After the first boot of Jetpack4.6 I am running on terminal:
sudo apt update
sudo apt upgrade
At which point I am asked if I want to restart the Docker daemon after the update, and I do.
If I then pull this container:
sudo docker pull nvcr.io/nvidia/l4t-pytorch:r32.6.1-pth1.9-py3
and try to run it with:
sudo docker run -it --rm --runtime nvidia --network host nvcr.io/nvidia/l4t-pytorch:r32.6.1-pth1.9-py3
I get:
docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: error adding seccomp filter rule for syscall clone3: permission denied: unknown.
Is there a way to restore the docker installation?
I have reinstalled Jetpack and repeated the docker pull and run command and it works without error, as soon as I apt update and upgrade docker stops working. I have a dozen of these devices and would prefer not having to restore each.
Hi,
Just want to confirm the environment first:
Default JetPack 4.6: working.
JetPack4.6 + apt update: OCI runtime create failed
Is this correct? Both working and non-working case are using JetPack 4.6 BSP?
Thanks.
That is correct, the issue is with:
jetson-nano-2gb-jp46-sd-card-image
jetson-nx-jp46-sd-card-image
The apt upgrade is what seems to get the OCI runtime failure.
Hi @harrison-matt, can you try starting the container with --security-opt seccomp=unconfined flag? If that doesn’t work, please see these topics to downgrade your docker packages:
I just tried it:
$ sudo docker run -it --rm --runtime nvidia --network host nvcr.io/nvidia/l4t-pytorch:r32.6.1-pth1.9-py3 --security-opt seccomp=unconfined
Returns:
docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: error adding seccomp filter rule for syscall clone3: permission denied: unknown.
I followed the instructions from:
https://github.com/dusty-nv/jetson-containers/issues/108
https://forums.developer.nvidia.com/t/docker-containers-wont-run-after-recent-apt-get-upgrade/194369/11
I combined the instructions, with a revision to the /etc/apt/preferences section and here they are:
wget https://launchpad.net/ubuntu/+source/docker.io/20.10.2-0ubuntu1~18.04.2/+build/21335731/+files/docker.io_20.10.2-0ubuntu1~18.04.2_arm64.deb
sudo dpkg -i docker.io_20.10.2-0ubuntu1~18.04.2_arm64.deb
rm docker.io_20.10.2-0ubuntu1~18.04.2_arm64.deb
sudo apt install containerd=1.5.2-0ubuntu1~18.04.3
To keep the apps from updating:
sudo nano /etc/apt/preferences
Package: docker.io
Pin: version 20.10.2*
Pin-Priority: 1001
Package: containerd
Pin: version 1.5.2*
Pin-Priority: 1001
After all of that you can sudo apt update and sudo apt upgrade and run the containers. Works on both the Xavier NX and the Nano.
Thanks @harrison-matt for confirming and posting the steps that worked for you here.
It works on Nano! Thank you @harrison-matt.
BTW, there seems to be typo in contained, which should be containerd I think.