search

shuveb / containers-the-hard-way

Learning about containers and how they work by creating them the hard way
1.61k stars 194 forks source link

Fatal error Unable to write to cgroup notification file #7

Open pathcl opened 3 years ago

pathcl commented 3 years ago

Hello there!

Thanks for making this project open source. I was trying to run it but stumble upon this issue:

#  ./gocker run alpine ls
2021/05/15 17:37:25 Cmd args: [./gocker run alpine /bin/sh
2021/05/15 17:37:25 New container ID: 52597f3d1b2d
2021/05/15 17:37:25 Image already exists. Not downloading.
2021/05/15 17:37:25 Image to overlay mount: 6dbb9cc54074
2021/05/15 17:37:25 Cmd args: [/proc/self/exe setup-netns 52597f3d1b2d]
2021/05/15 17:37:25 Cmd args: [/proc/self/exe setup-veth 52597f3d1b2d]
2021/05/15 17:37:25 Cmd args: [/proc/self/exe child-mode --img=6dbb9cc54074 52597f3d1b2d ls]
2021/05/15 17:37:25 Fatal error: Unable to write to cgroup notification file: open /sys/fs/cgroup/memory/gocker/52597f3d1b2d/notify_on_release: permission denied
2021/05/15 17:37:25 Fatal error: exit status 1

Any ideas?

sandaawa commented 3 years ago

Whether or not root is not being used to cause a permission issue?

pathcl commented 3 years ago

I think theres something problematic with debian sid since I made it work under ubuntu 20

fsmiamoto commented 2 years ago

I've experienced the same issue on my Arch Linux distribution.

$ uname -a
Linux yokohama 5.16.2-arch1-1 #1 SMP PREEMPT Thu, 20 Jan 2022 16:18:29 +0000 x86_64 GNU/Linux

Not sure of the cause though.

MulL1on commented 1 year ago

I learnt that release_agent and notify_on_release features in CGroup v1 have been removed. Instead, CGroup v2 offers a more versatile mechanism called cgroup.events, which requires administrators to actively monitor the file to achieve the desired functionality.