kholmanskikh
commented
11 months ago The issue is reproducible with runc taken from the main git branch.
Open kholmanskikh opened 11 months ago
kholmanskikh
commented
11 months ago The issue is reproducible with runc taken from the main git branch.
kolyshkin
commented
10 months ago @kholmanskikh can you please check and confirm/deny that this is because of nsdelegate option to cgroupv2 mount?
kholmanskikh
commented
9 months ago The issue is also reproducible when the cgroup2 is mounted without the nsdelegate option:
alpine:~$ mount|grep cgroup
none on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime)
alpine:~$ docker run --rm -it -d alpine
2babd8f8f743beea96d6f2fba02de19036e0f734d8c1d249ac694b8ad501f0e6
alpine:~$ docker top 2babd8f8f743beea96d6f2fba02de19036e0f734d8c1d249ac694b8ad501f0e6
Error response from daemon: runc did not terminate successfully: exit status 1: unable to get all container pids: read /sys/fs/cgroup/docker/2babd8f8f743beea96d6f2fba02de19036e0f734d8c1d249ac694b8ad501f0e6/cgroup.procs: operation not supported
: unknown
alpine:~$ 
ncopa
commented
9 months ago related downstream issues:
It also fails to start containers with --memory option:
$ docker run --rm -it --memory 2G alpine
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: unable to apply cgroup configuration: cannot enter cgroupv2 "/sys/fs/cgroup/docker" with domain controllers -- it is in domain threaded mode: unknown.In this case I have a daemon.json:
{
"storage-driver": "overlay2",
"cgroup-parent": "/docker"
}EDIT: but if I use:
{
"cgroup-parent": "/dockerContainers"
}It actually works.
ncopa
commented
9 months ago Could it be that runc sets docker/cgroup.type to domain threaded?
If I restart the docker daemon, it will initially be domain, but after first run container it changes to domain threaded:
ncopa-desktop:~$ doas /etc/init.d/docker start
* Starting Docker Daemon ... [ ok ]
ncopa-desktop:~$ cat /sys/fs/cgroup/docker/cgroup.type
domain
ncopa-desktop:~$ docker run --rm alpine echo hello
hello
ncopa-desktop:~$ cat /sys/fs/cgroup/docker/cgroup.type
domain threadedWhy does it end up with setting cgroup type as domain threaded?
ncopa
commented
9 months ago 
tbayart
commented
8 months ago Hi, i have the same issue under Portainer. I installer Alpine linux x64 and when i want to look at container stats in Portainer, i get the following error
"runc did not terminate successfully: exit status 1: unable to get all container pids: read /sys/fs/cgroup/docker/c7fe07c5253dba763ce8fde71945c3a5ac32998ae50dc1345dba7cffd6fab5fa/cgroup.procs: operation not supported: unknown"
I have many containers running fine for a while now but i'm unable to get stats
Description
docker topandrunc psfail with:when the system has cgroup2 mounted as:
and this does not happen when cgroup v1 is mounted (in addition to, or instead of cgroup v2).
The issue was found on Alpine Edge with packages:
Alpine uses openrc, which allows to specify the cgroup mount strategy in
/etc/rc.conf:and the issue mentioned above is observed when rc_cgroup_mode is unified:
and is not observed when it's legacy:
or hybrid:
Steps to reproduce the issue
docker run -it --rm <any container>docker top <container id>orrunc --root /run/docker/runtime-runc/moby ps <container id>Describe the results you received and expected
The command should display a list of processes in the container.
What version of runc are you using?
runc version 1.1.9 commit: 82f18fe0e44a59034f3e1f45e475fa5636e539aa spec: 1.0.2-dev go: go1.21.3 libseccomp: 2.5.4
Host OS information
NAME="Alpine Linux" ID=alpine VERSION_ID=3.19_alpha20230901 PRETTY_NAME="Alpine Linux edge" HOME_URL="https://alpinelinux.org/" BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues"
Host kernel information
Linux alpine 6.1.59-0-lts #1-Alpine SMP PREEMPT_DYNAMIC Fri, 20 Oct 2023 06:24:46 +0000 x86_64 Linux