Thanks to visit codestin.com
Credit goes to github.com

Skip to content

seccomp is not enabled in your kernel, cannot run with a profile #4786

New issue
New issue
Closed
#4789
Closed
seccomp is not enabled in your kernel, cannot run with a profile#4786
#4789
@baoho1106

Description

@baoho1106
baoho1106
opened on Apr 21, 2021

,
Description

I am currently using the latest kubernetes 1.21.

After updating to cri-o v1.21 I I cannot start up any pods. The output of the describe pod is "Failed to create pod sandbox: rpc error: code = Unknown desc = seccomp is not enabled in your kernel, cannot run with a profile"

I was working previously on 1.18 and it was working fine. I've then upgraded to v1.19, but there was an update on the seccomp for kubernetes 1.19 PSP so I had to add in the crio.conf seccomp_profile = "/usr/share/containers/seccomp.json" and that remove the above error.
However in 1.21 the crio.conf was depreciated and I use the cmd crio --seccomp-profile = "/usr/share/containers/seccomp.json" or crio -c "/home/foo/config/seccomp.conf" to store the values? Not sure if I am doing it correctly or not, but it is giving me the same error. If I revert back to 1.20 the pods can be created with the seccomp_profile that I use.

Steps to reproduce the issue:

  1. git clone https://github.com/cri-o/cri-o
  2. cd cri-o
  3. make
  4. sudo make install
  5. crio --seccomp-profile = "/usr/share/containers/seccomp.json"

Describe the results you received:

Pods having status ContainerCreating with a warning
Failed to create pod sandbox: rpc error: code = Unknown desc = seccomp is not enabled in your kernel, cannot run with a profile

Describe the results you expected:

Pods should have status RUNNING

Additional information you deem important (e.g. issue happens only occasionally):

Output of crio --version:

crio version 1.21.0
Version:       1.21.0
GitCommit:     bc1ef35a932acc2f6f3b6d3eb19a4f68aa9423f6
GitTreeState:  clean
BuildDate:     2021-04-21T15:28:36Z
GoVersion:     go1.14.7
Compiler:      gc
Platform:      linux/amd64
Linkmode:      dynamic

Additional environment details (AWS, VirtualBox, physical, etc.):
VirtualBox
Oracle Linux Server release 8.3
NAME="Oracle Linux Server"
VERSION="8.3"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="8.3"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Oracle Linux Server 8.3"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:8:3:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://bugzilla.oracle.com/"

ORACLE_BUGZILLA_PRODUCT="Oracle Linux 8"
ORACLE_BUGZILLA_PRODUCT_VERSION=8.3
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=8.3
Red Hat Enterprise Linux release 8.3 (Ootpa)
Oracle Linux Server release 8.3

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions