Simon Krenger

I recently bought an NVIDIA Jetson Nano Developer Kit to fiddle around with things like MicroShift or TensorFlow. The board is typically used with L4T (Linux for Tegra) based on Ubuntu 18.04. Fedora can also be installed, although not all drivers (for example for the GPU) are available yet. So after properly updating the system with the latest packages, when starting a container using the nvidia runtime, I got the following error:

docker run -it --rm --runtime nvidia --network host nvcr.io/nvidia/l4t-ml:r32.6.1-py3
[..]
docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: error adding seccomp filter rule for syscall clone3: permission denied: unknown.

The root cause for this is an incompatibility between the latest versions of docker.io, containerd and the NVIDIA packages.

So to resolve this issue, downgrade the following two packages:

• containerd to version 1.5.2 (containerd_1.5.2-0ubuntu1~18.04.3_arm64.deb)
• docker.io to version 19.03.6 (docker.io_19.03.6-0ubuntu1~18.04.3_arm64.deb)

Download these packages and install them using apt install and then block them from upgrading using apt-mark:

apt install ./containerd_1.5.2-0ubuntu1~18.04.3_arm64.deb ./docker.io_19.03.6-0ubuntu1~18.04.3_arm64.deb
apt-mark hold docker.io containerd

Once this is done, restart docker and then docker run should work as expected. Other solutions (here) suggest to use the nvidia.github.io repositories, but that did not work for me as it lead to other issues.