seccomp warning with Singularity 3.2.0

[Martin Cuma]

With the newly released version 3.2.0 I am seeing this warning when I run any container:

$ singularity shell container.sif
WARNING: seccomp requested but not enabled, seccomp library is missing or too old

This is the same as https://github.com/sylabs/singularity/issues/3418 but the reason why I am posting this here is to understand how seccomp is being or not being used in the Singularity build process.

Is there a setting to request/force/disable the seccomp? Do we want to use seccomp?

I have to admit that the Go based build still feels to me like a black box, as compared to the configuration options with autoconf or cmake.

Thanks,

MC

[Martin Cuma]

I also meant to say that we're on CentOS 7.6 with

$ rpm -qa |grep libseccomp
libseccomp-2.3.1-3.el7.x86_64

[Shenglong Wang]

I have the same issue on CentOS 7.3.1611.

Best,

Shenglong

--
You received this message because you are subscribed to the Google Groups "singularity" group.
To unsubscribe from this group and stop receiving emails from it, send an email to singularity...@lbl.gov.
To view this discussion on the web visit https://groups.google.com/a/lbl.gov/d/msgid/singularity/4230f10c-3783-4dbd-8d41-0a417e8ffac3%40lbl.gov.

[Martin Cuma]

Can someone please update on this warning? Or, even better, how can it be turned off/patched to turn off? I am holding off to releasing 3.2.0 for production for this reason, as I am afraid users will get confused by the warning.

Thanks,

MC

[Tru Huynh]

Hi

I don't see it on my CentOS-7 machines.
[tru@elitebook840g3 ~]$ rpm -q centos-release
centos-release-7-6.1810.2.el7.centos.x86_64
[tru@elitebook840g3 ~]$ rpm -q singularity
singularity-3.2.0-1.el7.x86_64
[tru@elitebook840g3 ~]$ rpm -q libseccomp
libseccomp-2.3.1-3.el7.x86_64
[tru@elitebook840g3 ~]$ singularity exec library://alpine date
INFO: Downloading library image
2.59 MiB / 2.59 MiB [================================] 100.00% 252.85 KiB/s 10s
Fri May 17 18:56:18 CEST 2019

but I can see it on our campus CentOS-6 machines.
[tru@tars-submit0 ~]$ rpm -q centos-release
centos-release-6-10.el6.centos.12.3.x86_64
[tru@tars-submit0 ~]$ module add singularity
[tru@tars-submit0 ~]$ singularity --version
singularity version 3.2.0-1
[tru@tars-submit0 ~]$ rpm -q libseccomp
package libseccomp is not installed
[tru@tars-submit0 ~]$ singularity exec library://alpine date
INFO: Downloading library image
2.59 MiB / 2.59 MiB [===================================] 100.00% 1.53 MiB/s 1s

WARNING: seccomp requested but not enabled, seccomp library is missing or too old

Fri May 17 18:58:42 CEST 2019

ymmv,

Tru
--
Tru Huynh (PhD) | mailto:t...@pasteur.fr | tel +33 1 45 68 87 37
https://research.pasteur.fr/en/team/structural-bioinformatics/
Institut Pasteur, 25-28 rue du Docteur Roux, 75724 Paris CEDEX 15 France

[Martin Cuma]

I was hoping that the issue is that we don't have libseccomp-devel installed by default, so, the mconfig is not finding it and complains:

$ mconfig -v .....

 checking: libseccomp+headers...no

So, we can do

$ sudo yum install libseccomp-devel

and then

$ mconfig -v .....

 checking: libseccomp+headers...yes

This is the case both for 3.1.1 and 3.2.0.

Though, even with the seccomp being enabled, I get that warning:

WARNING: seccomp requested but not enabled, seccomp library is missing or too old

with 3.2.0.

What's up with that? CentOS7 is shipping with libseccomp-devel-2.3.1-3.el7.x86_64

Thanks,

MC