search

siderolabs / talos

Talos Linux is a modern Linux distribution built for Kubernetes.
https://www.talos.dev
Mozilla Public License 2.0
6.86k stars 549 forks source link

duplicated cgroup2 /proc/mounts entry #4108

Closed rgl closed 3 years ago

rgl commented 3 years ago

Bug Report

Description

talosctl -n cp1 read /proc/mounts | sort shows cgroup /sys/fs/cgroup cgroup2 rw,nosuid,nodev,noexec,relatime 0 0 twice.

that's the only duplicated line in the mounts file.

I'm not sure if this is really a problem, but it might be worth investigating.

BTW, the cgroup2 mount flags on debian 11 also have the nsdelegate,memory_recursiveprot flags:

cgroup2 /sys/fs/cgroup cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot 0 0

And by https://github.com/talos-systems/talos/blob/b9d04928d960f9d576671c6f3511cf242ff31cb7/internal/pkg/mount/cgroups.go#L16 it seems to infer that talos should also have them. this might be worth investigating.

Logs

Environment

sergelogvinov commented 3 years ago

Thank you for notice that.

Talos runs kubelet in the container, it runs pods using runc. Runc mount cgroup... https://github.com/opencontainers/runc/issues/2158

https://github.com/opencontainers/runc/blob/3023e6c6252ee6f78fa566a4f34689dea4ad9d5e/libcontainer/rootfs_linux.go#L314-L324

Cilium also can remount cgroup, and remove flags nsdelegate,memory_recursiveprot

rgl commented 3 years ago

Ah so its normal to have these mounts. Thanks for the details!