search

kata-containers / runtime

Kata Containers version 1.x runtime (for version 2.x see https://github.com/kata-containers/kata-containers).
https://katacontainers.io/
Apache License 2.0
2.1k stars 376 forks source link

Loop devices are wrongly hotplugged when using privileged containers #2426

Closed darfux closed 4 years ago

darfux commented 4 years ago

Description of problem

When starting a privileged container, the loop devices of host will be hotplugged to pod as block devices.

Expected result

Don't hotplug the loop devices in the spec of privileged container.

Actual result

The dmesg of pod will show lots of messages like:

[   22.020384] scsi 0:0:0:252: Direct-Access     QEMU     QEMU HARDDISK
[   22.021520] sd 0:0:0:252: Power-on or device reset occurred
[   22.021870] sd 0:0:0:252: [sdis] Read Capacity(16) failed: Result: hostbyte=0x00 driverbyte=0x08
[   22.021973] sd 0:0:0:252: [sdis] Sense Key : 0x2 [current] 
[   22.022034] sd 0:0:0:252: [sdis] ASC=0x4 ASCQ=0x3 
[   22.022187] sd 0:0:0:252: [sdis] Read Capacity(10) failed: Result: hostbyte=0x00 driverbyte=0x08
[   22.022315] sd 0:0:0:252: [sdis] Sense Key : 0x2 [current] 
[   22.022383] sd 0:0:0:252: [sdis] ASC=0x4 ASCQ=0x3 
[   22.022594] sd 0:0:0:252: [sdis] 0 512-byte logical blocks: (0 B/0 B)
[   22.022674] sd 0:0:0:252: [sdis] 0-byte physical blocks
[   22.022763] sd 0:0:0:252: [sdis] Write Protect is off
[   22.022833] sd 0:0:0:252: [sdis] Mode Sense: 5b 00 00 00
[   22.022949] sd 0:0:0:252: [sdis] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[   22.023621] sd 0:0:0:252: [sdis] Read Capacity(16) failed: Result: hostbyte=0x00 driverbyte=0x08
[   22.023733] sd 0:0:0:252: [sdis] Sense Key : 0x2 [current] 
[   22.023804] sd 0:0:0:252: [sdis] ASC=0x4 ASCQ=0x3 
[   22.023947] sd 0:0:0:252: [sdis] Read Capacity(10) failed: Result: hostbyte=0x00 driverbyte=0x08
[   22.024057] sd 0:0:0:252: [sdis] Sense Key : 0x2 [current] 
[   22.024112] sd 0:0:0:252: [sdis] ASC=0x4 ASCQ=0x3 
[   22.024419] sd 0:0:0:252: [sdis] Attached SCSI disk
[   22.096149] scsi 0:0:1:1: Direct-Access     QEMU     QEMU HARDDISK
[   22.097095] sd 0:0:1:1: Power-on or device reset occurred
[   22.097403] sd 0:0:1:1: [sdix] Read Capacity(16) failed: Result: hostbyte=0x00 driverbyte=0x08
[   22.097516] sd 0:0:1:1: [sdix] Sense Key : 0x2 [current] 
[   22.097586] sd 0:0:1:1: [sdix] ASC=0x4 ASCQ=0x3 
[   22.097729] sd 0:0:1:1: [sdix] Read Capacity(10) failed: Result: hostbyte=0x00 driverbyte=0x08
[   22.097840] sd 0:0:1:1: [sdix] Sense Key : 0x2 [current] 
[   22.097896] sd 0:0:1:1: [sdix] ASC=0x4 ASCQ=0x3 
[   22.098069] sd 0:0:1:1: [sdix] 0 512-byte logical blocks: (0 B/0 B)
[   22.098150] sd 0:0:1:1: [sdix] 0-byte physical blocks
[   22.098246] sd 0:0:1:1: [sdix] Write Protect is off
[   22.098314] sd 0:0:1:1: [sdix] Mode Sense: 5b 00 00 00
[   22.098430] sd 0:0:1:1: [sdix] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[   22.099095] sd 0:0:1:1: [sdix] Read Capacity(16) failed: Result: hostbyte=0x00 driverbyte=0x08
[   22.099212] sd 0:0:1:1: [sdix] Sense Key : 0x2 [current] 
[   22.099286] sd 0:0:1:1: [sdix] ASC=0x4 ASCQ=0x3 
[   22.099429] sd 0:0:1:1: [sdix] Read Capacity(10) failed: Result: hostbyte=0x00 driverbyte=0x08
[   22.099540] sd 0:0:1:1: [sdix] Sense Key : 0x2 [current] 
[   22.099595] sd 0:0:1:1: [sdix] ASC=0x4 ASCQ=0x3 
[   22.099878] sd 0:0:1:1: [sdix] Attached SCSI disk
amshinde commented 4 years ago

@darfux With privileged containers, all devices on the host are passed to the container which means any block devices are hotplugged. We added a configuration with containers and crio to tackle this. Please take a look at this: https://github.com/kata-containers/documentation/blob/master/how-to/privileged.md

amshinde commented 4 years ago

@darfux Closing this. Please reopen if you think this is still relevant.

darfux commented 4 years ago

@amshinde got it, thanks 😃