TMDS64EVM: Docker error related to kernel build

Hi Debashis,

Our regular AM62x and AM64x Linux SDKs support Docker, and indeed the Kernel config options are slightly different. Example below from AM62x SDK v9.2 (same will apply to AM64x). You can see there's a CGROUP related option in there too, which could well be related to your error message.

root@am62xx-evm:~# zcat /proc/config.gz | grep BPF
CONFIG_BPF=y
CONFIG_HAVE_EBPF_JIT=y
CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
# BPF subsystem
CONFIG_BPF_SYSCALL=y
CONFIG_BPF_JIT=y
# CONFIG_BPF_JIT_ALWAYS_ON is not set
CONFIG_BPF_JIT_DEFAULT_ON=y
CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
# CONFIG_BPF_PRELOAD is not set
# end of BPF subsystem
CONFIG_CGROUP_BPF=y
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
# CONFIG_BPFILTER is not set
# CONFIG_NET_CLS_BPF is not set
# CONFIG_NET_ACT_BPF is not set
# CONFIG_BPF_STREAM_PARSER is not set
# CONFIG_TEST_BPF is not set

I had a quick look, some (all?) of those like CONFIG_BPF_JIT=y come in by way of the standard arch/arm64/configs/defconfig that's used as a base config when building the Kernel used in our Processor SDK Linux. Not sure what Debian is using there or why this doesn't work out of the box (I think it should).

Can you please try transplanting the Linux kernel and the kernel modules (the entire subfolder from /lib/modules/ that matches your current kernel) from an SDK SD card image to your Debian SD card image to see if this gets your Docker working? If it does we can then try to see how to re-build the Debian kernel w/ the appropriate additions. Just trying to double-check that this is what your issue is first.

Regards, Andreas

Hi Andreas ,

Andreas Dannenberg said:

Can you please try transplanting the Linux kernel and the kernel modules (the entire subfolder from /lib/modules/ that matches your current kernel) from an SDK SD card image to your Debian SD card image to see if this gets your Docker working? If it does we can then try to see how to re-build the Debian kernel w/ the appropriate additions. Just trying to double-check that this is what your issue is first.

As per your suggestion,i have copied the all the files inside the /lib/modules from Linux Sdk yocto to the debian os .We are getting error when we check the docker container id (docker ps -a ).

root@am64xx-evm:~# docker ps -a
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

root@am64xx-evm:~# systemctl start docker
[  415.077350] overlay: version magic '6.1.83-ti-gc1c2f1971fbf SMP preempt mod_unload aarc                                                                                                                  h64' should be '6.1.83-k3-rt SMP preempt_rt mod_unload aarch64'
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xeu docker.service" for details.
root@am64xx-evm:~# [  417.689426] overlay: version magic '6.1.83-ti-gc1c2f1971fbf SMP pree                                                                                                                  mpt mod_unload aarch64' should be '6.1.83-k3-rt SMP preempt_rt mod_unload aarch64'
[  420.198142] overlay: version magic '6.1.83-ti-gc1c2f1971fbf SMP preempt mod_unload aarc                                                                                                                  h64' should be '6.1.83-k3-rt SMP preempt_rt mod_unload aarch64'

root@am64xx-evm:~# journalctl -xeu docker.service
░ Automatic restarting of the unit docker.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Jul 24 10:12:32 am64xx-evm systemd[1]: Stopped docker.service - Docker Application Container Engine.
░░ Subject: A stop job for unit docker.service has finished
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A stop job for unit docker.service has finished.
░░ 
░░ The job identifier is 1252 and the job result is done.
Jul 24 10:12:32 am64xx-evm systemd[1]: docker.service: Start request repeated too quickly.
Jul 24 10:12:32 am64xx-evm systemd[1]: docker.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ The unit docker.service has entered the 'failed' state with result 'exit-code'.
Jul 24 10:12:32 am64xx-evm systemd[1]: Failed to start docker.service - Docker Application Container Engine.
░░ Subject: A start job for unit docker.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A start job for unit docker.service has finished with a failure.
░░ 
░░ The job identifier is 1252 and the job result is failed.

Regards,

RajKumar.

Hi Raj,

Raj Kumar said:

As per your suggestion,i have copied the all the files inside the /lib/modules from Linux Sdk yocto to the debian os .We are getting error when we check the docker container id (docker ps -a ).

Did you replace the Kernel too? ("Image") Kernel and modules always need to go together.

Regards, Andreas

Hi Andreas,

Yes, i copied kernel as well  /lib/modules/<image-name>/kernel/*

In yocto ,in side the /lib/modules/<image-name> one extra/cryptodev.ko file is there.we copied that too.

the name of <image-name> i kept like default name (6.1.83-k3-rt)  in debian.

Regards,

RajKumar.

Hi Raj,

I suppose you are using the Debian image from the SDK product folder (https://www.ti.com/tool/PROCESSOR-SDK-AM64X), correct?

There's also a community Debian images ("Armbian") you can try out to see if perhaps Docker works there out of the box (I've not tried this myself): https://www.armbian.com/texas-instruments-sk-am64b/

Regards, Andreas

Hi Andreas,

Andreas Dannenberg said:

I suppose you are using the Debian image from the SDK product folder (https://www.ti.com/tool/PROCESSOR-SDK-AM64X), correct?

yes, you are correct.

Andreas Dannenberg said:

There's also a community Debian images ("Armbian") you can try out to see if perhaps Docker works there out of the box (I've not tried this myself): https://www.armbian.com/texas-instruments-sk-am64b/

we will try this and let you know about the docker related updates but this is for sk-am64b may be some peripheral and Ethernet and other support will be not there. Is it worth to check it?


And we have 1 more problem if we will use the yocto with docker.
we want to install ethercat inside the docker. So, for that we required linux kernel header(of that yocto kernel) in /usr/src/ but in yocto is it possible?

Hi Andreas,

we tried that debian os and its successfully working with docker.

root@sk-am64b:~# docker run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

root@sk-am64b:~# zcat /proc/config.gz | grep BPF
CONFIG_BPF=y
CONFIG_HAVE_EBPF_JIT=y
CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
# BPF subsystem
CONFIG_BPF_SYSCALL=y
CONFIG_BPF_JIT=y
# CONFIG_BPF_JIT_ALWAYS_ON is not set
CONFIG_BPF_JIT_DEFAULT_ON=y
CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
# CONFIG_BPF_PRELOAD is not set
# end of BPF subsystem
CONFIG_CGROUP_BPF=y
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
# CONFIG_BPFILTER is not set
# CONFIG_NET_CLS_BPF is not set
# CONFIG_NET_ACT_BPF is not set
# CONFIG_BPF_STREAM_PARSER is not set
# CONFIG_TEST_BPF is not set

Great, thanks for running this additional experiment! Can you just use this Debian image for now?

Also I filed an internal issue report (SITSW-4864) to have this investigated/fixed with the "TI Debian" image for the next release.

Regards, Andreas

Hi Andreas,

Can you please tell us, when will be your next release .Because we required docker environment in our current development and we are waiting for this. 

Regards,

Rajkumar.

Hi Raj,

I think an SDK v10.0 release of the Debian SDK should land later next month but I'm double-checking with the team. I'm also trying to get my hands on an early RC image to double check Docker support to see if this still needs to get fixed for 10.0 or may have gotten fixed "automatically" already as part of the Kernel/Debian migration to newer versions. Will report back here soon.

Regards, Andreas

Hi Raj,

I've gotten hold of the latest internal integration/test image (pre-SDK v10.0) for AM64 for Debian from our software team. Can you please go to below link and download the image and try it out to see if it does what you need with Docker.

Link: https://tidrive.ext.ti.com/u/lvY5N-F2OSaE9jk7/e7bdaf1c-901d-4207-b5a4-9d8cd02fa187?l
Access Code: VgM39$me

(link is valid for 30 days from today)

Regards, Andreas

Hi Andreas ,

Andreas Dannenberg said:

Link: tidrive.ext.ti.com/.../e7bdaf1c-901d-4207-b5a4-9d8cd02fa187

we tried with this sdk version ,when we tried to install the docker from the official site  we are getting error as mentioned below.

