Closed J0WI closed 9 months ago
tianon
commented
9 months ago I tried a bunch of combinations and no matter what I do, my Bookworm-based container is failing to run virtiofsd (and thus failing to run the VM / DD) :sob:
The really weird thing is that it's failing with SIGSYS (bad system call). :thinking:
J0WI
commented
9 months ago There are newer versions of virtiofsd available but I couldn't the sources of Docker Desktop to check what version it requires.
tianon
commented
9 months ago I think I could technically read the code, but I actually wrote this whole Dockerfile before I could've, and still try hard not to (especially so I don't accidentally cross a line here).
That being said, I do check the version before/after to ensure I package the same version they're using:
I think DD has code that will use a virtiofsd that comes with QEMU (which is why I added that bit which diverts that binary too slightly further down), but I don't know how far they go on compatibility, or even frankly what's going wrong to understand how/why/what might fix it. :sob:
tianon
commented
7 months ago I just tried this again with the latest 4.29.0 and it's somehow worse now? :sob:
Even with --security-opt seccomp=unconfined --security-opt apparmor=unconfined I'm getting EPERM just running com.docker.backend now: :sob:
$ strace -ff com.docker.backend --with-frontend
execve("/opt/docker-desktop/bin/com.docker.backend", ["com.docker.backend", "--with-frontend"], 0x7fff649242c0 /* 13 vars */) = -1 EPERM (Operation not permitted)
strace: exec: Operation not permitted
+++ exited with 1 +++Good news -- I don't know what fixed it, but it seems to be working now! https://github.com/tianon/dockerfiles/commit/5edaaef25609579d7d7f4728aa5a544069de271b
I'm going to bring this in for now because it is good and correct, even if it doesn't completely solve your goal -- I'll play with it a bit more post-merge and see if I can get it up to bookworm successfully. :heart: