Closed fearful-symmetry closed 2 months ago
A temporary workaround is to set --cgroupns host
, but that obviously has some downsides.
https://man7.org/linux/man-pages/man7/cgroup_namespaces.7.html
Blocked as required https://github.com/elastic/beats/issues/38241 first
The
/proc/[pid]/cgroup
file contains the paths to the cgroups used by the process. Most importantly, this path is relative to the cgroup of the process checking the cgroup. From the man page:This means that if you mount in a process from the host system into a container, you get a relative path:
Right now this library doesn't seem to cope with this, as it assumes a universal base path:
I'm not sure why we didn't catch this before? Perhaps there's a conflux of different docker versions, bugs and configs that have escaped most people.