# Redeploying Docker-Based Enterprise Agents for runc Security Fixes As noted [in the ThousandEyes Changelog](https://docs.thousandeyes.com/whats-new/changelog#id-2025-11-21), some Linux Docker-based Enterprise Agents must be updated to apply a new seccomp security profile that addresses runc fixes. If you encounter the following error when you upgrade **runc** or **docker**, you must perform the steps outlined in this article. ``` Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error closing exec fds: get handle to /proc/thread-self/fd: unsafe procfs detected: openat2 fsmount:fscontext:proc/thread-self/fd/: function not implemented: unknown ``` ## Redeployment Instructions To avoid errors in your Docker-based Enterprise Agents, do the following for each agent. 1. Delete any existing **te-seccomp.json** file. `rm /var/docker/configs/te-seccomp.json` 2. Next, you'll extract the following values from the currently running Enterprise Agent container: * **NAME** * **HOST\_VOL\_AGENT\_DIR** These are the values you entered when you originally deployed the agent in **Network & App Synthetics > Agent Settings**, in the **Add New Enterprise Agent** dialog. To extract these values, do the following: 1. List the running containers. `docker ps` 2. In the output, find and copy the **containerID** for the Enterprise Agent container. 3. Get the **NAME** value for that container. In the following command, replace **\** with the value you retrieved in the previous step. `NAME=$(docker inspect -f '{{ .Name | printf "%s" }}' | sed 's|^/||')` 4. Verify that the above command captured the name correctly. `echo $NAME` 5. Get the **HOST\_VOL\_AGENT\_DIR** value for the container. In the following command, replace **\** with the value you retrieved in an earlier step. `HOST_VOL_AGENT_DIR=$(docker inspect -f '{{ range .Mounts }}{{ if eq .Destination "/var/lib/te-browserbot" }}{{ .Source }}{{ end }}{{ end }}' | awk -F'thousandeyes' '{sub(/\/$/, "", $1); print $1}')` 6. Verify that the above command captured the host volume agent directory correctly. `echo $HOST_VOL_AGENT_DIR` 3. In the ThousandEyes platform UI, go to **Network & App Synthetics > Agent Settings** and select the **Enterprise Agents** tab. 4. Click **Add New Enterprise Agent** and select the **Docker** tab. 5. In the dialog that appears, enter the **NAME** value in the **Name** field and the **HOST\_VOL\_AGENT\_DIR** value in the **Host Vol. Agent Directory** field. ![Redeploying your Docker-based Enterprise Agent](/files/u85RgEpDpWGwzPd24JV3) 6. Copy the commands from the **Add New Enterprise Agent** dialog, and run them for the agent container. ![Redeployment commands](/files/J7cBTzNlL7CcUiL6FSCn) 7. At the command line, verify that the Enterprise Agent's container is running. `docker ps` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.thousandeyes.com/product-documentation/global-vantage-points/enterprise-agents/installing/docker-agents/redeploy-docker-ea-runc.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.