Suddenly Thu Jan 1 01:00:00 CET 1970 in container

angrest · April 4, 2022, 9:10am

I'n not really sure what happened, but suddenly, the pihole shows a date of Thu Jan 1 01:00:00 CET 1970 in the log files (and thus as well a lot of errors when it tries to validate dnssec certificates). I've broken that down to the fact that the container actually has that date

host:# date
Mon 04 Apr 2022 11:06:42 AM CEST
host:# docker exec -u 0 -it pihole /bin/bash 
root@34121463a036:/# date
Thu Jan  1 01:00:00 CET 1970
host:# docker ps                             
88cd2199857b   pihole/pihole:latest           "/s6-init"               18 hours ago   Up 9 minutes (unhealthy)   0.0.0.0:53->53/udp, :::53->53/udp, 0.0.0.0:53->53/tcp, :::53->53/tcp, 0.0.0.0:80->80/tcp, 0.0.0.0:67->67/udp, :::80->80/tcp, :::67->67/udp   pihole

I've tried restarting the container, but it sticks to "unhealthy".
Anything else I could do?

angrest · April 4, 2022, 6:11pm

I have recreated the container from scratch. Same problem.
On the other hand, I have other containers running on the same machine where the date is correct,

Bucking_Horn · April 4, 2022, 6:49pm

This seems to be related to Docker and the OS it runs on rather than Pi-hole:
Docker seems unable to provide the correct time for your container.

Are you able to manually set the time from within your Pi-hole container?

date -s "04 APR 2022 20:00:00"

angrest · April 4, 2022, 8:45pm

:/# date -s "04 APR 2022 22:43:00"
date: cannot set date: Operation not permitted
Mon Apr 4 22:43:00 CEST 2022

But - as written above: in another container, date and time are correct.

Bucking_Horn · April 4, 2022, 8:56pm

I'd guess that other container's image to be based on another OS.

A precursory search for your observation of an epoch zero time in containers reveals that you may be affected by the following Docker issue, where one of Docker's dependencies restricts Docker from accessing certain OS side information (e.g. time):

github.com/moby/moby

Seccomp blocks install of "libc6" in Ubuntu 20.04 "focal" image on armhf (arm32v7)

