Users running Debian "Stretch" or "Buster"-based operating systems (e.g., Raspbian/Raspberry Pi OS 1.3) on ARM hardware (e.g., Raspberry Pi) may have issues running certain Docker containers.
Newer Docker containers can be based on Debian "Bullseye", the latest stable branch of Debian Linux. Newer versions of Linux are generally better maintained and receive timely bug fixes and security updates for installed packages.
Users of older "Stretch" or "Buster" based ARM systems may experience problems running "Bullseye" based Docker Containers. For example, you may see errors in the logs indicating issues such as:
- With the
RTC
Real Time Clock
- Any odd error message that may have the word
Time
in it - Or be otherwise related to the clock.
This is an example of such error message:
sleep: cannot read realtime clock: Operation not permitted
The issue with "Buster" systems is related to a system package called libseccomp2
. "Bullseye" Docker containers require a more up-to-date libseccomp2
than is typically available on these older systems.
You have four three options to ensure this container will work on your Pi.
- Update
libseccomp2
in your operating system - Update to a fresh install of Raspberry Pi OS 1.4 (Debian "Bullseye"-based), or an install of Raspberry Pi OS from an image made after November 2021
- Upgrade to Ubuntu ARM 64 bit
Run this container with theSECURITY ISSUE: NOT RECOMMENDED, PLEASE DO NOT DO THISprivileged
flag.
The easiest solution is option 1: update libseccomp2
in your operating system. KX1T has created a script that you can run. It will check that your system is "Buster" based and install an updated version of libseccomp2
only if required and available.
If you are unsure if your system may be affected you can also run this script. The script is designed to only run on systems it knows will have the problem and we can safely apply a fix.
To run this script, which only needs to be done once, please do the following:
curl -sL https://raw.githubusercontent.com/sdr-enthusiasts/Buster-Docker-Fixes/main/libseccomp2-checker.sh | bash
After updating libseccomp2
, you may have to restart your containers to ensure they run properly.
The script will only work on "Stretch" or "Buster"-based Debian distributions and will only update libseccomp2
if it is outdated.
The libseccomp2
script will do the following things to your system:
- Determine if your system is buster based, and if not, stop
- Update your system packages and install
w3m
(needed to parse some HTML data for Stretch OS fixes) - If the script determines
libseccomp2
is outdated, it will then do the following after you give it permission to continue:- Add an official Debian repository to your apt sources along with the associated GPG key
- Install a new version of
libseccomp2
You may be prompted for a password because the script is modifying things that require escalated (sudo
) privileges.
Feel free to inspect the script here.
Finally -- if you have a very old OS, the script may error out with the message below. In that case, first do sudo apt update && sudo apt upgrade
and follow the instructions. Once done, run the script again.
E: Repository 'http://archive.raspberrypi.org/debian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
This repository, including any scripts, data, SDKs, and documentation is subject to the MIT License, included with this package. Copyright (c) 2021, 2022 by Ramon F. Kolb (kx1t), Fred Clausen, Mike Nye, and others.