curl not working in golang:1.20.5

[chensun]

With golang:1.20.5 image, we got error running curl command:

curl: (6) getaddrinfo() thread failed to start

Related: kubeflow/pipelines#9650

Downgrading to golang:1.20.4 fixes the issue.

[yosifkit]

I'd guess that it is Docker with libseccomp; a newer syscall used in Debian Bookworm packages/libs is being blocked.

libseccomp lets you configure allowed syscalls for a process. Docker sets a default seccomp profile for all containers such that only certain syscalls are allowed and everything else is blocked (so, newer syscalls that are not yet known to libseccomp or docker are blocked).

• verify that it is libseccomp by running the Bookworm-based image with --security-opt seccomp=unconfined
  • use only as a test; it is less secure to keep running them "unconfined"
  • learn more: https://docs.docker.com/engine/security/seccomp/
• one fix:
  • update libseccomp and docker on the host running the containers
• one workaround:
  • switch to the *bullseye images (in the golang images, these will continue to be maintained/updated until the earliest of the respective Golang end of life or the next Debian release, Debian Trixie)

If it is libseccomp, then it is a duplicate of #467.