apt-get update
Get:2 http://deb.debian.org/debian trixie InRelease [169 kB]
Ign:3 https://download.docker.com/linux/debian trixie InRelease
Hit:1 https://texasinstruments.github.io/ti-debpkgs trixie InRelease           
Err:4 https://download.docker.com/linux/debian trixie Release
  404  Not Found [IP: 13.32.251.26 443]
Get:5 http://deb.debian.org/debian trixie/main arm64 Packages.diff/Index [27.9 kB]
Get:6 http://deb.debian.org/debian trixie/main Translation-en.diff/Index [27.9 kB]
Get:7 http://deb.debian.org/debian trixie/main arm64 Packages 2024-07-29-0809.55.pdiff [35 B]
Get:7 http://deb.debian.org/debian trixie/main arm64 Packages 2024-07-29-0809.55.pdiff [35 B]
Get:8 http://deb.debian.org/debian trixie/main Translation-en 2024-07-29-0809.55.pdiff [33 B]
Get:8 http://deb.debian.org/debian trixie/main Translation-en 2024-07-29-0809.55.pdiff [33 B]
Reading package lists... Done                                
E: The repository 'https://download.docker.com/linux/debian trixie Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

we got to know that ,it is a trixie version of Debian and we manually changed the version to bookworm inside path: /etc/apt/sources.list.d/docker.list for docker installation after this change , docker was successfully installed and service also running .

But,when we were trying to pull our docker image it was showing :operation not supported error as mentioned below .

0c6714baa1a0: Download complete 
 208.4MB/513.7MB                                                                30c8256a15f0: Download complete 
failed to register layer: lsetxattr security.capability /usr/bin/ping: operation not supported

Can you check it and let me know ?and if it is debian bookwarm it could be better for us.And if we go with the docker ,for ipc what are the things we need to copy/ mount inside a docker container ?

Regards ,

Raj Kumar.

Hi Raj,

Andreas is currently out of office, please expect delays in answers.

Regards,
Krunal

Raj Kumar said:

we got to know that ,it is a trixie version of Debian and we manually changed the version to bookworm inside path: /etc/apt/sources.list.d/docker.list for docker installation after this change , docker was successfully installed and service also running .

Yes this isn't available for Trixie yet it seems; and what you did is quite creative, glad to see you were able to get this working nevertheless!

Raj Kumar said:

But,when we were trying to pull our docker image it was showing :operation not supported error as mentioned below .

Looks like some security/privilege type of issue. Try googling using this error message, this should be a common thing not really related to the TI platform. I had a quick look myself and somebody suggested it may be if the Kernel isn't configured with CONFIG_KERNEL_EXT4_FS_SECURITY=y. Can you double-check this parameter in your running system? (use `zcat /proc/config.gz`).

Also often such issues can be eliminated by running Docker with elevated privileges, there's a command line option you can use (at least for testing purposes), see https://docs.docker.com/reference/cli/docker/container/run/#privileged, but this may not apply to your specific operation of pulling an image.

Also as Krunal said I'm currently out of the office, so responses will be slower.

Regards, Andreas

Hi Andreas,

Andreas Dannenberg said:

Can you double-check this parameter in your running system? (use `zcat /proc/config.gz`).

       _,met$$$$$gg.          root@am64xx-evm
    ,g$$$$$$$$$$$$$$$P.       ---------------
  ,g$$P"     """Y$$.".        OS: Debian GNU/Linux trixie/sid aarch64
 ,$$P'              `$$$.     Host: Texas Instruments AM642 EVM
',$$P       ,ggs.     `$$b:   Kernel: 6.6.32-k3
`d$$'     ,$P"'   .    $$$    Uptime: 45 secs
 $$P      d$'     ,    $$P    Packages: 555 (dpkg)
 $$:      $$.   -    ,d$$'    Shell: bash 5.2.21
 $$;      Y$b._   _,d$P'      Terminal: /dev/ttyS2
 Y$$.    `.`"Y$$$$P"'         CPU: (2)
 `$$b      "-.__              Memory: 104MiB / 1814MiB
  `Y$$
   `Y$$.
     `$$b.
       `Y$$b.
          `"Y$b._
              `"""

root@am64xx-evm:~# zcat /proc/config.gz | grep SECURITY
# CONFIG_IP_NF_SECURITY is not set
# CONFIG_IP6_NF_SECURITY is not set
# CONFIG_EXT3_FS_SECURITY is not set 
# CONFIG_EXT4_FS_SECURITY is not set
CONFIG_UBIFS_FS_SECURITY=y
CONFIG_NFS_V4_SECURITY_LABEL=y
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
# CONFIG_SECURITY_NETWORK is not set
# CONFIG_SECURITY_PATH is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_LOADPIN is not set
# CONFIG_SECURITY_YAMA is not set
# CONFIG_SECURITY_SAFESETID is not set
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
# CONFIG_SECURITY_LANDLOCK is not set
CONFIG_DEFAULT_SECURITY_DAC=y

