9d9a117732d2a4292e6288905734e1 &&     CGO_ENABLED=0 go build .
 ---> Running in 5fb21cc661a4
fatal: unable to access 'https://github.com/dekobon/distro-detect.git/': getaddrinfo() thread failed to start

This seems to be caused by docker's security options, explained here: https://stackoverflow.com/questions/74959500/getaddrinfo-thread-failed-to-start-while-building-docker-image

The same problem can be reproduced with docker run golang:1.19 git clone -q https://github.com/dekobon/distro-detect.git

And can be worked around with docker run --security-opt seccomp=unconfined golang:1.19 git clone -q https://github.com/dekobon/distro-detect.git

Root cause seems to be this: https://github.com/actions/runner-images/issues/3812

And there's no workaround for docker build, as documented here: https://github.com/moby/moby/issues/34454

An option would be to use a different base image, with a different libc version. Tested golang:1.21 but still fails.

tfoote commented 10 months ago

Can you clarify what platform you're running on? I can't reproduce your issue.

The unit tests locally or here on github actions are passing. You can trigger the os detection logic directly using: detect_docker_image_os <IMAGE_NAME> too.

I made a new PR to check that things are working on GitHub Actions as well as testing locally on my machine. #256 Where I added basic CLI tests.

v-lopez commented 10 months ago

I thought the problem was more generalized, but it turns out it might be something related to my kernel. I'll try a different kernel, sorry about the noise.

On this system fails:

Ubuntu 20.04 kernel 5.15.49
Docker version 24.0.7, build afdd53b
CONFIG_SECCOMP=y (from kernel config)

On other systems runs fine:

Ubuntu 20.04 kernel 5.15.0-83-generic
Docker version 24.0.7, build afdd53b
CONFIG_SECCOMP=y
Ubuntu 20.04 kernel 5.13.0-40-generic
Docker version 24.0.5, build 24.0.5-0ubuntu1~20.04.1
CONFIG_SECCOMP=y
v-lopez commented 10 months ago

Somehow I had changed these seccomp settings half a year ago and forgot about it.

If anyone stumbles upon this, check your /etc/docker/daemon.json Thank you for your time.

tfoote commented 10 months ago

Thanks for the follow-up with the root cause. A small tweak like that to the system that long ago is easy to forget. Glad it's working for you now.