Skip to content

SteamCMD Errors on 29.4.2 #52506

Closed
#52547
Closed
SteamCMD Errors on 29.4.2#52506
#52547
Labels
area/security/seccompkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.version/29.4
Milestone
29.4.3
@IceOfWraith

Description

@IceOfWraith
IceOfWraith
opened on May 1, 2026

Description

I suspect the cause for the errors below are related to the seccomp profile being tightened for copyfail prevention. The issue is SteamCMD fails in all 29.4.2 containers due to socket errors.

Steam Console Client (c) Valve Corporation - version 1777415795
-- type 'quit' to exit --
Loading Steam API...CreateBoundSocket: failed to create socket, error [no name available] (38)
OK
force_install_dir "4019830"
Connecting anonymously to Steam Public...Retrying...
Retrying...
CreateBoundSocket: failed to create socket, error [no name available] (38)
Retrying...

os-release:
PRETTY_NAME="Ubuntu 24.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.4 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo

Reproduce

In this case, I'm a developer for AMP by CubeCoders so the steps are specific to our software.

  1. Install AMP
  2. Create a game server instance in a Docker container which then starts with a command similar to this: /usr/bin/docker run --rm -d --name AMP_Astroneer01 -e AMPUSERID=1000 -e AMPGROUPID=1000 -e AMPHOSTPLATFORM=Linux -e AMP_INSTANCE_ID=9f07c3e2-c875-443b-a9c7-07cb0eb1967e -e AMP_MOUNTPOINTS="" -e AMP_CONTAINER=1 -v "/home/amp/.ampdata/instances/Astroneer01":/AMP -v "/home/amp/.ampdata/instances/Astroneer01/.virtualhome":/home/amp --net=host -e AMP_CONTAINER_HOST_NETWORK=1 cubecoders/ampbase:debian +Core.Webserver.Port "8082" +Core.Webserver.IPBinding "0.0.0.0" +Core.AMP.InstanceID "9f07c3e2-c875-443b-a9c7-07cb0eb1967e" +Core.Security.MetricsHMAKKey "Redacted"
  3. Update the game server which uses SteamCMD

Expected behavior

The container should be able to run a popular tool like SteamCMD by default without additional configuration. I understand the need to prevent an exploit, but the fix must also not limit functionality negatively.

docker version

Client: Docker Engine - Community
 Version:           29.4.2
 API version:       1.54
 Go version:        go1.26.2
 Git commit:        055a478
 Built:             Fri May  1 10:24:01 2026
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          29.4.2
  API version:      1.54 (minimum version 1.40)
  Go version:       go1.26.2
  Git commit:       d329809
  Built:            Fri May  1 10:24:01 2026
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v2.2.3
  GitCommit:        77c84241c7cbdd9b4eca2591793e3d4f4317c590
 runc:
  Version:          1.3.5
  GitCommit:        v1.3.5-0-g488fc13e
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client: Docker Engine - Community
 Version:    29.4.2
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.33.0
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v5.1.3
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 11
 Server Version: 29.4.2
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 77c84241c7cbdd9b4eca2591793e3d4f4317c590
 runc version: v1.3.5-0-g488fc13e
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 7.0.0-3-pve
 Operating System: Ubuntu 24.04.4 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 12
 Total Memory: 20GiB
 Name: AMPLinuxTest
 ID: e4f9c46b-8ae4-494b-a742-4588aae09f17
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false
 Firewall Backend: iptables

Additional Info

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/security/seccompkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.version/29.4

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions