Open jianzhangbjz opened 1 year ago
@jianzhangbjz do you happent to have the config.json handy?
IIRC crun does a bind-mount of /sys when it fails. I don't think that is according to the spec, but it might make sense to do it here anyways IF indeed that is the difference and fixes the issue.
What do others think?
Hi @rata , sorry, which config.json
file? Thanks! Here is the original discussion: https://github.com/containers/podman/discussions/19524
@jianzhangbjz when podman calls runc, it creates a config.json file with the configuration runc uses.
One hack to get it can be this: create a /usr/local/sbin/runc script with this:
#!/bin/bash
echo "Getting para ${8}" >> /tmp/rata.log
if [ "${8}" = "--bundle" ]; then
echo "Getting config.json" >> /tmp/rata.log
mkdir -p /tmp/rata-debug-k8s/
cp -ar "${9}" "/tmp/rata-debug-k8s/$$/"
echo "Getting param: ${9}" >> /tmp/rata.log
fi
exec <path-to-runc> --debug "$@"
This will copy the config.json and other files to /tmp/rata-debug-k8s/. Can you get that file for the failing container?
And ideally, can you run a more recent runc version, just in case? (I doubt this has changed, but what you are using is very old).
Friendly ping?
Description
Podman
runc
failed at the following, butcrun
works. Hope therunc
can support it as thecrun
done. Original issue https://github.com/containers/podman/discussions/19524Steps to reproduce the issue
1. 2. 3.
Describe the results you received and expected
/sys/fs/cgroup
has a read only bind mount so the kernel blocks mounting a fresh sys. The error from the kernel is expected.crun
has a fallback in this case, that is the difference withrunc
.What version of runc are you using?
[cloud-user@preserve-olm-env2 ~]$ runc --version runc version 1.0.3 spec: 1.0.2-dev go: go1.16.7 libseccomp: 2.5.1
Host OS information
Host kernel information