opened 09:27AM - 25 Mar 20 UTC

thaJeztah

exp/expert kind/bug area/security/seccomp

Opening a tracking issue for this for further investigation. More details can be… found in: - https://github.com/docker/containerd-packaging/pull/151 (which I'm using as a debugging environment for this) - https://github.com/dotnet/dotnet-docker/issues/1747 - https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1867675 - (probably unrelated) https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1867431 ### Summary Ubuntu 20.04 ("focal") on armhf (arm32) currently has an issue where it looks like seccomp is blocking a syscall that's used when installing libc6: docker run -e DEBIAN_FRONTEND=noninteractive --rm arm32v7/ubuntu:focal sh -c 'apt-get -q update && apt-get install -y libc6' ... Preparing to unpack .../libc6_2.31-0ubuntu6_armhf.deb ... Checking for services that may need to be restarted... Checking init scripts... Checking for services that may need to be restarted... Checking init scripts... Nothing to restart. Unpacking libc6:armhf (2.31-0ubuntu6) over (2.30-0ubuntu3) ... tar: ./control: Cannot utime: Operation not permitted tar: ./md5sums: Cannot utime: Operation not permitted tar: ./shlibs: Cannot utime: Operation not permitted tar: ./symbols: Cannot utime: Operation not permitted tar: ./triggers: Cannot utime: Operation not permitted tar: .: Cannot utime: Operation not permitted tar: Exiting with failure status due to previous errors dpkg-deb: error: tar subprocess returned error exit status 2 dpkg: error processing archive /var/cache/apt/archives/libcrypt1_1%3a4.4.10-10ubuntu4_armhf.deb (--unpack): dpkg-deb --control subprocess returned error exit status 2 Errors were encountered while processing: /var/cache/apt/archives/libcrypt1_1%3a4.4.10-10ubuntu4_armhf.deb E: Sub-process /usr/bin/dpkg returned an error code (1) #### With seccomp disabled, installing `libc6` is succesfull ```bash docker pull arm32v7/ubuntu:focal && docker run -e DEBIAN_FRONTEND=noninteractive --rm --security-opt seccomp=unconfined arm32v7/ubuntu:focal sh -c 'apt-get -q update && apt-get install -y libc6' ``` <details><summary>output of the above:</summary> ```console focal: Pulling from arm32v7/ubuntu Digest: sha256:18100e418054ebe1be0fff4e514183f28088a0db409df081c3233dd22dcf4a15 Status: Image is up to date for arm32v7/ubuntu:focal docker.io/arm32v7/ubuntu:focal Get:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease [255 kB] Get:2 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease [79.7 kB] Get:3 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease [79.7 kB] Get:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease [79.7 kB] Get:5 http://ports.ubuntu.com/ubuntu-ports focal/restricted armhf Packages [10.8 kB] Get:6 http://ports.ubuntu.com/ubuntu-ports focal/main armhf Packages [1236 kB] Get:7 http://ports.ubuntu.com/ubuntu-ports focal/universe armhf Packages [11.0 MB] Get:8 http://ports.ubuntu.com/ubuntu-ports focal/multiverse armhf Packages [141 kB] Fetched 12.9 MB in 5s (2427 kB/s) Reading package lists... Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: gcc-10-base libc-bin libcrypt1 libgcc-s1 Suggested packages: manpages glibc-doc locales The following NEW packages will be installed: gcc-10-base libcrypt1 libgcc-s1 The following packages will be upgraded: libc-bin libc6 2 upgraded, 3 newly installed, 0 to remove and 55 not upgraded. Need to get 2770 kB of archives. After this operation, 618 kB of additional disk space will be used. Get:1 http://ports.ubuntu.com/ubuntu-ports focal/main armhf gcc-10-base armhf 10-20200324-1ubuntu1 [18.5 kB] Get:2 http://ports.ubuntu.com/ubuntu-ports focal/main armhf libgcc-s1 armhf 10-20200324-1ubuntu1 [36.2 kB] Get:3 http://ports.ubuntu.com/ubuntu-ports focal/main armhf libcrypt1 armhf 1:4.4.10-10ubuntu4 [93.5 kB] Get:4 http://ports.ubuntu.com/ubuntu-ports focal/main armhf libc6 armhf 2.31-0ubuntu6 [2133 kB] Get:5 http://ports.ubuntu.com/ubuntu-ports focal/main armhf libc-bin armhf 2.31-0ubuntu6 [489 kB] debconf: delaying package configuration, since apt-utils is not installed Fetched 2770 kB in 0s (10.7 MB/s) Selecting previously unselected package gcc-10-base:armhf. (Reading database ... 4126 files and directories currently installed.) Preparing to unpack .../gcc-10-base_10-20200324-1ubuntu1_armhf.deb ... Unpacking gcc-10-base:armhf (10-20200324-1ubuntu1) ... Setting up gcc-10-base:armhf (10-20200324-1ubuntu1) ... Selecting previously unselected package libgcc-s1:armhf. (Reading database ... 4132 files and directories currently installed.) Preparing to unpack .../libgcc-s1_10-20200324-1ubuntu1_armhf.deb ... Unpacking libgcc-s1:armhf (10-20200324-1ubuntu1) ... Replacing files in old package libgcc1:armhf (1:9.2.1-21ubuntu1) ... Setting up libgcc-s1:armhf (10-20200324-1ubuntu1) ... (Reading database ... 4134 files and directories currently installed.) Preparing to unpack .../libc6_2.31-0ubuntu6_armhf.deb ... Checking for services that may need to be restarted... Checking init scripts... Checking for services that may need to be restarted... Checking init scripts... Nothing to restart. Unpacking libc6:armhf (2.31-0ubuntu6) over (2.30-0ubuntu3) ... Selecting previously unselected package libcrypt1:armhf. Preparing to unpack .../libcrypt1_1%3a4.4.10-10ubuntu4_armhf.deb ... Unpacking libcrypt1:armhf (1:4.4.10-10ubuntu4) ... Setting up libcrypt1:armhf (1:4.4.10-10ubuntu4) ... Setting up libc6:armhf (2.31-0ubuntu6) ... Checking for services that may need to be restarted... Checking init scripts... Nothing to restart. (Reading database ... 4137 files and directories currently installed.) Preparing to unpack .../libc-bin_2.31-0ubuntu6_armhf.deb ... Unpacking libc-bin (2.31-0ubuntu6) over (2.30-0ubuntu3) ... Setting up libc-bin (2.31-0ubuntu6) ... ``` </details> ### With seccomp enabled, installation fails: ```bash docker pull arm32v7/ubuntu:focal && docker run -e DEBIAN_FRONTEND=noninteractive --rm arm32v7/ubuntu:focal sh -c 'apt-get -q update && apt-get install -y libc6' ``` <details><summary>output of the above:</summary> ```console focal: Pulling from arm32v7/ubuntu Digest: sha256:18100e418054ebe1be0fff4e514183f28088a0db409df081c3233dd22dcf4a15 Status: Image is up to date for arm32v7/ubuntu:focal docker.io/arm32v7/ubuntu:focal Get:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease [255 kB] Get:2 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease [79.7 kB] Get:3 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease [79.7 kB] Get:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease [79.7 kB] Get:5 http://ports.ubuntu.com/ubuntu-ports focal/universe armhf Packages [11.0 MB] Get:6 http://ports.ubuntu.com/ubuntu-ports focal/restricted armhf Packages [10.8 kB] Get:7 http://ports.ubuntu.com/ubuntu-ports focal/main armhf Packages [1236 kB] Get:8 http://ports.ubuntu.com/ubuntu-ports focal/multiverse armhf Packages [141 kB] Fetched 12.9 MB in 6s (2183 kB/s) Reading package lists... Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: gcc-10-base libc-bin libcrypt1 libgcc-s1 Suggested packages: manpages glibc-doc locales The following NEW packages will be installed: gcc-10-base libcrypt1 libgcc-s1 The following packages will be upgraded: libc-bin libc6 2 upgraded, 3 newly installed, 0 to remove and 55 not upgraded. Need to get 2770 kB of archives. After this operation, 618 kB of additional disk space will be used. Get:1 http://ports.ubuntu.com/ubuntu-ports focal/main armhf gcc-10-base armhf 10-20200324-1ubuntu1 [18.5 kB] Get:2 http://ports.ubuntu.com/ubuntu-ports focal/main armhf libgcc-s1 armhf 10-20200324-1ubuntu1 [36.2 kB] Get:3 http://ports.ubuntu.com/ubuntu-ports focal/main armhf libcrypt1 armhf 1:4.4.10-10ubuntu4 [93.5 kB] Get:4 http://ports.ubuntu.com/ubuntu-ports focal/main armhf libc6 armhf 2.31-0ubuntu6 [2133 kB] Get:5 http://ports.ubuntu.com/ubuntu-ports focal/main armhf libc-bin armhf 2.31-0ubuntu6 [489 kB] debconf: delaying package configuration, since apt-utils is not installed Fetched 2770 kB in 1s (5278 kB/s) Selecting previously unselected package gcc-10-base:armhf. (Reading database ... 