Description
Description
docker has glibc2.35, and build with glib2.72+, the build will fail with error:
(glib-compile-resources:19315): GLib-GObject-CRITICAL **: 08:08:56.312: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
../gdk-pixbuf-2.42.8/tests/resources.gresource.xml: Failed to close file descriptor for child process (Operation not permitted).
The reason is that, close_range treturn EPERM for docker container, .since commit [1], glib will report error, and upstream reject to accpect EPERM as return value.
This issue is a little similar like the issue we met before for clone3, and the fix is [3].
I notice that we have an RFE [4] to make Seccomp Profiles to ENOSYS Default, seems this is the solution,
since glib only will take ENOSYS as correct return.
[1] https://gitlab.gnome.org/GNOME/glib/-/commit/ce04a124040be091407e070280d86ca810bacb8c
[2] https://gitlab.gnome.org/GNOME/glib/-/issues/2580
[3] #42681
[4] #42871
Steps to reproduce the issue:
In order to simple the reproduce steps, I just pick the usefull part
- docker run --rm -i -t -v /docker/:/mnt ubuntu:22.04 /bin/bash
- setup yocto project and bitbake gdk-pixbuf-native
the actually failed command is:
glib-compile-resources --sourcedir=/mnt/ubuntu2204/build/tmp-glibc/work/x86_64-linux/gdk-pixbuf-native/2.42.8-r0/gdk-pixbuf-2.42.8/tests --source ../gdk-pixbuf-2.42.8/tests/resources.gresource.xml tests/resources.c
While glib-compile-resources is build from glib 2.72.1
Describe the results you received:
(glib-compile-resources:19315): GLib-GObject-CRITICAL **: 08:08:56.312: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
../gdk-pixbuf-2.42.8/tests/resources.gresource.xml: Failed to close file descriptor for child process (Operation not permitted).
Describe the results you expected:
build success
Additional information you deem important (e.g. issue happens only occasionally):
Issue not happens on docker ubuntu2104 which have glibc 2.33,
close_range is added in glibc since 2.34
Output of docker version:
Docker version 20.10.12, build e91ed57
Output of docker info:
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.7.1-docker)
scan: Docker Scan (Docker Inc., v0.12.0)
Server:
Containers: 10
Running: 2
Paused: 0
Stopped: 8
Images: 37
Server Version: 20.10.12
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc version: v1.0.2-0-g52b36a2
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.13.0-35-generic
Operating System: Ubuntu 20.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 48
Total Memory: 247.3GiB
Name: core2
ID: H5SQ:4MGO:KUUX:QJUT:QDJS:CVO2:WXHZ:KKUM:6WVI:VSIP:7PP3:6T67
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
Live Restore Enabled: false