Debashis Mahanty said:

There's also a community Debian images ("Armbian") you can try out to see if perhaps Docker works there out of the box (I've not tried this myself): https://www.armbian.com/texas-instruments-sk-am64b/

and when we test with this os (Debian Armbian)
CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT4_FS_SECURITY=y

# CONFIG_IP_NF_SECURITY is not set
# CONFIG_IP6_NF_SECURITY is not set
CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT4_FS_SECURITY=y
CONFIG_UBIFS_FS_SECURITY=y
CONFIG_NFS_V4_SECURITY_LABEL=y
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
# CONFIG_SECURITY_NETWORK is not set
# CONFIG_SECURITY_PATH is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_LOADPIN is not set
# CONFIG_SECURITY_YAMA is not set
# CONFIG_SECURITY_SAFESETID is not set
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
# CONFIG_SECURITY_LANDLOCK is not set
CONFIG_DEFAULT_SECURITY_DAC=y

Regards,
Debashis

Thanks for confirming, so it sounds like you need to re-build the Kernel with that config option turned on, and then you should be able to use the "Trixie" image. I'll talk  with the development team to see if we can turn those on by default.

Regards, Andreas

Hi andres,

we downloaded latest sdk release from the ti i.e debian trixie version 10 and try to install the docker from official docker website https://docs.docker.com/engine/install/debian/ .while installing & apt-update the docker ,it can not able to find trixie realease so its pops up Error:Docker Repository Does Not Have a Release File on Running apt-get update .so i modified docker version from trixie to bookworm inside  path: /etc/apt/sources.list.d/docker.list .with this change it was installed successfully.But when try to run the docker helloworld test image it was shoiwng the error mentioned below.

root@am64xx-evm:~# docker run hello_world
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'.
root@am64xx-evm:~# systemctl status docker.service 
× docker.service - Docker Application Container Engine
     Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: enable>
     Active: failed (Result: exit-code) since Mon 2024-08-19 06:51:19 UTC; 1h 29min >
 Invocation: 29fd54b4df0e44f49defe292b2c726c2
TriggeredBy: × docker.socket
       Docs: https://docs.docker.com
    Process: 6718 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/c>
   Main PID: 6718 (code=exited, status=1/FAILURE)

Aug 19 06:51:19 am64xx-evm systemd[1]: docker.service: Scheduled restart job, restar>
Aug 19 06:51:19 am64xx-evm systemd[1]: docker.service: Start request repeated too qu>
Aug 19 06:51:19 am64xx-evm systemd[1]: docker.service: Failed with result 'exit-code>
Aug 19 06:51:19 am64xx-evm systemd[1]: Failed to start docker.service - Docker Appli>
root@am64xx-evm:~# systemctl restart docker.service 
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xeu docker.service" for details.
root@am64xx-evm:~# journalctl -xeu docker.service
░░ The job identifier is 4057 and the job result is failed.
Aug 19 08:21:38 am64xx-evm systemd[1]: docker.service: Scheduled restart job, restar>
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ Automatic restarting of the unit docker.service has been scheduled, as the result>
░░ the configured Restart= setting for the unit.
Aug 19 08:21:38 am64xx-evm systemd[1]: docker.service: Start request repeated too qu>
Aug 19 08:21:38 am64xx-evm systemd[1]: docker.service: Failed with result 'exit-code>
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ The unit docker.service has entered the 'failed' state with result 'exit-code'.
Aug 19 08:21:38 am64xx-evm systemd[1]: Failed to start docker.service - Docker Appli>
░░ Subject: A start job for unit docker.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A start job for unit docker.service has finished with a failure.
░░ 
░░ The job identifier is 4151 and the job result is failed.

The config flags from the kerrnel config.gz are mentioned below.

root@am64xx-evm:~# zcat /proc/config.gz | grep BPF
CONFIG_BPF=y
CONFIG_HAVE_EBPF_JIT=y
CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
# BPF subsystem
# CONFIG_BPF_SYSCALL is not set
# CONFIG_BPF_JIT is not set
# end of BPF subsystem
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
# CONFIG_BPFILTER is not set
# CONFIG_NET_CLS_BPF is not set
# CONFIG_NET_ACT_BPF is not set
# HID-BPF support
# end of HID-BPF support
# CONFIG_TEST_BPF is not set

 when i ran dockerd (docker daemon) .it was showing the error which mentioned below.

