search

containers / crun

A fast and lightweight fully featured OCI runtime and C library for running containers
GNU General Public License v2.0
3.07k stars 310 forks source link

v1.11.1 does not support Ubuntu 20.04 #1338

Closed saschagrunert closed 1 year ago

saschagrunert commented 1 year ago

I had to upgrade the CI to Ubuntu 22.04 in https://github.com/kubernetes-sigs/cri-tools/pull/1286, because critest with crun v1.11.1 fails on various tests: https://github.com/kubernetes-sigs/cri-tools/actions/runs/6727706730/job/18291789222

[FAILED] failed to create container: rpc error: code = Unknown desc = container create failed: read from sync socket

Machine information:

Operating System
  Ubuntu
  20.04.6
  LTS
Runner Image
  Image: ubuntu-20.04
  Version: 202[3](https://github.com/kubernetes-sigs/cri-tools/actions/runs/6730239008/job/18292549471?pr=1286#step:1:3)1025.1.0
  Included Software: https://github.com/actions/runner-images/blob/ubuntu20/20231025.1/images/linux/Ubuntu200[4](https://github.com/kubernetes-sigs/cri-tools/actions/runs/6730239008/job/18292549471?pr=1286#step:1:4)-Readme.md
  Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu20%2F2023102[5](https://github.com/kubernetes-sigs/cri-tools/actions/runs/6730239008/job/18292549471?pr=1286#step:1:5).1
Runner Image Provisioner
  2.0.3[12](https://github.com/kubernetes-sigs/cri-tools/actions/runs/6730239008/job/18292549471?pr=1286#step:1:14).1

Can we do something about this?

raphaelheinrich commented 1 year ago

I run in the same issue with my local Fedora installation. Since the last system update I can no longer start containers with podman, podman run always aborts with the following error message:

crun: {"msg":"read from sync socket","level":"error","time":"2023-11-01T23:59:24.863327Z"}: OCI runtime error

After downgrading crun from v1.11.1 to v1.8.3 everything works as before.

System information.

OS
  Fedora Linux 38 (Server Edition)
Hardware info
  Intel(R) Client Systems NUC8i5BEH
  Intel(R) Core(TM) i5-8259U CPU @ 2.30GHz

BTW - Podman runs smoothly on my laptop with a similar software setup and same OS version.

giuseppe commented 1 year ago

@raphaelheinrich do you have a reproducer?

raphaelheinrich commented 1 year ago

Hi @giuseppe

I found the cause of the problem for me. In an older Fedora version, I had activated cgroup v1 via Kernel parameter (systemd.unified_cgroup_hierarchy=0) in order to be able to use Docker. I have now reverted this change and podman works as usual again with version v1.11.1.

giuseppe commented 1 year ago

crun should work fine with cgroup v1 too. What issue have you encountered?

raphaelheinrich commented 1 year ago

I can also recreate the problem on a second machine (OS: Fedora Linux 38 (Workstation Edition)). With active cgroup v1 I cannot start a container. But only when I run this as sudo, rootless also works fine with active cgroup v1.

I can say that the error only occurs for me when cgroup v1 is active and I start container as root.

In the log I see a Failed to create container: exit status 139 to that. I have attached the log entry for this.

cgroup_issue_protocol_log.txt

rhatdan commented 1 year ago

cgroups V1 can not go away fast enough. :^(

ANISANi commented 1 year ago

I have too issue with crun 1.11.1 on Arch Linux, I downgrade crun from cache. Now I use 1.9.2 and all works well...

giuseppe commented 1 year ago

could you please verify if https://github.com/containers/crun/pull/1341 solves the problem you are seeing?

If you confirm it does, I can cut a new release with it