CentOS Linux release 7.5.1804 (Core)
Configuring a production cluster, and ES refuses to start:
1:33:56,454][INFO ][o.e.t.TransportService ] [node-68795-C] publish_address {192.168.200.162:9300}, bound_addresses {192.168.200.162:9300}
[2018-10-28T21:33:56,467][INFO ][o.e.b.BootstrapChecks ] [node-68795-C] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2018-10-28T21:33:56,494][ERROR][o.e.b.Bootstrap ] [node-68795-C] node validation exception
[1] bootstrap checks failed
[1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
OK, so I go to check the presence of seccomp:
[$]# cat /boot/config-`uname -r` | grep CONFIG_SECCOMP=
CONFIG_SECCOMP=y
[$]# CONFIG_SECCOMP=y
So, looks and smells like seccomp is present.
What next?
The root cause: /tmp was mounted as noexec
It turns out that two or three bootstrap checks fail if /tmp is noexec.
Solve for /tmp, and all the other issues are resolved!