marcosnils
commented
7 years ago @hardishah2 mind sharing your config.json file?
Open hardishah2 opened 7 years ago
marcosnils
commented
7 years ago @hardishah2 mind sharing your config.json file?
hardishah2
commented
7 years ago {
"ociVersion": "1.0.0-rc2-dev",
"platform": {
"os": "linux",
"arch": "amd64"
},
"process": {
"terminal": false,
"consoleSize": {
"height": 0,
"width": 0
},
"user": {
"uid": 0,
"gid": 0
},
"args": [
"sh"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"cwd": "/",
"capabilities": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 1024,
"soft": 1024
}
],
"noNewPrivileges": true
},
"root": {
"path": "rootfs",
"readonly": false
},
"hostname": "runc",
"mounts": [
{
"destination": "/proc",
"type": "proc",
"source": "proc"
},
{
"destination": "/dev",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"nosuid",
"strictatime",
"mode=755",
"size=65536k"
]
},
{
"destination": "/dev/pts",
"type": "devpts",
"source": "devpts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620",
"gid=5"
]
},
{
"destination": "/dev/shm",
"type": "tmpfs",
"source": "shm",
"options": [
"nosuid",
"noexec",
"nodev",
"mode=1777",
"size=65536k"
]
},
{
"destination": "/dev/mqueue",
"type": "mqueue",
"source": "mqueue",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys",
"type": "sysfs",
"source": "sysfs",
"options": [
"nosuid",
"noexec",
"nodev",
"ro"
]
},
{
"destination": "/sys/fs/cgroup",
"type": "cgroup",
"source": "cgroup",
"options": [
"nosuid",
"noexec",
"nodev",
"relatime",
"ro"
]
}
],
"hooks": {},
"linux": {
"resources": {
"devices": [
{
"allow": false,
"access": "rwm"
}
]
},
"namespaces": [
{
"type": "pid"
},
{
"type": "network"
},
{
"type": "ipc"
},
{
"type": "uts"
},
{
"type": "mount"
}
],
"maskedPaths": [
"/proc/kcore",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/sys/firmware"
],
"readonlyPaths": [
"/proc/asound",
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
}
}seems like your rootfs has incorrect permission?. Have you checked that your rootfs permissions correspond to the uid gid you're using in your config file?
rhatdan
commented
7 years ago Permission denied usually means MAC or DAC Problems. SELinux, AppArmor, UserNamespace especially when looking at creating content in a file system.
hardishah2
commented
7 years ago Thank you @marcosnils , I updated uid and I am able to create a folder now.
With runc I tried to restore my container but I am not seeing the process inside my container restored. Could you please suggest what might be the issue?
I have a process test.sh running while I took checkpoint but after restore it is not there.
//Before checkpoint
rjoshi@rjoshi-VirtualBox:~/dockertest/mycontainer$ sudo runc exec --tty {dockerid} bash
I have no name!@runc:/$ ps -elf
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
4 S 1000 1 0 0 80 0 - 1084 pipe_w 18:57 ? 00:00:00 sh
0 S 1000 11 0 0 80 0 - 1084 wait 18:58 ? 00:00:00 /bin/sh ./test.sh
4 S 1000 281 0 0 80 0 - 5063 wait 19:00 ? 00:00:00 bash
0 S 1000 288 11 0 80 0 - 1059 hrtime 19:00 ? 00:00:00 sleep 1
0 R 1000 289 281 0 80 0 - 4375 - 19:00 ? 00:00:00 ps -elf
I have no name!@runc:/$ exit
exit
sudo runc checkpoint {dockerid} --tcp-established --image-path img
sudo runc restore {dockerid} --tcp-tablished --image-path img
//After checkpoint
I have no name!@runc:/src/temp$ ps -elf
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
4 S 1000 1 0 0 80 0 - 1084 pipe_w 19:01 ? 00:00:00 sh
4 S 1000 5 0 0 80 0 - 5063 wait 19:01 ? 00:00:00 bash
0 R 1000 9 5 0 80 0 - 4375 - 19:01 ? 00:00:00 ps -elf
//content of test.sh
#!/bin/sh
while :; do
sleep 1
date
done
//command used to run shell script
./test.sh < /dev/null &> test.log &`@hardishah2 that is a separate issue. Please close this or update the title as the permission problem has been fixed.
hardishah2
commented
7 years ago @marcosnils updaetd the title.
marcosnils
commented
7 years ago @avagin should be able to help with this.
avagin
commented
7 years ago @hardishah2 could you show dump.log and restore.log
I am running the command sudo runc exec -tty (containerid) bash
Output : bash: /root/.bashrc : permission denied
mkdir , chmod is also not working : Error Permission denied
in my config.json file I have root terminal: false readonly : false , Which should enable the writable file system
Even if I try with terminal: true readonly : false sudo runc run (container id) .. Here also I am not able to create any directory