Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
apk-tools
apk-tools
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 61
    • Issues 61
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 15
    • Merge Requests 15
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • apk-toolsapk-tools
  • Issues
  • #7162

Closed
Open
Opened Apr 18, 2017 by Tim Dettrick@tjdett

`apk update` attempts mount/umount2 when run with rkt

rkt is a container engine similar to Docker, and capable of running Docker images. Like Docker, it enforces seccomp and capability restrictions on system calls.

Alpine Edge has recently broken `apk update` functionality with rkt, as it is issuing (unnecessary) mount/umount2 syscalls which are blocked by seccomp.

$ sudo rkt run --dns 8.8.8.8 --insecure-options image docker://alpine:3.5 --exec /bin/sh -- -c "apk --version && apk update" 
[ 5844.906525] alpine[5]: apk-tools 2.6.8, compiled for x86_64.
[ 5844.908101] alpine[5]: fetch http://dl-cdn.alpinelinux.org/alpine/v3.5/main/x86_64/APKINDEX.tar.gz
[ 5846.799587] alpine[5]: fetch http://dl-cdn.alpinelinux.org/alpine/v3.5/community/x86_64/APKINDEX.tar.gz
[ 5847.041904] alpine[5]: v3.5.2-46-gdf4d97eba7 [http://dl-cdn.alpinelinux.org/alpine/v3.5/main]
[ 5847.042149] alpine[5]: v3.5.2-47-ga46d5990dc [http://dl-cdn.alpinelinux.org/alpine/v3.5/community]
[ 5847.042290] alpine[5]: OK: 7959 distinct packages available

$ sudo rkt run --dns 8.8.8.8 --insecure-options image docker://alpine:edge --exec /bin/sh -- -c "apk --version && apk update" 
[ 5851.405934] alpine[5]: apk-tools 2.7.0, compiled for x86_64.
[ 5851.407383] alpine[5]: Bad system call

Please see rkt/rkt#3642 for more detail.

I believe the most likely cause is the revised /proc setup logic.

(from redmine: issue id 7162, created on 2017-04-18, closed on 2019-05-03)

  • Changesets:
    • Revision 7ee47c80 by Timo Teräs on 2017-10-10T08:38:52Z:
db: handle default root correctly for /proc

dbopts->root may be null; use db->root instead

fixes #7162
  • Revision 97e4d053 by Timo Teräs on 2017-10-10T08:39:38Z:
db: handle default root correctly for /proc

dbopts->root may be null; use db->root instead

fixes #7162
  • Revision 0e504ac58e35f837c468884de7bd4d5d005acd66 by Timo Teräs on 2017-10-10T10:41:21Z:
main/apk-tools: fix mounting proc (fixes #7162)
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/apk-tools#7162