|
The current docker:dind container has broken default seccomp filter that
results in clone3 being blocked, which in turn breaks Fedora 35 rawhide.
This creates a thin shim that provides a custom seccomp profile that is
simply a copy of the default docker profile from
https://raw.githubusercontent.com/docker/labs/master/security/seccomp/seccomp-profiles/default.json
Although this profile doesn't list clone3, it somehow results in clone3
getting configured for ENOSYS instead of EPERM, which makes everything
work again.
Individual projects can then use this new wrapper image by applying the
diff
services:
- - docker:dind
+ - name: registry.gitlab.com/libvirt/libvirt-ci/docker-dind:master
+ alias: docker
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