root@am64xx-evm:~# dockerd
INFO[2024-08-19T08:22:44.898285515Z] Starting up                                  
INFO[2024-08-19T08:22:45.064468422Z] [graphdriver] using prior storage driver: overlay2 
INFO[2024-08-19T08:22:45.066076333Z] Loading containers: start.                   
INFO[2024-08-19T08:22:45.102591018Z] unable to detect if iptables supports xlock: 'iptables --wait -L -n': `iptables: Failed to initialize nft: Protocol not supported`  error="exit status 1"
INFO[2024-08-19T08:22:45.469521514Z] stopping event stream following graceful shutdown  error="<nil>" module=libcontainerd namespace=moby
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables: Failed to initialize nft: Protocol not supported
 (exit status 1)

Andreas Dannenberg said:

Link: tidrive.ext.ti.com/.../e7bdaf1c-901d-4207-b5a4-9d8cd02fa187
Access Code: VgM39$me

in previous replay ,you have sended the same version of sdk .That time also we faced the same issue and the external file security flags also not set in the latest release also.

root@am64xx-evm:~# zcat /proc/config.gz | grep SECURITY
# CONFIG_IP_NF_SECURITY is not set
# CONFIG_IP6_NF_SECURITY is not set
# CONFIG_EXT3_FS_SECURITY is not set
# CONFIG_EXT4_FS_SECURITY is not set
CONFIG_UBIFS_FS_SECURITY=y
CONFIG_NFS_V4_SECURITY_LABEL=y
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
# CONFIG_SECURITY_NETWORK is not set
# CONFIG_SECURITY_PATH is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_LOADPIN is not set
# CONFIG_SECURITY_YAMA is not set
# CONFIG_SECURITY_SAFESETID is not set
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
# CONFIG_SECURITY_LANDLOCK is not set
CONFIG_DEFAULT_SECURITY_DAC=y

Thankyou,

Raj.

Hi Andreas,
the major issue with this flags as well as may be with security flags also.
# CONFIG_BPF_SYSCALL is not set
# CONFIG_BPF_JIT is not set

root@am64xx-evm:~# docker images
REPOSITORY    TAG       IMAGE ID       CREATED         SIZE
hello-world   latest    ee301c921b8a   15 months ago   9.14kB
root@am64xx-evm:~# docker run hello-world
[ 2138.335947] docker0: port 1(veth9e13c6d) entered blocking state
[ 2138.337573] docker0: port 1(veth9e13c6d) entered disabled state
[ 2138.337640] veth9e13c6d: entered allmulticast mode
[ 2138.338503] veth9e13c6d: entered promiscuous mode
[ 2138.338621] audit: type=1700 audit(1724396490.229:158): dev=veth9e13c6d prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
[ 2138.343023] audit: type=1300 audit(1724396490.229:158): arch=c00000b7 syscall=206 success=yes exit=40 a0=e a1=40006ba570 a2=28 a3=0 items=0 ppid=1 pid=814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" exe="/usr/bin/dockerd" key=(null)
[ 2138.343059] audit: type=1327 audit(1724396490.229:158): proctitle=2F7573722F62696E2F646F636B657264002D480066643A2F2F002D2D636F6E7461696E6572643D2F72756E2F636F6E7461696E6572642F636F6E7461696E6572642E736F636B
[ 2138.998252] docker0: port 1(veth9e13c6d) entered disabled state
[ 2139.007106] veth9e13c6d (unregistering): left allmulticast mode
[ 2139.009659] veth9e13c6d (unregistering): left promiscuous mode
[ 2139.009791] audit: type=1700 audit(1724396490.887:159): dev=veth9e13c6d prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
[ 2139.010800] docker0: port 1(veth9e13c6d) entered disabled state
[ 2139.053350] audit: type=1300 audit(1724396490.887:159): arch=c00000b7 syscall=206 success=yes exit=32 a0=e a1=400068dfc0 a2=20 a3=0 items=0 ppid=1 pid=814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" exe="/usr/bin/dockerd" key=(null)
[ 2139.053459] audit: type=1327 audit(1724396490.887:159): proctitle=2F7573722F62696E2F646F636B657264002D480066643A2F2F002D2D636F6E7461696E6572643D2F72756E2F636F6E7461696E6572642F636F6E7461696E6572642E736F636B
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error setting cgroup config for procHooks process: bpf_prog_query(BPF_CGROUP_DEVICE) failed: function not implemented: unknown.

Regards,
Debashis