4126 files and directories currently installed.) Preparing to unpack .../gcc-10-base_10-20200324-1ubuntu1_armhf.deb ... Unpacking gcc-10-base:armhf (10-20200324-1ubuntu1) ... Setting up gcc-10-base:armhf (10-20200324-1ubuntu1) ... Selecting previously unselected package libgcc-s1:armhf. (Reading database ... 4132 files and directories currently installed.) Preparing to unpack .../libgcc-s1_10-20200324-1ubuntu1_armhf.deb ... Unpacking libgcc-s1:armhf (10-20200324-1ubuntu1) ... Replacing files in old package libgcc1:armhf (1:9.2.1-21ubuntu1) ... Setting up libgcc-s1:armhf (10-20200324-1ubuntu1) ... (Reading database ... 4134 files and directories currently installed.) Preparing to unpack .../libc6_2.31-0ubuntu6_armhf.deb ... Checking for services that may need to be restarted... Checking init scripts... Checking for services that may need to be restarted... Checking init scripts... Nothing to restart. Unpacking libc6:armhf (2.31-0ubuntu6) over (2.30-0ubuntu3) ... tar: ./control: Cannot utime: Operation not permitted tar: ./md5sums: Cannot utime: Operation not permitted tar: ./shlibs: Cannot utime: Operation not permitted tar: ./symbols: Cannot utime: Operation not permitted tar: ./triggers: Cannot utime: Operation not permitted tar: .: Cannot utime: Operation not permitted tar: Exiting with failure status due to previous errors dpkg-deb: error: tar subprocess returned error exit status 2 dpkg: error processing archive /var/cache/apt/archives/libcrypt1_1%3a4.4.10-10ubuntu4_armhf.deb (--unpack): dpkg-deb --control subprocess returned error exit status 2 Errors were encountered while processing: /var/cache/apt/archives/libcrypt1_1%3a4.4.10-10ubuntu4_armhf.deb E: Sub-process /usr/bin/dpkg returned an error code (1) ``` </details> ### Information about the environment <details> <summary>docker version</summary> ```console Client: Docker Engine - Community Version: 19.03.5 API version: 1.40 Go version: go1.12.12 Git commit: 633a0ea Built: Wed Nov 13 07:38:47 2019 OS/Arch: linux/arm Experimental: false Server: Docker Engine - Community Engine: Version: 19.03.5 API version: 1.40 (minimum version 1.12) Go version: go1.12.12 Git commit: 633a0ea Built: Wed Nov 13 07:32:48 2019 OS/Arch: linux/arm Experimental: true containerd: Version: 1.2.10 GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339 runc: Version: 1.0.0-rc8+dev GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` </details> <details> <summary>docker info</summary> ``` Client: Debug Mode: false Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 19.03.5 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339 runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 init version: fec3683 Security Options: apparmor seccomp Profile: default Kernel Version: 4.4.127-mainline-rev1 Operating System: Ubuntu 16.04.5 LTS OSType: linux Architecture: armv7l CPUs: 4 Total Memory: 1.974GiB Name: arm32v7-ubuntu-03 ID: W2ZP:3XMC:TH2A:OMPM:V542:GKAR:S6Q3:YKZC:QQHT:ERP2:LNHR:427E Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: true Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false ``` </details> <details> <summary>Output of `check-config.sh`:</summary> ```bash curl -fsSL https://raw.githubusercontent.com/moby/moby/master/contrib/check-config.sh | bash info: reading kernel config from /proc/config.gz ... Generally Necessary: - cgroup hierarchy: properly mounted [/sys/fs/cgroup] - apparmor: enabled and tools installed - CONFIG_NAMESPACES: enabled - CONFIG_NET_NS: enabled - CONFIG_PID_NS: enabled - CONFIG_IPC_NS: enabled - CONFIG_UTS_NS: enabled - CONFIG_CGROUPS: enabled - CONFIG_CGROUP_CPUACCT: enabled - CONFIG_CGROUP_DEVICE: enabled - CONFIG_CGROUP_FREEZER: enabled - CONFIG_CGROUP_SCHED: enabled - CONFIG_CPUSETS: enabled - CONFIG_MEMCG: enabled - CONFIG_KEYS: enabled - CONFIG_VETH: enabled - CONFIG_BRIDGE: enabled (as module) - CONFIG_BRIDGE_NETFILTER: enabled (as