Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error: unable to load seccomp BPF program: Invalid argument #324

Open
ostrolucky opened this issue Mar 11, 2023 · 10 comments
Open

error: unable to load seccomp BPF program: Invalid argument #324

ostrolucky opened this issue Mar 11, 2023 · 10 comments
Labels
Containerized Related to Docker, Podman, or LXC (etc) MacOS Darwin/MacOS

Comments

@ostrolucky
Copy link 

❯ docker run --platform=linux/amd64 -v $(pwd):/wrk -w /wrk -it ubuntu bash
root@70b365bc4f5d:/wrk# apt update && apt install curl -y
Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
Get:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [107 kB]
Get:5 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [17.5 MB]
Get:6 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [862 kB]
Get:7 http://archive.ubuntu.com/ubuntu jammy/restricted amd64 Packages [164 kB]
Get:8 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [889 kB]
Get:9 http://archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [266 kB]
Get:10 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages [1792 kB]
Get:11 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1129 kB]
Get:12 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1193 kB]
Get:13 http://archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [880 kB]
Get:14 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [5557 B]
Get:15 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [10.9 kB]
Get:16 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [823 kB]
Get:17 http://archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [22.4 kB]
Get:18 http://archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [49.0 kB]
Fetched 26.2 MB in 14s (1819 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
2 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  ca-certificates libbrotli1 libcurl4 libldap-2.5-0 libldap-common libnghttp2-14 libpsl5 librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libssh-4 openssl publicsuffix
Suggested packages:
  libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql
The following NEW packages will be installed:
  ca-certificates curl libbrotli1 libcurl4 libldap-2.5-0 libldap-common libnghttp2-14 libpsl5 librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libssh-4 openssl publicsuffix
0 upgraded, 15 newly installed, 0 to remove and 2 not upgraded.
Need to get 2976 kB of archives.
After this operation, 7096 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssl amd64 3.0.2-0ubuntu1.8 [1184 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 ca-certificates all 20211016ubuntu0.22.04.1 [144 kB]
Get:3 http://archive.ubuntu.com/ubuntu jammy/main amd64 libnghttp2-14 amd64 1.43.0-1build3 [76.3 kB]
Get:4 http://archive.ubuntu.com/ubuntu jammy/main amd64 libpsl5 amd64 0.21.0-1.2build2 [58.4 kB]
Get:5 http://archive.ubuntu.com/ubuntu jammy/main amd64 publicsuffix all 20211207.1025-1 [129 kB]
Get:6 http://archive.ubuntu.com/ubuntu jammy/main amd64 libbrotli1 amd64 1.0.9-2build6 [315 kB]
Get:7 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libsasl2-modules-db amd64 2.1.27+dfsg2-3ubuntu1.2 [20.5 kB]
Get:8 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libsasl2-2 amd64 2.1.27+dfsg2-3ubuntu1.2 [53.8 kB]
Get:9 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libldap-2.5-0 amd64 2.5.13+dfsg-0ubuntu0.22.04.1 [183 kB]
Get:10 http://archive.ubuntu.com/ubuntu jammy/main amd64 librtmp1 amd64 2.4+20151223.gitfa8646d.1-2build4 [58.2 kB]
Get:11 http://archive.ubuntu.com/ubuntu jammy/main amd64 libssh-4 amd64 0.9.6-2build1 [184 kB]
Get:12 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libcurl4 amd64 7.81.0-1ubuntu1.8 [290 kB]
Get:13 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 curl amd64 7.81.0-1ubuntu1.8 [194 kB]
Get:14 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libldap-common all 2.5.13+dfsg-0ubuntu0.22.04.1 [15.9 kB]
Get:15 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libsasl2-modules amd64 2.1.27+dfsg2-3ubuntu1.2 [68.8 kB]
Fetched 2976 kB in 2s (1874 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package openssl.
(Reading database ... 4395 files and directories currently installed.)
