crun If you install libkrun-sev onto a system without /dev/sem support, crun-krun blows up.

If you install libkrun-sev onto a system without /dev/sem support, crun-krun blows up.

Open rhatdan opened this issue 2 years ago • 3 comments

trafficstars

$ podman run --privileged --runtime=krun alpine echo hi Error: krun: failed configuring mounts for handler at phase: HANDLER_CONFIGURE_AFTER_MOUNTS: No such file or directory: OCI runtime attempted to invoke a command that was not found

$sudo dnf -y remove libkrun-sev Dependencies resolved. ... Complete!

$ podman run --privileged --runtime=krun alpine echo hi hi

Jan 13 '23 14:01 rhatdan

The problem comes from here: https://github.com/containers/crun/blob/41bce838cc38aa2cb0b6427a7be3991ab02444bd/src/libcrun/handlers/krun.c#L248

If the library is installed, the krun handler will try to open /dev/sev to create the bindmount, or fail otherwise. The problem is, at that stage, we can't check the existence of /.krun-sev.json as we do in libkrun_exec(), but perhaps we could capture the error and, instead of failing, silently disable the sev handler (by setting kconf->handle_sev = NULL)?

Jan 13 '23 14:01 slp

@giuseppe @flouthoc WDYT?

Jan 27 '23 13:01 rhatdan

crun crun copied to clipboard

If you install libkrun-sev onto a system without /dev/sem support, crun-krun blows up.

crun
crun copied to clipboard