Control: reassign -1 runc 1.0.0~rc93+ds1 Shengjing, you are right (as always),
I can confirm that backporting this patch does fix this issue: https://salsa.debian.org/go-team/packages/runc/-/commit/1d73689985b29ec5b8477dbc6df8004aa09771d1 I'll upload to stable and request it to be unblocked shortly. On Tue, May 31, 2022 at 12:10 AM Shengjing Zhu <z...@debian.org> wrote: > On Tue, May 31, 2022 at 3:33 AM Reinhard Tartler <siret...@gmail.com> > wrote: > > > > > > I wonder whether this may be related to upstream report at > https://github.com/containers/common/issues/631 > > > > It seems that in debian/bullseye, podman is only able to work in crun, > since the version of runc we have in stable seems to have issues with > seccomp. Can you please try the following for me with both crun and runc > installed: > > > > root@pve:~# podman run --runtime runc > --security-opt=seccomp=unconfined --rm -it debian date > > Mon May 30 19:18:05 UTC 2022 > > > > That does appear to work at least on my system. > > > > This might indicate that this is actually a change that needs to go into > golang-github-containers-common then... > > > > If I read the issue correctly, it's because in the last stable update, > the defaultErrnoRet feature is backported. However runc doesn't > support it until v1.0.0-rc95(stable has rc93). I don't think runc will > get feature backports in stable. So probably only crun can be used by > podman now in stable. > > -- > Shengjing Zhu > -- regards, Reinhard