Preparing to unpack .../00-openssl_3.0.2-0ubuntu1.8_amd64.deb ...
Unpacking openssl (3.0.2-0ubuntu1.8) ...
Selecting previously unselected package ca-certificates.
Preparing to unpack .../01-ca-certificates_20211016ubuntu0.22.04.1_all.deb ...
Unpacking ca-certificates (20211016ubuntu0.22.04.1) ...
Selecting previously unselected package libnghttp2-14:amd64.
Preparing to unpack .../02-libnghttp2-14_1.43.0-1build3_amd64.deb ...
Unpacking libnghttp2-14:amd64 (1.43.0-1build3) ...
Selecting previously unselected package libpsl5:amd64.
Preparing to unpack .../03-libpsl5_0.21.0-1.2build2_amd64.deb ...
Unpacking libpsl5:amd64 (0.21.0-1.2build2) ...
Selecting previously unselected package publicsuffix.
Preparing to unpack .../04-publicsuffix_20211207.1025-1_all.deb ...
Unpacking publicsuffix (20211207.1025-1) ...
Selecting previously unselected package libbrotli1:amd64.
Preparing to unpack .../05-libbrotli1_1.0.9-2build6_amd64.deb ...
Unpacking libbrotli1:amd64 (1.0.9-2build6) ...
Selecting previously unselected package libsasl2-modules-db:amd64.
Preparing to unpack .../06-libsasl2-modules-db_2.1.27+dfsg2-3ubuntu1.2_amd64.deb ...
Unpacking libsasl2-modules-db:amd64 (2.1.27+dfsg2-3ubuntu1.2) ...
Selecting previously unselected package libsasl2-2:amd64.
Preparing to unpack .../07-libsasl2-2_2.1.27+dfsg2-3ubuntu1.2_amd64.deb ...
Unpacking libsasl2-2:amd64 (2.1.27+dfsg2-3ubuntu1.2) ...
Selecting previously unselected package libldap-2.5-0:amd64.
Preparing to unpack .../08-libldap-2.5-0_2.5.13+dfsg-0ubuntu0.22.04.1_amd64.deb ...
Unpacking libldap-2.5-0:amd64 (2.5.13+dfsg-0ubuntu0.22.04.1) ...
Selecting previously unselected package librtmp1:amd64.
Preparing to unpack .../09-librtmp1_2.4+20151223.gitfa8646d.1-2build4_amd64.deb ...
Unpacking librtmp1:amd64 (2.4+20151223.gitfa8646d.1-2build4) ...
Selecting previously unselected package libssh-4:amd64.
Preparing to unpack .../10-libssh-4_0.9.6-2build1_amd64.deb ...
Unpacking libssh-4:amd64 (0.9.6-2build1) ...
Selecting previously unselected package libcurl4:amd64.
Preparing to unpack .../11-libcurl4_7.81.0-1ubuntu1.8_amd64.deb ...
Unpacking libcurl4:amd64 (7.81.0-1ubuntu1.8) ...
Selecting previously unselected package curl.
Preparing to unpack .../12-curl_7.81.0-1ubuntu1.8_amd64.deb ...
Unpacking curl (7.81.0-1ubuntu1.8) ...
Selecting previously unselected package libldap-common.
Preparing to unpack .../13-libldap-common_2.5.13+dfsg-0ubuntu0.22.04.1_all.deb ...
Unpacking libldap-common (2.5.13+dfsg-0ubuntu0.22.04.1) ...
Selecting previously unselected package libsasl2-modules:amd64.
Preparing to unpack .../14-libsasl2-modules_2.1.27+dfsg2-3ubuntu1.2_amd64.deb ...
Unpacking libsasl2-modules:amd64 (2.1.27+dfsg2-3ubuntu1.2) ...
Setting up libpsl5:amd64 (0.21.0-1.2build2) ...
Setting up libbrotli1:amd64 (1.0.9-2build6) ...
Setting up libsasl2-modules:amd64 (2.1.27+dfsg2-3ubuntu1.2) ...
Setting up libnghttp2-14:amd64 (1.43.0-1build3) ...
Setting up libldap-common (2.5.13+dfsg-0ubuntu0.22.04.1) ...
Setting up libsasl2-modules-db:amd64 (2.1.27+dfsg2-3ubuntu1.2) ...
Setting up librtmp1:amd64 (2.4+20151223.gitfa8646d.1-2build4) ...
Setting up libsasl2-2:amd64 (2.1.27+dfsg2-3ubuntu1.2) ...
Setting up libssh-4:amd64 (0.9.6-2build1) ...
Setting up openssl (3.0.2-0ubuntu1.8) ...
Setting up publicsuffix (20211207.1025-1) ...
Setting up libldap-2.5-0:amd64 (2.5.13+dfsg-0ubuntu0.22.04.1) ...
Setting up ca-certificates (20211016ubuntu0.22.04.1) ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.34.0 /usr/local/share/perl/5.34.0 /usr/lib/x86_64-linux-gnu/perl5/5.34 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.34 /usr/share/perl/5.34 /usr/local/lib/site_perl) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Updating certificates in /etc/ssl/certs...
124 added, 0 removed; done.
Setting up libcurl4:amd64 (7.81.0-1ubuntu1.8) ...
Setting up curl (7.81.0-1ubuntu1.8) ...
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
root@70b365bc4f5d:/wrk# apt update && apt install curl -y^C
root@70b365bc4f5d:/wrk# curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
info: downloading installer https://install.determinate.systems/nix/tag/v0.5.0/nix-installer-x86_64-linux
Nix install plan (v0.5.0)

