Univention Bugzilla – Bug 52478
add statx (sys call) to defaultr docker seccomp policy
Last modified: 2020-12-16 16:03:41 CET
At least the veyon app need statx, otherwise -> docker run -it --rm --hostname ucssc-48913906 -p 11080:11080/tcp -v /var/lib/univention-appcenter/apps/ucsschool-veyon-proxy/conf:/var/lib/univention-appcenter/apps/ucsschool-veyon-proxy/conf -v /etc/apt/apt.conf.d/80proxy:/etc/apt/apt.conf.d/81proxy:ro -v /var/lib/univention-appcenter/apps/ucsschool-veyon-proxy/data:/var/lib/univention-appcenter/apps/ucsschool-veyon-proxy/data -v /sys/fs/cgroup:/sys/fs/cgroup:ro --cap-add ALL --tmpfs /run --tmpfs /run/lock --security-opt seccomp:/etc/docker/seccomp-systemd.json -e container=docker veyon/webapi-proxy:latest PlatformPluginManager: no platform plugin available! Aborted (core dumped)
Created attachment 10576 [details] univention-docker.patch works with this change
Your proposal worked for our use case. I applied your patch and build it in the 4.4-7 errata scope: Package: univention-docker Version: 4.0.1-9A~4.4.0.202012132236 Branch: ucs_4.4-0 Scope: errata4.4-7
OK: Code change OK: manual test: install ucsschool-veyon-proxy app from test-appcenter OK: advisory All fine so far, just waiting for Jenkins tests.
No problems in the 4.4-7 Jenkins jobs.
<https://errata.software-univention.de/#/?erratum=4.4x841>