Skip to content

seccomp: ignore unsupported wait-kill flag probe#5347

Merged
rata merged 1 commit into
opencontainers:mainfrom
pacoxu:patch-1
Jun 29, 2026
Merged

seccomp: ignore unsupported wait-kill flag probe#5347
rata merged 1 commit into
opencontainers:mainfrom
pacoxu:patch-1

Conversation

@pacoxu

@pacoxu pacoxu commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

See kubernetes/kubernetes#140039.

The logic here was added in #5172.

@rata

rata commented Jun 26, 2026

Copy link
Copy Markdown
Member

@pacoxu did you also verify this solves the issue on CI somehow?

rata
rata reviewed Jun 26, 2026
View reviewed changes

@rata rata left a comment
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR! This almost LGTM. If this fixes the issue, I'm fine using this as a quick-fix to release 1.5.1

However, I'd also like to understand how runc is being built in kubernetes CI (not blocking the merge). I guess it is being compiled with an old seccomp headers (< 2.6.0), but run with new headers (>= 2.6.0). Can you confirm this is true?

Comment thread libcontainer/seccomp/patchbpf/enosys_linux.go Outdated
@pacoxu @lifubang
seccomp: ignore unsupported wait-kill flag probe
4d84a34 
Signed-off-by: Paco Xu <roollingstone@gmail.com>
@lifubang

lifubang commented Jun 28, 2026

Copy link
Copy Markdown
Member

I guess it is being compiled with an old seccomp headers (< 2.6.0), but run with new headers (>= 2.6.0).

This is precisely the situation I aimed to prevent for libpathrs. A similar version check might also be necessary for libseccomp, as proposed in #5344. However, implementing it there would constitute a break change. If you'd like to discuss this further, let's continue the conversation in #5344.

@pacoxu pacoxu requested a review from rata June 29, 2026 02:52
rata
rata approved these changes Jun 29, 2026
View reviewed changes

@rata rata left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, @pacoxu thanks a lot! @lifubang thanks too!

@rata rata merged commit d3e8242 into opencontainers:main Jun 29, 2026
55 checks passed
@rata rata added the backport/1.5-todo A PR in main branch which needs to be backported to release-1.5 label Jun 29, 2026
@lifubang lifubang mentioned this pull request Jun 29, 2026
Open
@lifubang lifubang added backport/1.5-done A PR in main branch which has been backported to release-1.5 and removed backport/1.5-todo A PR in main branch which needs to be backported to release-1.5 labels Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rata rata rata approved these changes
@lifubang lifubang lifubang approved these changes

Assignees

No one assigned

Labels

backport/1.5-done A PR in main branch which has been backported to release-1.5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pacoxu @rata @lifubang