crun

crun copied to clipboard

Cannot run any container if storage owned by group not mapped into container with --userns=keep-id

1

# Description This issue is very similar to #1483, if it seems familiar please bear with me, I think there is an important difference. In #1483 the storage folder is...

Maetveis

crun and krun have different exit status when the command is a file with permission mode `000` or a directory

3

crun and krun have different exit status when the command is a file with permission mode `000` or a directory #### Example 1: command is a directory | OCI runtime...

eriksjolund

nonexistent executable gives different exit status for crun and krun

2

| OCI runtime | podman exit value | podman error messsage | | -- | -- | -- | | crun | 127 | ```Error: crun: executable file `nonexistent` not...

eriksjolund

Fedora rawhide: podman checkpoint e2e and system test failures

2

Starting with crun, can move to criu if required. This is seen on Fedora rawhide only, both aarch64 and x86_64. ``` Summarizing 3 Failures: [FAIL] Podman checkpoint [It] podman checkpoint...

lsm5

cgroup: do not create a sub-cgroup by default

2

The `run.oci.systemd.subgroup` annotation previously defaulted to creating a "container" sub-cgroup on cgroup v2 systems if the annotation was not specified. This change alters the behavior so that no sub-cgroup is...

giuseppe

drop default sub-cgroup with the systemd driver

1

by default do not use a sub-cgroup on systemd

giuseppe

use BPFProgram=device: to configure the devices cgroup

1

crun currently uses the systemd d-bus API to set up device cgroups. Update the runtime to use BPFProgram=device: on cgroup v2 instead to avoid multiple conversions of rules and to...

giuseppe

follow-up for #1149

giuseppe

change the conversion formula from cgroup v1 to cgroup v2: https://github.com/systemd/systemd/blob/5da476ac7728b91ad3a49c1b126b3559b4fbeed8/src/core/cgroup.c#L1598-L1611 ```c static uint64_t cgroup_cpu_shares_to_weight(uint64_t shares) { return CLAMP(shares * CGROUP_WEIGHT_DEFAULT / CGROUP_CPU_SHARES_DEFAULT, CGROUP_WEIGHT_MIN, CGROUP_WEIGHT_MAX); } static uint64_t cgroup_cpu_weight_to_shares(uint64_t weight)...

giuseppe

Investigate podman checkpoint test failures on centos-stream-10-x86_64

7

podman checkpoint tests [fail on centos-stream-10-x86_64](https://artifacts.dev.testing-farm.io/e0f06bfb-992d-48f6-87f7-1012a27f3177/) env like so: ``` not ok 1 [520] podman checkpoint - basic test # tags: ci:parallel # (from function `bail-now' in file /usr/share/podman/test/system/helpers.bash, line...

lsm5