Container creation / destruction freezes KDE desktop

IevgenVovk commented 4 years ago

[x] This is a bug report
[ ] This is a feature request
[x] I searched existing issues before opening this one

Starting Docker containers on KDE-enabled systems leads to the desktop (KDE Plasma) being irresponsible while the containers are created or destroyed. The duration of the desktop frozen state increases with the number of containers run and their start up times.

The issues seems be linked to container mount points being discovered by KDE and appearing, e.g., in the KDE-enabled file managers (e.g. Dolphin, Krusader). Discussion in the KDE bug tracker suggested Docker does not mark the containers as not meant as a user-accessible storage, proposing it should make use of x-gvfs-hidden option to solve this.

Expected behavior

Container start/stop does not freeze the desktop; containers do not appear in the file managers device lists.

Actual behavior

Desktop freezes creation/destruction. Each run container gets a link e.g. in the Dolphin "Devices" list.

Steps to reproduce the behavior

Use this docker-compose configuration (7 vanilla ubuntu containers):
```
# File "docker-freeze-kde.yaml"
version: '3'
```

services: ubuntu-test-0: container_name: ubuntu-test-0 image: ubuntu:latest entrypoint: ["sleep", "infinity"] ubuntu-test-1: container_name: ubuntu-test-1 image: ubuntu:latest entrypoint: ["sleep", "infinity"] ubuntu-test-2: container_name: ubuntu-test-2 image: ubuntu:latest entrypoint: ["sleep", "infinity"] ubuntu-test-3: container_name: ubuntu-test-3 image: ubuntu:latest entrypoint: ["sleep", "infinity"] ubuntu-test-4: container_name: ubuntu-test-4 image: ubuntu:latest entrypoint: ["sleep", "infinity"] ubuntu-test-5: container_name: ubuntu-test-5 image: ubuntu:latest entrypoint: ["sleep", "infinity"] ubuntu-test-6: container_name: ubuntu-test-6 image: ubuntu:latest entrypoint: ["sleep", "infinity"]

2. Run `docker-compose -f docker-freeze-kde.yaml up`; let containers to start.
3. Press Ctrl+C; let them stop.
4. Run `docker-compose -f docker-freeze-kde.yaml down`

Experience the desktop (e.g. KDE Plasma task bar) freezing and subsequently thawing (after a while).

**Output of `docker version`:**

Client: Docker Engine - Community Version: 19.03.12 API version: 1.40 Go version: go1.13.10 Git commit: 48a66213fe Built: Mon Jun 22 15:45:44 2020 OS/Arch: linux/amd64 Experimental: false

Server: Docker Engine - Community Engine: Version: 19.03.12 API version: 1.40 (minimum version 1.12) Go version: go1.13.10 Git commit: 48a66213fe Built: Mon Jun 22 15:44:15 2020 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.2.13 GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc: Version: 1.0.0-rc10 GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd docker-init: Version: 0.18.0 GitCommit: fec3683


**Output of `docker info`:**

Client: Debug Mode: false

Server: Containers: 11 Running: 0 Paused: 0 Stopped: 11 Images: 1454 Server Version: 19.03.12 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd init version: fec3683 Security Options: apparmor seccomp Profile: default Kernel Version: 5.4.0-42-generic Operating System: Ubuntu 20.04.1 LTS OSType: linux Architecture: x86_64 CPUs: 8 Total Memory: 15.56GiB Name: Hyperion ID: 2Z7O:HDBF:OEW2:GSCZ:H4BN:7JCI:42MU:2VT2:SNYV:M72R:FPLZ:2NDB Docker Root Dir: /media/data/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

WARNING: No swap limit support



**Additional environment details (AWS, VirtualBox, physical, etc.)**
Machine: laptop (physical)
OS: Kubuntu 20.04
KDE Plasma 5.18.5
KDE frameworks 5.68

thaJeztah commented 4 years ago

I recall there were udev rules that were added way in the past (for devicemapper at the time); https://github.com/moby/moby/pull/2983, but I don't think those are still included, and would likely have to be updated, or a different approach as you describe. Is x-gvfs-hide specific for KDE? I'd be a bit cautious with adding options that are very specific to the environment.

/cc @tianon

tianon commented 4 years ago

Heh, the udev rules added there are still included in the repo, and in downstream distro packages: https://github.com/moby/moby/blob/7ae5222c72cc2aac42225df8f62c2f71a1813ab4/contrib/udev/80-docker.rules

(not sure if they're still included in the Docker-published packages)

As for x-gvfs-hide being KDE-specific; if anything it's GNOME-specific and KDE happens to read/use it too (gvfs is technically a GNOME thing, but it's reasonably standardized these days, in my experience).

In other words, yeah, I think it would be pretty reasonable for Docker to apply this to rootfs mounts, although I am curious why it doesn't come up more often (ie, what are other display managers doing differently to hide the Docker mounts)?

IevgenVovk commented 4 years ago

I don't think udev rules are shipped with Docker packages (at least in Ubuntu):

apt-file list docker-ce
docker-ce: /etc/default/docker            
docker-ce: /etc/init.d/docker
docker-ce: /etc/init/docker.conf
docker-ce: /lib/systemd/system/docker.service
docker-ce: /lib/systemd/system/docker.socket
docker-ce: /usr/bin/docker-init
docker-ce: /usr/bin/docker-proxy
docker-ce: /usr/bin/dockerd
docker-ce: /usr/share/doc/docker-ce/README.md
docker-ce: /usr/share/doc/docker-ce/changelog.Debian.gz

apt-file list docker-ce-cli
docker-ce-cli: /usr/bin/docker            
docker-ce-cli: /usr/libexec/docker/cli-plugins/docker-app
docker-ce-cli: /usr/libexec/docker/cli-plugins/docker-buildx
docker-ce-cli: /usr/share/bash-completion/completions/docker
docker-ce-cli: /usr/share/doc/docker-ce-cli/changelog.Debian.gz
docker-ce-cli: /usr/share/fish/vendor_completions.d/docker.fish
...
(Clearly unrelated /usr/share/man/ entries suppressed)

I've tried manually adding them and restarting udev, but this didn't help (also tried replacing "/var/lib/docker/*" with "/media/data/docker/*"). Am not sure if a full reboot is required to apply them; if so, can try it later, as the machine is now in use.

dmvslv commented 4 years ago

I've same issue. I'm using kubuntu 20.04. I tried to add https://github.com/moby/moby/blob/7ae5222c72cc2aac42225df8f62c2f71a1813ab4/contrib/udev/80-docker.rules in /etc/udev/rules.d but it's not working.

I am curious why it doesn't come up more often (ie, what are other display managers doing differently to hide the Docker mounts)?

As I understand it was ok for KDE. It stop working after this fix https://phabricator.kde.org/D22080 which allow to add overlay fs in Dolphin file manager. One more thread related to this issue.

Saboteur777 commented 3 years ago

Following the thread linked by @dmvslv:

