[Bug 1950071] [NEW] failed to create shim: OCI runtime create failed

Sat, 06 Nov 2021 23:45:52 -0700 

Public bug reported:

Starting a docker container using --runtime=nvidia is not working in
docker.io=20.10.7-0ubuntu5~20.04.1 but is working in
docker.io=20.10.7-0ubuntu1~20.04.2

The error message is:

docker: Error response from daemon: failed to create shim: OCI runtime
create failed: container_linux.go:380: starting container process
caused: error adding seccomp filter rule for syscall clone3: permission
denied: unknown.

Repro below.

# lsb_release -rd
Description:    Ubuntu 20.04.3 LTS
Release:        20.04

# apt-cache policy docker.io
docker.io:
  Installed: 20.10.7-0ubuntu1~20.04.2
  Candidate: 20.10.7-0ubuntu5~20.04.1
  Version table:
     20.10.7-0ubuntu5~20.04.1 500
        500 http://sg.archive.ubuntu.com/ubuntu focal-updates/universe amd64 
Packages
 *** 20.10.7-0ubuntu1~20.04.2 500
        500 http://sg.archive.ubuntu.com/ubuntu focal-security/universe amd64 
Packages
        100 /var/lib/dpkg/status
     19.03.8-0ubuntu1 500
        500 http://sg.archive.ubuntu.com/ubuntu focal/universe amd64 Packages

# dockerd --version
Docker version 20.10.7, build 20.10.7-0ubuntu5~20.04.1

# nvidia-docker run <args> ; echo $?
78cc8d1195126d9e40b087bc36e0608b7fd03a0722c50cb642a4df14699af566
docker: Error response from daemon: failed to create shim: OCI runtime create 
failed: container_linux.go:380: starting container process caused: error adding 
seccomp filter rule for syscall clone3: permission denied: unknown.
126

Rolling back to 20.10.7-0ubuntu1~20.04.2

# apt-get install docker.io=20.10.7-0ubuntu1~20.04.2
...
dpkg: warning: downgrading docker.io from 20.10.7-0ubuntu5~20.04.1 to 
20.10.7-0ubuntu1~20.04.2
...

# dockerd --version
Docker version 20.10.7, build 20.10.7-0ubuntu1~20.04.2

# nvidia-docker run <args> ; echo $?
9fe14058162a8bac4620f1046cf9b6c909d8c3dd03ded17158db524a957562be
0

** Affects: docker.io (Ubuntu)
     Importance: Undecided
         Status: New

** Bug watch added: github.com/containerd/containerd/issues #6203
   https://github.com/containerd/containerd/issues/6203

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950071

Title:
  failed to create shim: OCI runtime create failed

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1950071/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to