LnL7/nix-docker

unable to load seccomp BPF program: Invalid argument

bohendo opened this issue · 1 comments

bohendo commented

Progress:

  • I got the lnl7/nix:ssh docker container running w/out any issues
  • I'm able to access the docker container via either ssh local-linux or sudo ssh local-linux
  • I'm using nix-darwin & configured the remote builder like so:
  nix.settings.allowed-users = [ "root" "bohendo" ];
  nix.settings.trusted-users = [ "root" "bohendo" ];
  nix.distributedBuilds = true;
  nix.buildMachines = [{
    hostName = "local-linux";
    sshKey = "/tmp/nix/insecure_rsa";
    sshUser = "root";
    system = "x86_64-linux";
  }];
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';

And when I try to run the test command at the end of the readme, I get the following:

$ nix-build -E 'with import <nixpkgs> { system = "x86_64-linux"; }; hello.overrideAttrs (drv: { REBUILD = builtins.currentTime; })'
this derivation will be built:
  /nix/store/zaz9ii7hy0rf37jdfa0yqf4yddqzshfh-hello-2.12.1.drv
this path will be fetched (0.99 MiB download, 0.99 MiB unpacked):
  /nix/store/pa10z4ngm0g83kx9mssrqzz30s84vq7k-hello-2.12.1.tar.gz
copying path '/nix/store/pa10z4ngm0g83kx9mssrqzz30s84vq7k-hello-2.12.1.tar.gz' from 'https://cache.nixos.org'...
building '/nix/store/zaz9ii7hy0rf37jdfa0yqf4yddqzshfh-hello-2.12.1.drv' on 'ssh://root@local-linux'...
copying 1 paths...
copying path '/nix/store/pa10z4ngm0g83kx9mssrqzz30s84vq7k-hello-2.12.1.tar.gz' to 'ssh://root@local-linux'...
error: build of '/nix/store/zaz9ii7hy0rf37jdfa0yqf4yddqzshfh-hello-2.12.1.drv' on 'ssh://root@local-linux' failed: while setting up the build environment: unable to load seccomp BPF program: Invalid argument
error: builder for '/nix/store/zaz9ii7hy0rf37jdfa0yqf4yddqzshfh-hello-2.12.1.drv' failed with exit code 1

I found a related issue that suggested setting filter-syscalls = false but this option doesn't appear to exist anymore. Even if it did, I'd rather provide a valid argument than disable important safety features. One comment suggested it might be bug in docker so maybe it's something that this repo's docker container could fix? I'm not really sure how to proceed.

  • system: "aarch64-darwin"
  • host os: Darwin 22.1.0, macOS 13.0.1
  • multi-user?: yes
  • sandbox: no
  • version: nix-env (Nix) 2.10.3
  • channels(bohendo): "darwin, nixpkgs"
  • channels(root): "nixpkgs"
  • nixpkgs: /Users/bohendo/.nix-defexpr/channels/nixpkgs