Introduction
After update or new installation of the TFE with the latest Amazon Linux 2 (AMI as of 1/1/2024) replicated service fails to start
Problem
When checking replicated logs you will see the follow errors
journalctl -u replicated
Jan 04 11:35:48 ip-xxxx.ec2.internal docker[xx]: runtime/cgo: pthread_create failed: Operation not permitted Jan 04 11:35:48 ip-xxxx.ec2.internal docker[xx]: SIGABRT: abort
Cause
- Due to some security settings that caused hardening on Amazon Linux 2 so
libseccomp
permissions needs to be fixed in the profile. The effect of"SCMP_ACT_ERRNO"
is to cause a Permission Denied error. hence come the need to override this profile with to beSCMP_ACT_ALLOW
.
Solutions:
- Follow the steps in this documentation to amend the
/etc/docker/seccomp.json
file
From step 1 to step 4 -
Before continuing make sure to change in file
etc/docker/seccomp.json
occurrence of"defaultAction": "SCMP_ACT_ERRNO",
to"defaultAction": "SCMP_ACT_ALLOW"
- Continue steps from 5 to the end
- Once finished the replicated service will start normally