Users running Debian "Stretch" or "Buster"-based operating systems (e.g., Raspbian/Raspberry Pi OS 1.3) on ARM hardware (e.g., Raspberry Pi) may have issues running certain Docker containers.
Newer Docker containers can be based on Debian "Bullseye", the latest stable branch of Debian Linux. Newer versions of Linux are generally better maintained and receive timely bug fixes and security updates for installed packages.
Users of older "Stretch" or "Buster" based ARM systems may experience problems running "Bullseye" based Docker Containers. For example, you may see errors in the logs indicating issues such as:
- With the
RTC Real Time Clock- Any odd error message that may have the word
Timein it - Or be otherwise related to the clock.
This is an example of such error message:
sleep: cannot read realtime clock: Operation not permitted
The issue with "Buster" systems is related to a system package called libseccomp2. "Bullseye" Docker containers require a more up-to-date libseccomp2 than is typically available on these older systems.
You have four three options to ensure this container will work on your Pi.
- Update
libseccomp2in your operating system - Update to a fresh install of Raspberry Pi OS 1.4 (Debian "Bullseye"-based), or an install of Raspberry Pi OS from an image made after November 2021
- Upgrade to Ubuntu ARM 64 bit
Run this container with theSECURITY ISSUE: NOT RECOMMENDED, PLEASE DO NOT DO THISprivilegedflag.
The easiest solution is option 1: update libseccomp2 in your operating system. KX1T has created a script that you can run. It will check that your system is "Buster" based and install an updated version of libseccomp2 only if required and available.
If you are unsure if your system may be affected you can also run this script. The script is designed to only run on systems it knows will have the problem and we can safely apply a fix.
To run this script, which only needs to be done once, please do the following:
curl -sL https://raw.githubusercontent.com/sdr-enthusiasts/Buster-Docker-Fixes/main/libseccomp2-checker.sh | bashAfter updating libseccomp2, you may have to restart your containers to ensure they run properly.
The script will only work on "Stretch" or "Buster"-based Debian distributions and will only update libseccomp2 if it is outdated.
The libseccomp2 script will do the following things to your system:
- Determine if your system is buster based, and if not, stop
- Update your system packages and install
w3m(needed to parse some HTML data for Stretch OS fixes) - If the script determines
libseccomp2is outdated, it will then do the following after you give it permission to continue:- Add an official Debian repository to your apt sources along with the associated GPG key
- Install a new version of
libseccomp2
You may be prompted for a password because the script is modifying things that require escalated (sudo) privileges.
Feel free to inspect the script here.
Finally -- if you have a very old OS, the script may error out with the message below. In that case, first do sudo apt update && sudo apt upgrade and follow the instructions. Once done, run the script again.
E: Repository 'http://archive.raspberrypi.org/debian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
This repository, including any scripts, data, SDKs, and documentation is subject to the MIT License, included with this package. Copyright (c) 2021, 2022 by Ramon F. Kolb (kx1t), Fred Clausen, Mike Nye, and others.