Planner: linux

Planner settings:

* init: "None"
* nix_build_user_id_base: 30000
* modify_profile: true
* extra_conf: []
* force: false
* channels: ["nixpkgs=https://nixos.org/channels/nixpkgs-unstable"]
* nix_package_url: "https://releases.nixos.org/nix/nix-2.13.3/nix-2.13.3-x86_64-linux.tar.xz"
* nix_build_user_count: 32
* nix_build_group_id: 30000
* diagnostic_endpoint: "https://install.determinate.systems/nix/diagnostic"
* nix_build_user_prefix: "nixbld"
* start_daemon: false
* nix_build_group_name: "nixbld"

The following actions will be taken:

* Create directory `/nix`
* Fetch `https://releases.nixos.org/nix/nix-2.13.3/nix-2.13.3-x86_64-linux.tar.xz` to `/nix/temp-install-dir`
* Create build users (UID 30000-30032) and group (GID 30000)
* Create a directory tree in `/nix`
* Move the downloaded Nix into `/nix`
* Setup the default Nix profile
* Place the Nix configuration in `/etc/nix/nix.conf`
* Place channel configuration at `/root/.nix-channels`
* Configure the shell profiles


Proceed? ([Y]es/[n]o/[e]xplain): y
 INFO Step: Create directory `/nix`
 INFO Step: Provision Nix
 INFO Step: Configure Nix
ERROR
   0: Install failure
   1: Error executing action `configure_nix`
   2: Child action `setup_default_profile`
   3: Failed to execute command with status 1 `"/nix/store/mc43d38fibi94pp5crfwacl5gbslccd0-nix-2.13.3/bin/nix-env" "-i" "/nix/store/mc43d38fibi94pp5crfwacl5gbslccd0-nix-2.13.3"`, stdout:
      stderr: installing 'nix-2.13.3'
      error: unable to load seccomp BPF program: Invalid argument
      (use '--show-trace' to show detailed location information)

   3:

Location:
   /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/core/src/convert/mod.rs:726

Backtrace omitted. Run with RUST_BACKTRACE=1 environment variable to display it.
Run with RUST_BACKTRACE=full to include source snippets.

Consider reporting this error using this URL: https://github.com/DeterminateSystems/nix-installer/issues/new?title=%3Cautogenerated-issue%3E&body=%23%23+Error%0A%60%60%60%0AError%3A+%0A+++0%3A+Install+failure%0A+++1%3A+Error+executing+action+%60configure_nix%60%0A+++2%3A+Child+action+%60setup_default_profile%60%0A+++3%3A+Failed+to+execute+command+with+status+1+%60%22%2Fnix%2Fstore%2Fmc43d38fibi94pp5crfwacl5gbslccd0-nix-2.13.3%2Fbin%2Fnix-env%22+%22-i%22+%22%2Fnix%2Fstore%2Fmc43d38fibi94pp5crfwacl5gbslccd0-nix-2.13.3%22%60%2C+stdout%3A+%0A++++++stderr%3A+installing+%27nix-2.13.3%27%0A++++++error%3A+unable+to+load+seccomp+BPF+program%3A+Invalid+argument%0A++++++%28use+%27--show-trace%27+to+show+detailed+location+information%29%0A%0A%0A%60%60%60
Installation failure, offering to revert...
Nix uninstall plan

Planner: linux

Planner settings:

* nix_build_user_id_base: 30000
* nix_package_url: "https://releases.nixos.org/nix/nix-2.13.3/nix-2.13.3-x86_64-linux.tar.xz"
* nix_build_group_name: "nixbld"
* force: false
* diagnostic_endpoint: "https://install.determinate.systems/nix/diagnostic"
* start_daemon: false
* modify_profile: true
* nix_build_user_prefix: "nixbld"
* channels: ["nixpkgs=https://nixos.org/channels/nixpkgs-unstable"]
* init: "None"
* nix_build_group_id: 30000
* nix_build_user_count: 32
* extra_conf: []

The following actions will be taken (`--explain` for more context):

* Unconfigure the shell profiles
* Remove channel configuration at `/root/.nix-channels`
* Remove the Nix configuration in `/etc/nix/nix.conf`
* Unset the default Nix profile
* Remove the directory tree in `/nix`
* Remove Nix users and group
* Remove the directory `/nix`


Proceed? ([Y]es/[n]o/[e]xplain): y
 INFO Revert: Leave the Nix daemon unconfigured
 INFO Revert: Configure Nix
 INFO Revert: Provision Nix
 INFO Revert: Create directory `/nix`
Partial Nix install was uninstalled successfully!

root@70b365bc4f5d:/wrk# nix
bash: nix: command not found
@Hoverbear
Copy link
Contributor

That's pretty interesting. It seems you have some non-default seccomp configurations? What OS is this on? What version of docker?

@Hoverbear Hoverbear added the question Further information is requested label Mar 13, 2023
@ostrolucky
Copy link
Author

aarch64-darwin (macos Ventura 13.2.1 with m1 CPU)
Docker desktop 4.17.0, docker engine 20.10.23

@Hoverbear
Copy link
Contributor

Thanks! I might have to try to set up a reproduction as I've not seen something like this before.

@ostrolucky
Copy link
Author

There are some ideas here NixOS/nix#2651 (and more google search results)

@TheLonelyGhost
Copy link

It seems a workaround might be to disable syscall filtering in Nix itself. I'd imagine the way Docker containerizes things, filtering syscalls might not be within the container-based sandbox and wouldn't work with the default installer either.

Maybe add -e NIX_INSTALLER_EXTRA_CONF='filter-syscalls = false' to your docker run command?

@ostrolucky
Copy link
Author

That works, except autodetection seems to not work now and user has to add some args manually. Not sure this is something you want to tackle or is intended.

