Trying to build the dev env so I can evaluate the isaac_ros gems. Using the run_dev.sh script in isaac_ros_common. The script downloads the ros image then I get this error.
failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: error adding seccomp filter rule for syscall clone3: permission denied: unknown
~/gem_ws/src/isaac_ros_common
I’m told this is a known error. I tried the fixes that were suggested but still stuck on this error. I noticed the other day when I did a apt upgrade that a new containerd was installed so thought that would be the fix however the error is still there. Any way to get around this? Any timeline on when it will be fixed?
Hi @danpollock, that apt upgrade of containerd/docker.io package is what is causing the error. You can either downgrade these packages, or add --security-opt seccomp=unconfined to the docker run command that launches the container.
For more info about downgrading the packages, see these posts:
I tried going back to containerd 1.5.2 the new one is 1.5.5. That didn’t work. So tried the other option. This is the code snippit. Perhaps I put it in the wrong place.
Run container from image
print_info “Running $CONTAINER_NAME”
docker run -it --rm --security-opt= “seccomp=unconfined”
–privileged --network host \
Yea, I think you have the right location, here:
It should be --security-opt seccomp=unconfined (it looks like you have some extra quotes/characters in yours)
Are you able to run l4t-base with this flag? (pick the l4t-base tag that corresponds to your version of JetPack-L4T)
sudo docker run -it --rm --net=host --runtime nvidia --security-opt seccomp=unconfined -e DISPLAY=$DISPLAY -v /tmp/.X11-unix/:/tmp/.X11-unix nvcr.io/nvidia/l4t-base:r32.6.1
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.