Box fails to start with exit code 159 (SIGSYS/seccomp) on Linux kernel 6.17 — nanosleep syscall blocked #267
Description
Running examples/python/01_getting_started/run_codebox.py crashes on my system. I had claude code help me draft this bug report.
Summary
All boxes fail to start with exit code 159 (SIGSYS) on Linux kernel 6.17.9. The boxlite-shim process is killed by the seccomp filter because the nanosleep syscall
is not in the allowlist.
Environment
- OS: Pop!_OS (Ubuntu-based), Linux 6.17.9-76061709-generic x86_64
- boxlite SDK: 0.5.13 (also reproduced on 0.5.12)
- Python: 3.14.2
- KVM: /dev/kvm is accessible (read+write)
Steps to Reproduce
uv run python examples/python/01_getting_started/run_codebox.py
Error Output
RuntimeError: engine reported an error: Box 01KHESHRNKZEKPFJZTR7Q1NQBP failed to start
Exit code: 159 (unknown signal)
Boxlite Logs
From ~/.boxlite/logs/boxlite.log.2026-02-14:
2026-02-14T19:20:26.613942Z INFO boxlite::jailer::command: Building bwrap-isolated command
2026-02-14T19:20:26.649097Z INFO boxlite::jailer::command: Using copied shim binary (Firecracker pattern)
original=/home/winni/proj/sandi/.venv/lib/python3.14/site-packages/boxlite/runtime/boxlite-shim
copied=/home/winni/.boxlite/boxes/01KHESHRNKZEKPFJZTR7Q1NQBP/bin/boxlite-shim
2026-02-14T19:20:26.650443Z INFO boxlite::vmm::controller::shim: boxlite-shim subprocess spawned box_id=01KHESHRNKZEKPFJZTR7Q1NQBP pid=10509
shim_spawn_duration_ms=40
2026-02-14T19:20:26.650568Z INFO boxlite::vmm::controller::shim: VM subprocess started successfully box_id=01KHESHRNKZEKPFJZTR7Q1NQBP
2026-02-14T19:20:27.151516Z WARN boxlite::litebox::init::tasks::guest_connect: VM subprocess exited unexpectedly during startup pid=10509 exit_code=159
2026-02-14T19:20:27.151577Z ERROR boxlite::litebox::init::tasks: Task failed: engine reported an error: Box 01KHESHRNKZEKPFJZTR7Q1NQBP failed to start
Root Cause Analysis
I traced the shim process with strace -f and found the cause. The shim's threads are killed by a seccomp filter that blocks the nanosleep syscall:
--- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x74a74d818497, si_syscall=__NR_nanosleep, si_arch=AUDIT_ARCH_X86_64} ---
+++ killed by SIGSYS (core dumped) +++
Exit code 159 = 128 + 31 (SIGSYS). The seccomp filter applied by the bwrap jailer does not include nanosleep in its allowlist. On kernel 6.17, something in
libkrun's threads calls nanosleep (rather than clock_nanosleep), triggering the kill.
Full strace excerpt showing the cascade — one thread hits the seccomp violation, then all threads are killed:
10047 rt_sigaction(SIGSYS, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
10049 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x74a74d818497, si_syscall=__NR_nanosleep, si_arch=AUDIT_ARCH_X86_64} ---
10054 +++ killed by SIGSYS (core dumped) +++
10053 +++ killed by SIGSYS (core dumped) +++
10052 +++ killed by SIGSYS (core dumped) +++
10051 +++ killed by SIGSYS (core dumped) +++
10050 +++ killed by SIGSYS (core dumped) +++
10049 +++ killed by SIGSYS (core dumped) +++
10048 +++ killed by SIGSYS (core dumped) +++
10047 +++ killed by SIGSYS (core dumped) +++
10046 exit_group(159)
10045 exit_group(159)
Suggested Fix
Add nanosleep to the seccomp allowlist in the jailer/bwrap configuration (alongside the existing clock_nanosleep entry).