❯ docker run --platform=linux/amd64 -e NIX_INSTALLER_EXTRA_CONF='filter-syscalls = false' -v $(pwd):/wrk -w /wrk -it ubuntu bash
root@53c05da1c1d9:/wrk# apt update && apt install curl -y
Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
Get:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [107 kB]
Get:5 http://archive.ubuntu.com/ubuntu jammy/restricted amd64 Packages [164 kB]
Get:6 http://archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [266 kB]
Get:7 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages [1792 kB]
Get:8 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [17.5 MB]
Get:9 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [28.6 kB]
Get:10 http://archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [885 kB]
Get:11 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1142 kB]
Get:12 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1200 kB]
Get:13 http://archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [22.4 kB]
Get:14 http://archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [49.0 kB]
Get:15 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [23.2 kB]
Get:16 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [905 kB]
Get:17 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [869 kB]
Get:18 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [829 kB]
Fetched 26.3 MB in 12s (2177 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  ca-certificates libbrotli1 libcurl4 libldap-2.5-0 libldap-common libnghttp2-14 libpsl5 librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libssh-4 openssl publicsuffix
Suggested packages:
  libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql
The following NEW packages will be installed:
  ca-certificates curl libbrotli1 libcurl4 libldap-2.5-0 libldap-common libnghttp2-14 libpsl5 librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libssh-4 openssl publicsuffix
0 upgraded, 15 newly installed, 0 to remove and 0 not upgraded.
Need to get 2977 kB of archives.
After this operation, 7100 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssl amd64 3.0.2-0ubuntu1.8 [1184 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 ca-certificates all 20211016ubuntu0.22.04.1 [144 kB]
Get:3 http://archive.ubuntu.com/ubuntu jammy/main amd64 libnghttp2-14 amd64 1.43.0-1build3 [76.3 kB]
Get:4 http://archive.ubuntu.com/ubuntu jammy/main amd64 libpsl5 amd64 0.21.0-1.2build2 [58.4 kB]
Get:5 http://archive.ubuntu.com/ubuntu jammy/main amd64 publicsuffix all 20211207.1025-1 [129 kB]
Get:6 http://archive.ubuntu.com/ubuntu jammy/main amd64 libbrotli1 amd64 1.0.9-2build6 [315 kB]
Get:7 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libsasl2-modules-db amd64 2.1.27+dfsg2-3ubuntu1.2 [20.5 kB]
Get:8 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libsasl2-2 amd64 2.1.27+dfsg2-3ubuntu1.2 [53.8 kB]
Get:9 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libldap-2.5-0 amd64 2.5.14+dfsg-0ubuntu0.22.04.1 [183 kB]
Get:10 http://archive.ubuntu.com/ubuntu jammy/main amd64 librtmp1 amd64 2.4+20151223.gitfa8646d.1-2build4 [58.2 kB]
Get:11 http://archive.ubuntu.com/ubuntu jammy/main amd64 libssh-4 amd64 0.9.6-2build1 [184 kB]
Get:12 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libcurl4 amd64 7.81.0-1ubuntu1.10 [290 kB]
Get:13 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 curl amd64 7.81.0-1ubuntu1.10 [194 kB]
Get:14 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libldap-common all 2.5.14+dfsg-0ubuntu0.22.04.1 [15.9 kB]
Get:15 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libsasl2-modules amd64 2.1.27+dfsg2-3ubuntu1.2 [68.8 kB]
Fetched 2977 kB in 3s (907 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package openssl.
(Reading database ... 4395 files and directories currently installed.)
Preparing to unpack .../00-openssl_3.0.2-0ubuntu1.8_amd64.deb ...
Unpacking openssl (3.0.2-0ubuntu1.8) ...
Selecting previously unselected package ca-certificates.
Preparing to unpack .../01-ca-certificates_20211016ubuntu0.22.04.1_all.deb ...
Unpacking ca-certificates (20211016ubuntu0.22.04.1) ...
Selecting previously unselected package libnghttp2-14:amd64.
Preparing to unpack .../02-libnghttp2-14_1.43.0-1build3_amd64.deb ...
Unpacking libnghttp2-14:amd64 (1.43.0-1build3) ...
Selecting previously unselected package libpsl5:amd64.
Preparing to unpack .../03-libpsl5_0.21.0-1.2build2_amd64.deb ...
Unpacking libpsl5:amd64 (0.21.0-1.2build2) ...
Selecting previously unselected package publicsuffix.
Preparing to unpack .../04-publicsuffix_20211207.1025-1_all.deb ...
Unpacking publicsuffix (20211207.1025-1) ...
Selecting previously unselected package libbrotli1:amd64.
Preparing to unpack .../05-libbrotli1_1.0.9-2build6_amd64.deb ...
Unpacking libbrotli1:amd64 (1.0.9-2build6) ...
Selecting previously unselected package libsasl2-modules-db:amd64.
Preparing to unpack .../06-libsasl2-modules-db_2.1.27+dfsg2-3ubuntu1.2_amd64.deb ...
Unpacking libsasl2-modules-db:amd64 (2.1.27+dfsg2-3ubuntu1.2) ...
Selecting previously unselected package libsasl2-2:amd64.
Preparing to unpack .../07-libsasl2-2_2.1.27+dfsg2-3ubuntu1.2_amd64.deb ...
Unpacking libsasl2-2:amd64 (2.1.27+dfsg2-3ubuntu1.2) ...
Selecting previously unselected package libldap-2.5-0:amd64.
Preparing to unpack .../08-libldap-2.5-0_2.5.14+dfsg-0ubuntu0.22.04.1_amd64.deb ...
Unpacking libldap-2.5-0:amd64 (2.5.14+dfsg-0ubuntu0.22.04.1) ...
Selecting previously unselected package librtmp1:amd64.
Preparing to unpack .../09-librtmp1_2.4+20151223.gitfa8646d.1-2build4_amd64.deb ...
Unpacking librtmp1:amd64 (2.4+20151223.gitfa8646d.1-2build4) ...
Selecting previously unselected package libssh-4:amd64.
Preparing to unpack .../10-libssh-4_0.9.6-2build1_amd64.deb ...
Unpacking libssh-4:amd64 (0.9.6-2build1) ...
Selecting previously unselected package libcurl4:amd64.
Preparing to unpack .../11-libcurl4_7.81.0-1ubuntu1.10_amd64.deb ...
Unpacking libcurl4:amd64 (7.81.0-1ubuntu1.10) ...
Selecting previously unselected package curl.
Preparing to unpack .../12-curl_7.81.0-1ubuntu1.10_amd64.deb ...
Unpacking curl (7.81.0-1ubuntu1.10) ...
Selecting previously unselected package libldap-common.
Preparing to unpack .../13-libldap-common_2.5.14+dfsg-0ubuntu0.22.04.1_all.deb ...
Unpacking libldap-common (2.5.14+dfsg-0ubuntu0.22.04.1) ...
Selecting previously unselected package libsasl2-modules:amd64.
Preparing to unpack .../14-libsasl2-modules_2.1.27+dfsg2-3ubuntu1.2_amd64.deb ...
Unpacking libsasl2-modules:amd64 (2.1.27+dfsg2-3ubuntu1.2) ...
Setting up libpsl5:amd64 (0.21.0-1.2build2) ...
Setting up libbrotli1:amd64 (1.0.9-2build6) ...
Setting up libsasl2-modules:amd64 (2.1.27+dfsg2-3ubuntu1.2) ...
Setting up libnghttp2-14:amd64 (1.43.0-1build3) ...
Setting up libldap-common (2.5.14+dfsg-0ubuntu0.22.04.1) ...
Setting up libsasl2-modules-db:amd64 (2.1.27+dfsg2-3ubuntu1.2) ...
Setting up librtmp1:amd64 (2.4+20151223.gitfa8646d.1-2build4) ...
Setting up libsasl2-2:amd64 (2.1.27+dfsg2-3ubuntu1.2) ...
Setting up libssh-4:amd64 (0.9.6-2build1) ...
Setting up openssl (3.0.2-0ubuntu1.8) ...
Setting up publicsuffix (20211207.1025-1) ...
Setting up libldap-2.5-0:amd64 (2.5.14+dfsg-0ubuntu0.22.04.1) ...
Setting up ca-certificates (20211016ubuntu0.22.04.1) ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.34.0 /usr/local/share/perl/5.34.0 /usr/lib/x86_64-linux-gnu/perl5/5.34 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.34 /usr/share/perl/5.34 /usr/local/lib/site_perl) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Updating certificates in /etc/ssl/certs...
124 added, 0 removed; done.
Setting up libcurl4:amd64 (7.81.0-1ubuntu1.10) ...
Setting up curl (7.81.0-1ubuntu1.10) ...
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
root@53c05da1c1d9:/wrk# curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
info: downloading installer https://install.determinate.systems/nix/tag/v0.6.0/nix-installer-x86_64-linux
Error:
   0: Planner error
   1: Error executing action
   2: Could not detect systemd; you may be able to get up and running without systemd with `nix-installer install linux --init none`.
      See https://github.com/DeterminateSystems/nix-installer#without-systemd-linux-only for documentation on usage and drawbacks.

