Docker-compose，Swag 错误：“您的 DockerHost 很可能运行过时版本的 libseccomp”

Question

我不确定出了什么问题。我刚刚开始学习docker，我正在尝试使用反向代理做一个项目。我在家里的 RPI 4 上运行 docker 和 docker-compose。但是，在使用以下信息创建并运行 docker-compose.yml 后，我遇到了问题：

version: '2.1'
services:
  duckdns:
    image: linuxserver/duckdns
    container_name: duckdns
    environment:
      - PUID=1000 #optional
      - PGID=1000 #optional
      - TZ=America/New_York
      - SUBDOMAINS=My_SubDomain,
      - TOKEN=myToken
      - LOG_FILE=false #optional
    volumes:
      - /home/pi/compose/data/duckdns/config:/config #optional
    restart: unless-stopped

  swag:
    image: linuxserver/swag
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/New_York
      - URL=My_SUBDOMAIN.duckdns.org
      - SUBDOMAINS=www,
      - VALIDATION=duckdns
      - DNSPLUGIN=cloudflare #optional
      - PROPAGATION= #optional
      - DUCKDNSTOKEN=MY_TOKEN
      - EMAIL= #optional
      - ONLY_SUBDOMAINS=false #optional
      - EXTRA_DOMAINS= #optional
      - STAGING=false #optional
    volumes:
      - /home/pi/compose/data/swag/config:/config
    ports:
      - 443:443
      - 80:80 #optional
    restart: unless-stopped

我的 duckdns 已启动并正在运行，并且我打开了路由器上的端口。（这是一个好主意吗）

然后我用 sudo docker-compose up -d swag && sudo docker log -f swag 运行我的 Swag

错误出现后不久：

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
generating self-signed keys in /config/keys, you can replace these with your own keys if required
Generating a RSA private key
..........+++++
...........+++++
writing new private key to '/config/keys/cert.key'
-----
3069969296:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
[cont-init.d] 30-keygen: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...
usermod: no changes

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid:    1000
User gid:    1000
-------------------------------------
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Your DockerHost is most likely running an outdated version of libseccomp

To fix this, please visit https://docs.linuxserver.io/faq#libseccomp

Some apps might not behave correctly without this

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
generating self-signed keys in /config/keys, you can replace these with your own keys if required
Generating a RSA private key
......................+++++
.........+++++
writing new private key to '/config/keys/cert.key'
-----
3069641616:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
[cont-init.d] 30-keygen: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

我检查了“DockerHost 很可能运行过时版本的 libseccomp”之后的链接，但我不确定我做错了什么。

任何想法都会非常感激。

---

我删除了容器，然后尝试了您提到的两种故障排除方法，但我不断收到相同的错误。我需要在路由器上打开端口 80 和 443 吗？我现在已经禁用它们了。

执行sudo docker-compose up -d swag && sudo docker logs -f swag后出现的最新错误

    Creating swag ... done
    [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
    [s6-init] ensuring user provided files have correct perms...exited 0.
    [fix-attrs.d] applying ownership & permissions fixes...
    [fix-attrs.d] done.
    [cont-init.d] executing container initialization scripts...
    [cont-init.d] 01-envfile: executing...
    [cont-init.d] 01-envfile: exited 0.
    [cont-init.d] 10-adduser: executing...
    
    -------------------------------------
              _         ()
             | |  ___   _    __
             | | / __| | |  /  \
             | | \__ \ | | | () |
             |_| |___/ |_|  \__/
    
    
    Brought to you by linuxserver.io
    -------------------------------------
    
    To support the app dev(s) visit:
    Certbot: https://supporters.eff.org/donate/support-work-on-certbot
    
    To supp

ort LSIO projects visit:
    https://www.linuxserver.io/donate/
    -------------------------------------
    GID/UID
    -------------------------------------
    
    User uid:    1000
    User gid:    1000
    -------------------------------------
    
    
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    
    Your DockerHost is most likely running an outdated version of libseccomp
    
    To fix this, please visit https://docs.linuxserver.io/faq#libseccomp
    
    Some apps might not behave correctly without this
    
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    
    [cont-init.d] 10-adduser: exited 0.
    [cont-init.d] 20-config: executing...
    [cont-init.d] 20-config: exited 0.
    [cont-init.d] 30-keygen: executing...
    generating self-signed keys in /config/keys, you can replace these with your own keys if required
    Generating a RSA private key
    ................................................+++++
    .......................................................................+++++
    writing new private key to '/config/keys/cert.key'
    -----
    3069698960:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
    [cont-init.d] 30-keygen: exited 1.
    [cont-finish.d] executing container finish scripts...
    [cont-finish.d] done.
    [s6-finish] waiting for services.
    [s6-finish] sending all processes the TERM signal.
    [s6-finish] sending all processes the KILL signal and exiting.

Answer 1

在 Raspberry Pi 上升级到新的 Swag 映像时，我也遇到了这个错误。他们在Linux 服务器常见问题解答页面上解决了这个问题。

他们使用 dpkg 手动安装更新的库的建议有效：

wget http://ftp.us.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.5.1-1_armhf.deb
sudo dpkg -i libseccomp2_2.5.1-1_armhf.deb

截至 21 年 4 月 13 日，wget 命令中的包地址是正确的。您可以通过浏览此处找到最新版本。

另一种解决方案是添加 Debian Buster 的向后移植存储库：

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
echo "deb http://deb.debian.org/debian buster-backports main" | sudo tee -a /etc/apt/sources.list.d/buster-backports.list
sudo apt update
sudo apt install -t buster-backports libseccomp2

您还可以在常见问题解答页面上查看解决此问题的其他建议。