The issue with “No monotonic clock was available - timed services may be adversely affected if the time-of-day clock changes” or “nanosleep(100ms) failed. Operation not permitted” (wanted to place those explicit messages in for the search later ) seems to only occur on recent Raspbian 32-bit installations running Docker.
It seems that this issue report discusses the need for libseccomp2
library to be updated to address this issue. This solved the problem for me on a Raspbian 32-bit install:
# Install a few prerequisite packages to be able to do the build
sudo apt install build-essential git gperf
# Download the libseccomp2 release package and unpack
wget https://github.com/seccomp/libseccomp/releases/download/v2.5.1/libseccomp-2.5.1.tar.gz
tar zvxf libseccomp-2.5.1.tar.gz
cd libseccomp-2.5.1
# Build and install
./configure && make
sudo make install
# Preserve the original libraries from the .deb package from the base install
mkdir ~/old-libs
sudo mv /usr/lib/arm-linux-gnuabihf/libseccomp.so.2* ~/old-libs/
# Remove the library cache and rebuild
sudo rm /etc/ld.so.cache
sudo ldconfig
Once I updated libseccomp2
, I was able to start the container without privileged mode. One additional note/disclaimer on the steps above–these updates are being done outside the scope of the package manager and may cause things in the future to break. I couldn’t find the equivalent of a debian backports repo for Raspberry Pi OS; there may be a “more official” way to get that library up-to-date.
Hope this helps!
Kevin C.