T-8891: Compatibility with older Linux systems#10
Merged
Conversation
Member
Author
|
@kessl more context: can't reproduce this on another Ubuntu 20.04 with 5.4.0 kernel, but a slightly newer Docker build ( |
Quick test:
```
Testing version comparison logic:
--------------------------------
✓ 20.10.9 < 20.10.10 = true (expected: true)
✓ 20.10.10 < 20.10.10 = false (expected: false)
✓ 20.10.11 < 20.10.10 = false (expected: false)
✓ 19.03.13 < 20.10.10 = true (expected: true)
✓ 19.99.99 < 20.10.10 = true (expected: true)
✓ 21.0.0 < 20.10.10 = false (expected: false)
✓ 20.10.0 < 20.10.10 = true (expected: true)
✓ 20.9.99 < 20.10.10 = true (expected: true)
```
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Vector fails to start when collector is ran via docker-compose on older Linux systems (e.g. Ubuntu 20.04 Focal, 5.4.x kernel line). The issue traces back to:
Having done some research, I'm of two minds as to what can be causing this:
0xa80425fbmisses both 0x18 and 0x17 (CAP_SYS_RESOURCE,CAP_SYS_NICE). This might result inoperation not permittedon thread creation. 0x18 is a semi-nuclear cap though, so I'm keen to hear your thoughts on this.clone3which isn't explicitly whitelisted, and then Tokio for some reason doesn't fall back toclone. I propose adding an explicit seccomp profile here which is a copy of Docker's default with justclone3added as an alternative to the completely-nuclear option ofseccomp=undefined- to me the latter is not permissible in a production system.timberioVector images, they use Vector via a .deb. We could explore building our own statically-linked Vector (rustflags = ["-C", "target-feature=+crt-static"]etc), but that gives us another moving piece to maintain. Static linking is currently used only for Windows packages it seems (no surprises there).note to self: manual install docs will need updating if we merge with seccomp profile.