由于 Synology NAS 上没有 CONFIG_SECCOMP,SonarQube 无法在 Synology NAS Docker 上启动。在启动 ElasticSearch 时,是否有选项可以忽略 SonarQube 的 SECCOMP?
2022-11-26T11:00:50.430590094Z stdout java.lang.UnsupportedOperationException: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
2022-11-26T11:00:50.429641210Z stdout 2022.11.26 11:00:50 WARN es[][o.e.b.JNANatives] unable to install syscall filter:
2022-11-26T11:00:47.894977919Z stdout 2022.11.26 11:00:47 INFO app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
答案1
为了启动 ElasticSearch,还必须挂载额外的配置文件:sonar.properties此文件位于/opt/sonarqube/conf/sonar.properties并包含选项sonar.search.javaAdditionalOpts=。
sonar.search.javaAdditionalOpts=-Dbootstrap.system_call_filter=false
ElasticSearch 允许禁用 SECCOMP 检查,但这并不安全。默认情况下,此配置可以/etc/elasticsearch/elasticsearch.yaml根据这个答案