I am having a nixos system with BPF_SYSCALL disabled with below configurations:
[root@nixos:/sys/fs/cgroup]# zgrep BPF /proc/config.gz
CONFIG_BPF=y
CONFIG_HAVE_EBPF_JIT=y
CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
# BPF subsystem
# CONFIG_BPF_SYSCALL is not set
CONFIG_BPF_JIT=y
CONFIG_BPF_JIT_DEFAULT_ON=y
# end of BPF subsystem
CONFIG_IPV6_SEG6_BPF=y
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
# CONFIG_BPFILTER is not set
CONFIG_NET_CLS_BPF=m
CONFIG_NET_ACT_BPF=m
CONFIG_LWTUNNEL_BPF=y
when i run docker and docker-compose of chirpstack, i see below error
May 05 00:38:45 nixos bash[13245]: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error setting cgroup config for procHooks process: bpf_prog_query(BPF_CGROUP_DEVICE) failed: function not implemented: unknown
unfortunately, i cannot change nixos kernel. is there a way to make docker-compose not trigger these BPF calls?
i tried executing chirpstack docker using docker-compose up and expecting all the containers to be run properly without error even when SYSCALL_BPF is disabled in nixos kernel when i manually enabled BPF_SYSCALL in the kernel, then error is not seen. But this is not a solution for my case.
