Dear Tumbleweed users,
As was announced over the course of the last few weeks, glibc has been prepared to be updated to version 2.34. This took quite a while in staging to get all the builds and the staging QA to settle. But that goal was reached, and openSUSE:Factory has been rebuilt with glibc 2.34 (big snapshot ahead)
Now, unfortunately, we have detected some more issues in the full product testing around docker:
https://bugzilla.opensuse.org/show_bug.cgi?id=1190670
docker is blocking a syscall (we had similar cases with glibc 2.33)
We managed to get our own docker package in Factory fixed (part of snapshot 0920 - should we release that), which would mean TW docker containers would (again) for the time being only run on TW hosts (and other hosts with a docker version that has been fixed)
Docker upstream had been informed of this issue on July 27: https://github.com/moby/moby/pull/42681; the pull-request was merged on Jul 30. But this only found its way into the 'future docker version' - i.e. even the latest docker version available is still not carrying this fix.
If you work with any hosting providers that run a docker version without a backport from https://github.com/moby/moby/pull/42836 make sure to reach out to them and ask to get this corrected.
There is not much more we can do from our side - the alternative is 'holding TW from rolling until everybody gets a new docker version'. We on the openSUSE Release Team do not feel this is a viable option, as a new docker version could be months away.
Please help to make sure this information spreads as far as possible.
Cheers, Dominique
On Tue, 2021-09-21 at 11:45 +0200, Dominique Leuenberger / DimStar wrote:
Now, unfortunately, we have detected some more issues in the full product testing around docker:
https://bugzilla.opensuse.org/show_bug.cgi?id=1190670
docker is blocking a syscall (we had similar cases with glibc 2.33)
We managed to get our own docker package in Factory fixed (part of snapshot 0920 - should we release that), which would mean TW docker containers would (again) for the time being only run on TW hosts (and other hosts with a docker version that has been fixed)
Does this apply to docker only, or also other container engines like podman?
Martin
On Tue, 2021-09-21 at 15:24 +0000, Martin Wilck wrote:
On Tue, 2021-09-21 at 11:45 +0200, Dominique Leuenberger / DimStar wrote:
Now, unfortunately, we have detected some more issues in the full product testing around docker:
https://bugzilla.opensuse.org/show_bug.cgi?id=1190670
docker is blocking a syscall (we had similar cases with glibc 2.33)
We managed to get our own docker package in Factory fixed (part of snapshot 0920 - should we release that), which would mean TW docker containers would (again) for the time being only run on TW hosts (and other hosts with a docker version that has been fixed)
Does this apply to docker only, or also other container engines like podman?
Martin
Docker only - podman doesn't comparable silliness
Hi,
Am Dienstag, 21. September 2021, 18:18:32 CEST schrieb Richard Brown:
On Tue, 2021-09-21 at 15:24 +0000, Martin Wilck wrote:
On Tue, 2021-09-21 at 11:45 +0200, Dominique Leuenberger / DimStar wrote:
Now, unfortunately, we have detected some more issues in the full product testing around docker:
https://bugzilla.opensuse.org/show_bug.cgi?id=1190670
docker is blocking a syscall (we had similar cases with glibc 2.33)
We managed to get our own docker package in Factory fixed (part of snapshot 0920 - should we release that), which would mean TW docker containers would (again) for the time being only run on TW hosts (and other hosts with a docker version that has been fixed)
Does this apply to docker only, or also other container engines like podman?
Martin
Docker only - podman doesn't comparable silliness
I don't think "silliness" is the right word. Podman is equally affected until a recent version.
The fix for this is in runc (https://github.com/opencontainers/runc/pull/2750), but Docker simply ran into one of the documented ("// FIXME FIXME FIXME") edge cases for "clone3", which is hard to avoid.
Cheers, Fabian
Dne 21. 09. 21 v 11:45 Dominique Leuenberger / DimStar napsal(a):
[...]
If you work with any hosting providers that run a docker version without a backport from https://github.com/moby/moby/pull/42836 make sure to reach out to them and ask to get this corrected.
JFYI: I have reported the problem for GitHub Actions:
https://github.com/actions/virtual-environments/issues/4193
For GitHub Actions there is a workaround with using the "--privileged" Docker option, see the issue for more details.
-
Dominique Leuenberger / DimStar -
Fabian Vogt -
Ladislav Slezak -
Martin Wilck -
Richard Brown