On Tue, May 31, 2022 at 3:33 AM Reinhard Tartler <siret...@gmail.com> wrote: > > > I wonder whether this may be related to upstream report at > https://github.com/containers/common/issues/631 > > It seems that in debian/bullseye, podman is only able to work in crun, since > the version of runc we have in stable seems to have issues with seccomp. Can > you please try the following for me with both crun and runc installed: > > root@pve:~# podman run --runtime runc --security-opt=seccomp=unconfined > --rm -it debian date > Mon May 30 19:18:05 UTC 2022 > > That does appear to work at least on my system. > > This might indicate that this is actually a change that needs to go into > golang-github-containers-common then... >
If I read the issue correctly, it's because in the last stable update, the defaultErrnoRet feature is backported. However runc doesn't support it until v1.0.0-rc95(stable has rc93). I don't think runc will get feature backports in stable. So probably only crun can be used by podman now in stable. -- Shengjing Zhu
