Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue allocating threads on Python 3.10.11-slim (bullseye) vs Python 3.10.12-slim (bookworm) #198

Open
sf-chris opened this issue Jun 15, 2023 · 6 comments
Open

Issue allocating threads on Python 3.10.11-slim (bullseye) vs Python 3.10.12-slim (bookworm) #198

sf-chris opened this issue Jun 15, 2023 · 6 comments

Comments

@sf-chris
Copy link

Hey everyone,

I'm just posting an issue here in case there is any ideas to help me resolve a bug I've been running in to with the Python 3.10.12-slim.

This has recently broke our CI and seems to coincide with a change to from bullseye to bookworm 2 days ago.

The issue in Python is here docker-library/python#835 and I was hoping someone here could provide a little insight into things that may be causing the issue or if it is strictly related to Python.

Please feel free to close this issue if it is completely unrelated. Thank you so much!
@Marx314
Copy link

Marx314 commented Jun 15, 2023

Hi,

as stated in the other thread I have the same issue for python 3.11.4-bookworm

docker image python:3.11.4-alpine is working so i'm assuming some compatibility issue in bookworm or anything i'm not understanding :)

@aebm
Copy link

aebm commented Jun 19, 2023

Hi it is related with privileges , maybe seccomp as commented here #197 (comment)

Example (PS: Don't run you containers with more privileges that necessary =) )

docker run --name=dummy --rm -ti python:3.11-slim bash -c 'apt-get update && apt-get install -y less && echo OK'
Get:1 http://deb.debian.org/debian bookworm InRelease [147 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 Packages [8904 kB]
Get:5 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [28.3 kB]
Fetched 9180 kB in 2s (4697 kB/s)                         
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error code

vs

docker run --name=dummy --rm -ti --privileged python:3.11-slim bash -c 'apt-get update && apt-get install -y less && echo OK'
Get:1 http://deb.debian.org/debian bookworm InRelease [147 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 Packages [8904 kB]
Get:5 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [28.3 kB]
Fetched 9180 kB in 2s (4844 kB/s)                          
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  less
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 131 kB of archives.
After this operation, 321 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 less amd64 590-2 [131 kB]
Fetched 131 kB in 0s (3313 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package less.
(Reading database ... 8386 files and directories currently installed.)
Preparing to unpack .../archives/less_590-2_amd64.deb ...
Unpacking less (590-2) ...
Setting up less (590-2) ...
OK

@aebm
Copy link

aebm commented Jun 19, 2023

Confirmed. It works running unconfined (don't try this at home)

docker run --name=dummy --rm -ti --security-opt seccomp=unconfined python:3.11-slim bash -c 'apt-get update && apt-get install -y less && echo OK'
Get:1 http://deb.debian.org/debian bookworm InRelease [147 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 Packages [8904 kB]
Get:5 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [28.3 kB]
Fetched 9180 kB in 2s (4821 kB/s)                          
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  less
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 131 kB of archives.
After this operation, 321 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 less amd64 590-2 [131 kB]
Fetched 131 kB in 0s (2989 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package less.
(Reading database ... 8386 files and directories currently installed.)
Preparing to unpack .../archives/less_590-2_amd64.deb ...
Unpacking less (590-2) ...
Setting up less (590-2) ...
OK

@tianon
Copy link
Contributor

tianon commented Jun 19, 2023 via email

@aebm
Copy link

aebm commented Jun 20, 2023

Yes. I think so, because in my machine running the latest debian it works without problems. Even I think that maybe updating only seccomp and using the new docker seccomp profile. I am checking it.

@aebm
Copy link

aebm commented Jun 20, 2023

Finally it seems that using libseccomp2 2.5.1 and docker 24.0.2-1 it works. In this version if you want to reproduce the problem, you have to remove clone3 from the seccomp profile of the container.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tianon @aebm @Marx314 @sf-chris