solid-hardware5 list

udi = '/org/kde/fstab'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/7da333276364f9d119028db21847141988decd8567a5e8bd241779e96e4dccd8/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/5cf89946bd6472d9791888db9a4118383c23b8fcf05d1962367cbf383b68d1ef/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/b68d0c59567d2c8c577b1b55aee1792b7db86eb95cea8ce101392c4058897c8c/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/97f27433aee03359b9afebf89b907f60b96e125c1078b75a5eb135d612932de1/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/fac298fe2ce931af6a44b28d617987950411df118d09495627957f969acf8f9f/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/08f0724e7b747d21dad70eeb26dabe3aa6a4a31a2a8666a5201a2247c2f7d47a/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/718bda7c52051b735d9ff331a86a87171fee095690128a6c6b5d0aeba19fc9a2/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/6f80955eed645e2e872a3a1e637ad126b40d473ecffbe4409691f0bdf7ce4393/merged'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DLL06E4:01/0018:06CB:7A13.0001/input/input13'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DLL06E4:01/0018:06CB:7A13.0001/input/input13/event8'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DLL06E4:01/0018:06CB:7A13.0001/input/input13/mouse0'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DLL06E4:01/0018:06CB:7A13.0001/input/input14'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DLL06E4:01/0018:06CB:7A13.0001/input/input14/event9'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DLL06E4:01/0018:06CB:7A13.0001/input/input14/mouse1'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1c.0/0000:02:00.0/net/wlp2s0'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/hwC0D0'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/hwC0D2'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D0c'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D0p'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D10p'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D3p'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D7p'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D8p'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D9p'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/controlC0'
udi = '/org/kde/solid/udev/sys/devices/platform/serial8250/tty/ttyS0'
udi = '/org/kde/solid/udev/sys/devices/platform/serial8250/tty/ttyS1'
udi = '/org/kde/solid/udev/sys/devices/platform/serial8250/tty/ttyS2'
udi = '/org/kde/solid/udev/sys/devices/platform/serial8250/tty/ttyS3'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu0'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu1'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu2'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu3'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu4'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu5'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu6'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu7'
udi = '/org/kde/solid/udev/sys/devices/virtual/input/input35/event19'
udi = '/org/kde/solid/udev/sys/devices/virtual/input/input35/mouse2'
udi = '/org/kde/solid/udev/sys/devices/virtual/misc/uhid/0005:046D:B023.0005/input/input32'
udi = '/org/kde/solid/udev/sys/devices/virtual/misc/uhid/0005:046D:B023.0005/input/input32/event20'
udi = '/org/kde/solid/udev/sys/devices/virtual/misc/uhid/0005:046D:B023.0005/input/input32/mouse3'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-052ac8a5a965'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-09722d8ff285'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-17441e0ab94a'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-380f5236d6ca'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-4de11b8c4723'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-9a3b649224b1'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-9b33d4733457'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-a8268e336c52'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-c1abc059a354'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-cc78f835ff43'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-d6ad604d680b'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-dceec219c738'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/docker0'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/lo'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/veth0b5f749'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/veth3a168c8'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/veth5b4c0db'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/veth81d2f2d'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/vetha2d0258'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/vethb49dbdc'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/vethea924ec'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/vethf5cc398'
udi = '/org/kde/solid/udev/sys/devices/virtual/sound/timer'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1p2'
udi = '/org/freedesktop/UDisks2/block_devices/loop0'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1'
udi = '/org/freedesktop/UDisks2/block_devices/loop6'
udi = '/org/freedesktop/UDisks2/block_devices/loop7'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1p3'
udi = '/org/freedesktop/UDisks2/block_devices/loop1'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1p4'
udi = '/org/freedesktop/UDisks2/block_devices/loop2'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1p5'
udi = '/org/freedesktop/UDisks2/block_devices/loop3'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1p6'
udi = '/org/freedesktop/UDisks2/block_devices/loop4'
udi = '/org/freedesktop/UDisks2/block_devices/loop5'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1p1'
udi = '/org/freedesktop/UDisks2/drives/THNSN5512GPU7_NVMe_TOSHIBA_512GB_46FS10AHT5ZV'
udi = '/org/freedesktop/UPower'
udi = '/org/freedesktop/UPower/devices/line_power_AC'
udi = '/org/freedesktop/UPower/devices/battery_BAT0'
udi = '/org/freedesktop/UPower/devices/mouse_dev_D9_D3_23_91_17_66'
udi = '/org/freedesktop/UPower/devices/battery_hidpp_battery_3'

solid-hardware5 details /org/kde/fstab/overlay/var/lib/docker/overlay2/5cf89946bd6472d9791888db9a4118383c23b8fcf05d1962367cbf383b68d1ef/merged

udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/5cf89946bd6472d9791888db9a4118383c23b8fcf05d1962367cbf383b68d1ef/merged'
  parent = '/org/kde/fstab'  (string)
  vendor = 'overlay'  (string)
  product = '/var/lib/docker/overlay2/5cf89946bd6472d9791888db9a4118383c23b8fcf05d1962367cbf383b68d1ef/merged'  (string)
  description = '/var/lib/docker/overlay2/5cf89946bd6472d9791888db9a4118383c23b8fcf05d1962367cbf383b68d1ef/merged (overlay)'  (string)
  icon = 'folder'  (string)
  StorageAccess.accessible = true  (bool)
  StorageAccess.filePath = '/var/lib/docker/overlay2/5cf89946bd6472d9791888db9a4118383c23b8fcf05d1962367cbf383b68d1ef/merged'  (string)
  StorageAccess.ignored = false  (bool)

According to /u/kbroulik/:

"fstab backend only hides those with x-gvfs-hide option set"

Summary: it seems the x-gvfs-hide option should be set.

Paradox-AT commented 3 years ago

Guys any updates or a possible fix??

codestation commented 3 years ago

In my case the udev rules did nothing after creating the file and rebooting, i still see a bunch of entries on Dolphin device listing. Maybe the rules are outdated (last commit to that file was in 2013).