module) - CONFIG_NF_NAT_IPV4: enabled (as module) - CONFIG_IP_NF_FILTER: enabled (as module) - CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module) - CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module) - CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module) - CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module) - CONFIG_IP_NF_NAT: enabled (as module) - CONFIG_NF_NAT: enabled (as module) - CONFIG_NF_NAT_NEEDED: enabled - CONFIG_POSIX_MQUEUE: enabled - CONFIG_DEVPTS_MULTIPLE_INSTANCES: enabled Optional Features: - CONFIG_USER_NS: enabled - CONFIG_SECCOMP: enabled - CONFIG_CGROUP_PIDS: enabled - CONFIG_MEMCG_SWAP: enabled - CONFIG_MEMCG_SWAP_ENABLED: enabled [1;30m(cgroup swap accounting is currently enabled) - CONFIG_MEMCG_KMEM: enabled - CONFIG_BLK_CGROUP: enabled - CONFIG_BLK_DEV_THROTTLING: enabled - CONFIG_IOSCHED_CFQ: enabled - CONFIG_CFQ_GROUP_IOSCHED: enabled - CONFIG_CGROUP_PERF: enabled - CONFIG_CGROUP_HUGETLB: missing - CONFIG_NET_CLS_CGROUP: enabled (as module) - CONFIG_CGROUP_NET_PRIO: enabled - CONFIG_CFS_BANDWIDTH: enabled - CONFIG_FAIR_GROUP_SCHED: enabled - CONFIG_RT_GROUP_SCHED: enabled - CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module) - CONFIG_IP_VS: enabled (as module) - CONFIG_IP_VS_NFCT: enabled - CONFIG_IP_VS_PROTO_TCP: enabled - CONFIG_IP_VS_PROTO_UDP: enabled - CONFIG_IP_VS_RR: enabled (as module) - CONFIG_EXT4_FS: enabled - CONFIG_EXT4_FS_POSIX_ACL: enabled - CONFIG_EXT4_FS_SECURITY: enabled - Network Drivers: - "overlay": - CONFIG_VXLAN: enabled (as module) - CONFIG_BRIDGE_VLAN_FILTERING: enabled Optional (for encrypted networks): - CONFIG_CRYPTO: enabled - CONFIG_CRYPTO_AEAD: enabled (as module) - CONFIG_CRYPTO_GCM: enabled (as module) - CONFIG_CRYPTO_SEQIV: enabled (as module) - CONFIG_CRYPTO_GHASH: enabled (as module) - CONFIG_XFRM: enabled - CONFIG_XFRM_USER: enabled (as module) - CONFIG_XFRM_ALGO: enabled - CONFIG_INET_ESP: enabled (as module) - CONFIG_INET_XFRM_MODE_TRANSPORT: enabled - "ipvlan": - CONFIG_IPVLAN: enabled (as module) - "macvlan": - CONFIG_MACVLAN: enabled (as module) - CONFIG_DUMMY: enabled (as module) - "ftp,tftp client in container": - CONFIG_NF_NAT_FTP: enabled (as module) - CONFIG_NF_CONNTRACK_FTP: enabled (as module) - CONFIG_NF_NAT_TFTP: enabled (as module) - CONFIG_NF_CONNTRACK_TFTP: enabled (as module) - Storage Drivers: - "aufs": - CONFIG_AUFS_FS: enabled (as module) - "btrfs": - CONFIG_BTRFS_FS: enabled (as module) - CONFIG_BTRFS_FS_POSIX_ACL: enabled - "devicemapper": - CONFIG_BLK_DEV_DM: enabled (as module) - CONFIG_DM_THIN_PROVISIONING: enabled (as module) - "overlay": - CONFIG_OVERLAY_FS: enabled (as module) - "zfs": - /dev/zfs: missing - zfs command: missing - zpool command: missing Limits: - /proc/sys/kernel/keys/root_maxkeys: 1000000 ``` </details>

EDIT:
I am in no way an expert when it comes to Docker internals, but in an attempt to explain what this is about:
From what I glance from skimming that issue, system level calls from the OS within a container are filtered by Docker before being passed to the host OS of the machine running Docker.
For that purpose, Docker is relying on another package seccomp. Now, for certain host OSs, that package is failing to match the system call of the container OS to the host OS, resulting in incorrect behaviour, while other container OS/seccomp/host OS combinations may work.

In that case, following the link to FAQ - LinuxServer.io provides a few suggestions for potential fixes.

Blockhead · April 4, 2022, 10:53pm

I was sort of hoping the answer would be that angrest created a time machine.

angrest · April 5, 2022, 9:28am

Great - thank you, that helped.
Indeed I had already the backports source configured as explained in the linked article, but for some unknown reason, the updates were not detected. Suddenly, I had about 40 packages to update and afterward, the time in the container is again correct.

system · April 26, 2022, 9:28am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.