crun icon indicating copy to clipboard operation
crun copied to clipboard

Published 20 hours ago verified publisher icon containers

read from the init process error

Open calvin2021y opened this issue 2 years ago • 13 comments

try run:

/usr/bin/crun --cgroup-manager=cgroupfs --root=/vm/root run --pid-file=/vm/run/test.pid --preserve-fds=3 test

work for 1.7.2, after 1.8.0, there is a error https://github.com/containers/crun/pull/1201 just fixed few day ago.

with 1.8.4, and patch 1201, I get this new error: "read from the init process error". downgrade to 1.7.2 work fine.

more details check https://github.com/containers/crun/issues/1198

calvin2021y avatar May 01 '23 15:05 calvin2021y

test

curl -L https://github.com/containers/crun/releases/download/1.7.2/crun-1.7.2-linux-amd64 -o /usr/bin/crun 
curl -L https://github.com/containers/crun/releases/download/1.7.2/crun-1.7.2-linux-amd64-disable-systemd -o /usr/bin/crun

both work

calvin2021y avatar May 01 '23 15:05 calvin2021y

how are you passing the 3rd file descriptor when you specify --preserve-fds=3?

giuseppe avatar May 02 '23 20:05 giuseppe

the caller response for create a pair fd and pass it into crun.

all 3 fd is create by parent process.

the container init process will find it and use it as listen fd.

calvin2021y avatar May 03 '23 13:05 calvin2021y

I am not able to reproduce locally using your config.json file

giuseppe avatar May 08 '23 11:05 giuseppe

The crun run as rootless user id 1001, with cgroup create for that user.

calvin2021y avatar May 10 '23 09:05 calvin2021y

does it work if you don't specify --preserve-fds=3?

giuseppe avatar May 10 '23 10:05 giuseppe

Thanks for the tips.

today I dos the test with master branch, it work with --preserve-fds=3.

crun version 1.8.4.0.0.0.31-1af4-dirty
commit: 1af41edc92cdff644fd49f261222c842adc586b0

calvin2021y avatar May 16 '23 12:05 calvin2021y

after upgrade from 1.7.2 into 1.8.4.0.0.0.31-1af4-dirty commit 1af41edc92cdff644fd49f261222c842adc586b0. I can boot the container. but podman inside podman not work anymore.

with 1.7.2 I can start a child podman without problem, the master crun give me this error(inside the container with crun 1.7.2):

 ⠿ Container test  Starting                                                                                                                                 0.0s 
Error response from daemon: crun: writing file `/sys/fs/cgroup/libpod_parent/libpod-28ca17c7efe66a30fd7175a9429879faace549296c6cb22c1ad89276af1db769/cgroup.procs`: No such file or directory: OCI runtime attempted to invoke a command that was not found

calvin2021y avatar May 16 '23 12:05 calvin2021y 

ls -alFh /sys/fs//sys/fs/cgroup/libpod_parent/libpod-28ca17c7efe66a30fd7175a9429879faace549296c6cb22c1ad89276af1db769/cgroup.procs
-rw-r--r--    1 root     root           0 May 16 20:38 /sys/fs/cgroup/libpod_parent/libpod-28ca17c7efe66a30fd7175a9429879faace549296c6cb22c1ad89276af1db769/cgroup.procs

calvin2021y avatar May 16 '23 12:05 calvin2021y

can you provide the commands you've used to create the outer container as well as the inner one?

giuseppe avatar May 16 '23 12:05 giuseppe

with patch https://patch-diff.githubusercontent.com/raw/containers/crun/pull/1216.diff not fix the problem.

the outer side is use https://gist.github.com/calvin2021y/4e684c87cf08c29da7d217a87e262ebe and /usr/bin/crun --cgroup-manager=cgroupfs --root=/vm/root run --pid-file=/vm/run/test.pid --preserve-fds=3 test.

the inside I use docker-compose with podman-static , create a symbol link to docker.

ENV DOCKER_HOST=unix:///run/podman/podman.sock docker-compose up -d

also podman --log-level info system service --time=0

calvin2021y avatar May 16 '23 13:05 calvin2021y

the new crun master with patch give the same error like 1.7.2.

podman --log-level info system service --time=0 process give this error:

@ - - [16/May/2023:21:03:26 +0800] "GET /v1.41/containers/json?all=1&filters=%7B%22label%22%3A%7B%22com.docker.compose.oneoff%3DFalse%22%3Atrue%2C%22com.docker.compose.project%3Ds3%22%3Atrue%7D%7D HTTP/1.1" 200 1581 "" "Docker-Client/unknown-version (linux)"
INFO[0175] Request Failed(Internal Server Error): crun: writing file `/sys/fs/cgroup/libpod_parent/libpod-c47297f06ab31c2f9fd38ee4e7f661451047e1b0b9cac94d47beede24fee6d63/cgroup.procs`: No such file or directory: OCI runtime attempted to invoke a command that was not found 
@ - - [16/May/2023:21:03:26 +0800] "POST /v1.41/containers/c47297f06ab31c2f9fd38ee4e7f661451047e1b0b9cac94d47beede24fee6d63/start HTTP/1.1" 500 324 "" "Docker-Client/unknown-version (linux)"

calvin2021y avatar May 16 '23 13:05 calvin2021y

here I try debug around the problem, try without --preserve-fds=3 and change the init command into:

 "args": [
      "podman", "--log-level", "info","system","service","--time=0"
    ]

some how I get the problem back:

sudo -u web -H /usr/bin/crun --cgroup-manager=cgroupfs --root=/ghost/.run run --pid-file=/ghost/.run/.pinp.pid pinp
2023-05-16T15:37:24.440046Z: read from the init process

change the crun into 1.7.2, I can start with sudo -u web -H /usr/bin/crun --cgroup-manager=cgroupfs --root=/ghost/.run run --pid-file=/ghost/.run/.pinp.pid pinp

from the 1.7.2 shell, I can see the uid map is work.

crun --rootless=/ghost/.run exec -t --cwd=/root pinp cat /proc/self/uid_map
         0       1001          1
         1     100000      65536
crun --rootless=/ghost/.run exec -t --cwd=/root pinp id
uid=0(root) gid=0(root)

calvin2021y avatar May 16 '23 15:05 calvin2021y