Ubuntu 20.04 (KDE Neon) Docker 19.03.13 (Swarm mode)

patrolez commented 3 years ago

~Ok, I would like to precise how things are going.~

~Before placing the UDEV rule, Plasma Desktop was displaying burst of notifications which said that volume is not reachable or something like that.~

~After applying that UDEV rules file, these notifications are not appearing, Plasma still "freezes", but for significantly reduced period comparing to situation without this UDEV file.~

~I am working using 9 containers in docker-compose and that UDEV file made it more comfortable.~

EDIT: I have removed this UDEV rule, ale seems like something different caused that there are no notifications anymore. I have also learned how UDEV rules work and it is not possible that it would work with newest Docker-CE.

patrolez commented 3 years ago

I was jumping around Docker-CE code, and seems that the lowest layers of mounting are using: https://golang.org/pkg/syscall/#Mount https://golang.hotexamples.com/examples/syscall/-/Mount/golang-mount-function-examples.html

I think relevant calls are somewhere there: https://github.com/moby/moby/tree/master/daemon/graphdriver/overlay which calls/references to: https://github.com/moby/sys

NOTE: I am not aware how graphdriver or just drivers are working in Docker-CE.

Worth looking part is a flow of /etc/docker/daemon.json parsing while using devicemapper because it has storage-opt flow implemented: https://docs.docker.com/engine/reference/commandline/dockerd/#options-per-storage-driver which might be a way to be "a model" for all another Linux storage drivers, to introduce a way, to pass x-gvfs-hide mounting attribute.

I think "a bottleneck" to introduce that option is https://github.com/moby/sys/blob/master/mount/mounter_linux_test.go If I understand correctly moby/sys is "hand-made" middleware/translator between graphdriver and syscall/Mount.

I think that is not "trivial" to pass x-gvfs-hide via config - especially without GoLang IDE. Maybe hard-coding an option as being Linux specific could be easier.

AlexanderBartash commented 3 years ago

I have upgraded to kubuntu 20.10 and the problem seems to be gone now.

patrolez commented 3 years ago

In my case fresh booting of the newest KDE Neon does not cause freezing Plasma, but with "brute-force-like" test, while doing looped up-sleep-down-sleep in sequence it appears again after a while.

atetzner commented 3 years ago

In my case, the desktop seems to freeze due to lots of notification popups. As a (very ugly) workaround, you can disable them, preventing the desktop from freezing:

Right click the notifications icon in the task bar
Select "Configure Event notifications and actions"
Button "Configure"
Select "Plasma Workspace" in the list
Button "Configure Events..."
Select notification with title "Fatal error" in the list
Disable the checkboxes for "Play a sound" and "Show a message in a popup"
Save/close all windows

gpintore82 commented 3 years ago

Any updates on this?

ibaisi commented 3 years ago

I'm having a similar issue. Any ETA on when this will be fixed?

jkt628 commented 3 years ago

i bind mount /var/lib/docker to my encrypted /home/docker and dolphin shows TWO entries for every container:

/var/lib/docker /home/docker

this very much wants configuration but LibSolid is quite lacking in documentation.

ronoaldo commented 2 years ago

I'm facing this issue and could not find any workaround either from Docker side (i.e., is there a way to add the x-gfvs-hide option at mount time?) or from KDE (not sure if there is an option to ignore the mounting of these volumes).

I'm really unsure about the motivations from KDE to the patch linked, specially because they sort of ignored situations such ephemeral mounts that should not be remembered as removable media. KDE keeps track of these volumes on two places, one is the ~/.local/share/user-places.xbel file, that remembers these entries (each of them, forever!!!) and the other is the removable media devices seen by KDED in another file under ~/.config. After a few time, it is just crazy full and started to break other stuff like loading the removable media screen.

I'm using KDE from Debian Stable now, so I'm doomed with no updates on this even if fixed by KDE unless I patch it myself (which I may do eventually).

Following up if this ever get fixed by Docker side. Thanks for the attention.

patrolez commented 2 years ago

I'm using KDE from Debian Stable now

I can only say, that using:

Docker version 20.10.11, build dea9396

and

Package: plasma-desktop
Version: 4:5.23.4-0xneon+20.04+focal+release+build45

Seems to not cause any troubles, but I can't tell you what have changed and what caused "a fix", and which version of all packages variations/permutations provided the fix.

Niklex21 commented 1 year ago

The issue still persists on my system, following here for updates on a fix.

docker / for-linux