Location:
   src/cli/subcommand/install.rs:146

Backtrace omitted. Run with RUST_BACKTRACE=1 environment variable to display it.
Run with RUST_BACKTRACE=full to include source snippets.

Consider reporting this error using this URL: https://github.com/DeterminateSystems/nix-installer/issues/new?title=%3Cautogenerated-issue%3E&body=%23%23+Error%0A%60%60%60%0AError%3A+%0A+++0%3A+Planner+error%0A+++1%3A+Error+executing+action%0A+++2%3A+Could+not+detect+systemd%3B+you+may+be+able+to+get+up+and+running+without+systemd+with+%60nix-installer+install+linux+--init+none%60.%0A++++++See+https%3A%2F%2Fgithub.com%2FDeterminateSystems%2Fnix-installer%23without-systemd-linux-only+for+documentation+on+usage+and+drawbacks.%0A%60%60%60
root@53c05da1c1d9:/wrk# curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux --init none
info: downloading installer https://install.determinate.systems/nix/tag/v0.6.0/nix-installer-x86_64-linux
Nix install plan (v0.6.0)
Planner: linux

Configured settings:
* extra_conf: ["filter-syscalls = false"]
* init: "None"
* start_daemon: true

Planned actions:
* Create directory `/nix`
* Fetch `https://releases.nixos.org/nix/nix-2.13.3/nix-2.13.3-x86_64-linux.tar.xz` to `/nix/temp-install-dir`
* Create build users (UID 30000-30032) and group (GID 30000)
* Create a directory tree in `/nix`
* Move the downloaded Nix into `/nix`
* Setup the default Nix profile
* Place the Nix configuration in `/etc/nix/nix.conf`
* Configure the shell profiles
* Remove directory `/nix/temp-install-dir`


Proceed? ([Y]es/[n]o/[e]xplain):
 INFO Step: Create directory `/nix`
 INFO Step: Provision Nix
 INFO Step: Configure Nix
 INFO Step: Leave the Nix daemon unconfigured
 INFO Step: Remove directory `/nix/temp-install-dir`
Nix was installed successfully!
To get started using Nix, open a new shell or run `. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh`

@Hoverbear
Copy link
Contributor

My colleague @lucperkins was able to reproduce this today on their machine, we're investigating more.

@Hoverbear Hoverbear added MacOS Darwin/MacOS Containerized Related to Docker, Podman, or LXC (etc) and removed question Further information is requested labels Mar 23, 2023
@Hoverbear
Copy link
Contributor

Investigating more:

Without a --platform linux/amd64:

In docker build:

  • --init none works
  • --init none --extra-conf "filter-syscalls = false" works
  • --init none --extra-conf "sandbox = false" works

In docker run:

  • --init none works
  • --init none --extra-conf "filter-syscalls = false" works
  • --init none --extra-conf "sandbox = false" works

With a --platform linux/amd64:

In docker build:

  • --init none breaks
  • --init none --extra-conf "filter-syscalls = false" works
  • --init none --extra-conf "sandbox = false" breaks

In docker run:

  • --init none
  • --init none --extra-conf "filter-syscalls = false" works
  • --init none --extra-conf "sandbox = false" breaks

@Hoverbear Hoverbear mentioned this issue Mar 27, 2023
Closed
6 tasks
@edolstra
Copy link
Contributor

edolstra commented Mar 31, 2023
edited
Loading

This is because x86_64 containers on ARM Macs run inside qemu-x86_64, which does not emulate seccomp and returns EINVAL instead.

Some possible workarounds:

  • Have the installer detect whether /proc/1/exe is /usr/bin/qemu-x86_64 (or */qemu*), and if so, add filter-syscalls = false to nix.conf.
  • Have Nix do that automatically, i.e. disable filter-syscalls if it detects running inside qemu.
  • Have Nix ignore EINVAL from seccomp_load().

Note that filter-syscalls is a security feature to prevent builders from creating setuid binaries, but that's probably not a big concern inside docker containers.

@Hoverbear
Copy link
Contributor

We discussed making the installer detect if we are inside a runtime situation like this and add a line to the configured nix.conf.

I'm wondering if it is possible to offer users a unified Docker/Podman config as a result. #373 shows it is kind of a mess.

@iancleary iancleary mentioned this issue Oct 5, 2023
Closed
@elohmeier elohmeier mentioned this issue Nov 20, 2023
Closed
@lostbean lostbean mentioned this issue Feb 15, 2024
Merged
github-merge-queue bot pushed a commit to kurtosis-tech/kurtosis that referenced this issue Feb 15, 2024
@lostbean
fix: replace nix installer (#2163)
8f68547 
## Description:
Fix the cross platform docker images that are trying to install nix by
replacing the installer and passing extra config params.

## Is this change user facing?
NO

## References (if applicable):
- DeterminateSystems/nix-installer#324
- NixOS/nix#5258
@delneg delneg mentioned this issue Feb 19, 2024
Closed
@cole-h cole-h mentioned this issue Mar 21, 2024
Open
@cole-h cole-h mentioned this issue May 7, 2024
Closed
@adam-gaia adam-gaia mentioned this issue Aug 16, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Containerized Related to Docker, Podman, or LXC (etc) MacOS Darwin/MacOS
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Hoverbear @ostrolucky @edolstra @TheLonelyGhost