containerd-1.3.5: undefined symbol: seccomp_api_set
Description
Containerd switched to GitHub Actions for releases between release 1.3.4 and 1.3.5. https://github.com/containerd/containerd/pull/4280
GitHub Actions uses ubuntu:18.04 base images, which provide libseccompdev-2.4.3-1ubuntu3.18.04.2 source
Per https://github.com/containerd/containerd/issues/4008 , libseccomp > 2.4 introduced seccomp_api_set, so binaries compiled against this version won't work with older versions.
This impacts releases that switch to GitHub Actions (e.g. 1.3.5).
This behaviour was considered a bug and patched on 1.2.x with https://github.com/containerd/containerd/pull/4015
Steps to reproduce the issue:
1.
$ docker run --rm debian:buster sh -c '(apt-get update && apt-get -y install curl && curl -L -o /tmp/ctr.tgz https://github.com/containerd/containerd/releases/download/v1.3.5/containerd-1.3.5-linux-amd64.tar.gz && tar xvvzf /tmp/ctr.tgz) >/dev/null && bin/containerd --version'
Describe the results you received:
bin/containerd: symbol lookup error: bin/containerd: undefined symbol: seccomp_api_set
Describe the results you expected:
$ docker run --rm debian:buster sh -c '(apt-get update && apt-get -y install curl && curl -L -o /tmp/ctr.tgz https://github.com/containerd/containerd/releases/download/v1.3.3/containerd-1.3.3.linux-amd64.tar.gz && tar xvvzf /tmp/ctr.tgz) >/dev/null && bin/containerd --version'
containerd github.com/containerd/containerd v1.3.3 d76c121f76a5fc8a462dc64594aea72fe18e1178
$ docker run --rm debian:buster sh -c '(apt-get update && apt-get -y install curl && curl -L -o /tmp/ctr.tgz https://github.com/containerd/containerd/releases/download/v1.3.4/containerd-1.3.4.linux-amd64.tar.gz && tar xvvzf /tmp/ctr.tgz) >/dev/null && bin/containerd --version'
containerd github.com/containerd/containerd v1.3.4 814b7956fafc7a0980ea07e950f983d0837e5578
Output of containerd --version:
bin/containerd: symbol lookup error: bin/containerd: undefined symbol: seccomp_api_set
Any other relevant information:
This maybe a WONTFIX - we can compile ourselves.
It could be resolved by building binaries in Docker instead of on the Actions VM. It might be easier to pin 2.3 there.
$ docker run --rm golang:1.14 sh -c '(apt-get update && apt-cache showpkg libseccomp-dev) | grep -A1 Versions'
Versions:
2.3.3-4 (/var/lib/apt/lists/deb.debian.org_debian_dists_buster_main_binary-amd64_Packages.lz4)
thepwagner
All 4 comments
Thanks for the report. This is being dealt with in #4352
Likely there will be a 1.3.6 release with the fixed binaries.
cpuguy83
on 29 Jun 2020
Verified with #4352 that the example debian:buster can run the binary:
debconf: delaying package configuration, since apt-utils is not installed
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 648 100 648 0 0 2817 0 --:--:-- --:--:-- --:--:-- 2817
100 38.1M 100 38.1M 0 0 9.8M 0 0:00:03 0:00:03 --:--:-- 12.5M
containerd github.com/containerd/containerd v1.3.5 9b6f3ec0307a825c38617b93ad55162b5bb94234
We will respin as 1.3.6 with this fix.
estesp
on 30 Jun 2020
1.3.6 is out now
AkihiroSuda
on 1 Jul 2020
Thanks @janorn
was facing the same issue.
Did "yum update libseccomp" and containerd service started running...
arpitaashu
on 5 Nov 2020
Related issues
gabrik
路
4Comments
cnhuye
路
4Comments
bluefriday
路
4Comments
maxux
路
4Comments
schrodit
路
3Comments
Most helpful comment
Thanks @janorn
was facing the same issue.
Did "yum update libseccomp" and containerd service started running...