search

nestybox / sysbox

An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
Apache License 2.0
2.82k stars 159 forks source link

Issue: Excessive Creation of Temporary Directories in Root with Sysbox #829

Open xabru opened 3 months ago

xabru commented 3 months ago

Description:

We have observed that many temporary directories are being created in the root directory with names following the pattern .sysbox-sysfs-<number>. This is causing clutter and potential confusion.

System Environment:

Additional Information:

This issue might have arisen because I masked the following services using systemctl:

systemctl mask \
    systemd-udevd.service \
    systemd-udevd-kernel.socket \
    systemd-udevd-control.socket \
    systemd-modules-load.service \
    sys-kernel-config.mount \
    sys-kernel-debug.mount \
    sys-kernel-tracing.mount \
    e2scrub_all.timer \
    e2scrub_reap \
    accounts-daemon.service \
    rtkit-daemon.service \
    systemd-hostnamed.service

$_ ls -hasl /

└> ll /
total 284
drwxr-xr-x   1 root   root    4096 Aug 24 17:51 ./
drwxr-xr-x   1 root   root    4096 Aug 24 17:51 ../
lrwxrwxrwx   1 root   root       7 Apr 22 08:08 bin -> usr/bin/
drwxr-xr-x   2 root   root    4096 Mar 31 04:00 bin.usr-is-merged/
drwxr-xr-x   2 root   root    4096 Apr 22 08:08 boot/
drwxr-xr-x   6 root   root     440 Aug 24 17:50 dev/
-rwxr-xr-x   1 root   root       0 Aug 24 17:50 .dockerenv*
drwxr-xr-x   2 root   root    4096 Aug 23 07:48 dockerstartup/
drwxr-xr-x   1 root   root    4096 Aug 24 17:50 etc/
drwxr-xr-x   1 root   root    4096 Aug 23 07:40 home/
lrwxrwxrwx   1 root   root       7 Apr 22 08:08 lib -> usr/lib/
lrwxrwxrwx   1 root   root       9 Apr 22 08:08 lib64 -> usr/lib64/
drwxr-xr-x   2 root   root    4096 Apr  8 09:37 lib.usr-is-merged/
drwxr-xr-x   2 root   root    4096 Aug  1 06:59 media/
drwxr-xr-x   2 root   root    4096 Aug  1 06:59 mnt/
drwxr-xr-x   1 root   root    4096 Aug 24 17:50 opt/
dr-xr-xr-x 283 root   root       0 Aug 24 17:50 proc/
drwx------   1 root   root    4096 Aug 24 18:59 root/
drwxr-xr-x  20 root   root     580 Aug 24 17:51 run/
lrwxrwxrwx   1 root   root       8 Apr 22 08:08 sbin -> usr/sbin/
drwxr-xr-x   2 root   root    4096 Mar 31 04:00 sbin.usr-is-merged/
drwxr-xr-x   2 root   root    4096 Aug  1 06:59 srv/
dr-xr-xr-x  13 nobody nogroup    0 Aug 24 18:10 sys/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-1086082501/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-1098625909/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-1220785409/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-1227003664/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-1270347815/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-1402730274/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-1427450857/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-1431106688/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-148529927/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-149844544/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-1557262215/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-1591870079/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-1692417296/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-1863566724/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-1988865741/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-2052994440/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-2188883916/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-2412479115/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-269341428/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-270781546/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-2722782661/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-273937039/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-2892516956/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-2924257033/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-3224083108/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-3229380096/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-324496473/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-3591021414/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-3622867146/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-3633530951/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-3707117874/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-3742760121/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-3787667621/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-4095605731/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-4136466978/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-4175937595/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-586173192/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-628597558/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-714564999/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-735075657/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-740134491/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-863786270/
drwx------   2 root   root    4096 Aug 24 17:51 .sysbox-sysfs-867797088/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-927480688/
drwx------   2 root   root    4096 Aug 24 17:50 .sysbox-sysfs-981093558/
drwxrwxrwt   1 root   root    4096 Aug 24 18:59 tmp/
drwxr-xr-x   1 root   root    4096 Aug  1 06:59 usr/
drwxr-xr-x   1 root   root    4096 Aug 24 17:50 var/
AidanAbd commented 2 months ago

We have experiences this as well, and are currently working around it by manually cleaning up these empty directories.

ctalledo commented 2 months ago

Hi @xabru, @AidanAbd , thanks for reporting this.

Yes, I can confirm this is a bug. I have a fix in mind, will work on this ASAP. Sorry for the inconvenience.

EddieX64 commented 1 week ago

Hello @ctalledo @rodnymolina

I have tested sysbox v0.6.5 on GKE 1.29 and still see .sysbox-sysfs directories, but now there are also .sysbox-procfs directories in /

When i execute docker run -it alpine:latest sh inside a sysbox pod, additionally i can see .sysbox-procfs directories in the / of the inner container. In some scenarios this directory causing permission denied error as it's owned by root:root. Previously I used image ghcr.io/nestybox/sysbox-deploy-k8s:v0.6.5-dev-0 and it was working fine, but for some reason got deleted after official release of v0.6.5 :(

Now my projects are broken, because i can't rollback to v0.6.4 since i need support of sysbox-fs emulation to allow writes to '/proc/sys/kernel/shm*' paths, and this feature was added in v0.6.5-dev-0, but now in official v0.6.5 these .sysbox-procfs and .sysbox-sysfs are causing .sysbox-procfs permission denied issues. Could you please have a look?