We have merged a toolchain update which brings in a glibc build very close to glibc 2.34 upstream release. This build starts using clone3 for creating threads. This may require browser and container tools updates which adjust seccomp filters. clone3 kernel support is NOT required, but a proper “system call not supported” error (ENOSYS, like older kernels report without seccomp filters) or a working clone3 system call is now necessary.
Thanks, Florian
Yes, see also https://github.com/moby/moby/issues/42680
i tried with image quay.io/fedora/fedora:35-x86_64
on CentOS 7 with both docker and podman from @extras docker-1.13.1-208.git7d71120.el7_9.x86_64 podman-1.6.4-29.el7_9.x86_64
both are affected
best regards, markus
On 03.08.2021, at 17:35, Florian Weimer fweimer@redhat.com wrote:
We have merged a toolchain update which brings in a glibc build very close to glibc 2.34 upstream release. This build starts using clone3 for creating threads. This may require browser and container tools updates which adjust seccomp filters. clone3 kernel support is NOT required, but a proper “system call not supported” error (ENOSYS, like older kernels report without seccomp filters) or a working clone3 system call is now necessary.
Thanks, Florian
CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
-
Florian Weimer -
Markus Falb