docker
Container creation / destruction freezes KDE desktop
- [x] This is a bug report
- [ ] This is a feature request
- [x] I searched existing issues before opening this one
Starting Docker containers on KDE-enabled systems leads to the desktop (KDE Plasma) being irresponsible while the containers are created or destroyed. The duration of the desktop frozen state increases with the number of containers run and their start up times.
The issues seems be linked to container mount points being discovered by KDE and appearing, e.g., in the KDE-enabled file managers (e.g. Dolphin, Krusader). Discussion in the KDE bug tracker suggested Docker does not mark the containers as not meant as a user-accessible storage, proposing it should make use of x-gvfs-hidden option to solve this.
Expected behavior
Container start/stop does not freeze the desktop; containers do not appear in the file managers device lists.
Actual behavior
Desktop freezes creation/destruction. Each run container gets a link e.g. in the Dolphin "Devices" list.
Steps to reproduce the behavior
- Use this docker-compose configuration (7 vanilla ubuntu containers):
# File "docker-freeze-kde.yaml"
version: '3'
services:
ubuntu-test-0:
container_name: ubuntu-test-0
image: ubuntu:latest
entrypoint: ["sleep", "infinity"]
ubuntu-test-1:
container_name: ubuntu-test-1
image: ubuntu:latest
entrypoint: ["sleep", "infinity"]
ubuntu-test-2:
container_name: ubuntu-test-2
image: ubuntu:latest
entrypoint: ["sleep", "infinity"]
ubuntu-test-3:
container_name: ubuntu-test-3
image: ubuntu:latest
entrypoint: ["sleep", "infinity"]
ubuntu-test-4:
container_name: ubuntu-test-4
image: ubuntu:latest
entrypoint: ["sleep", "infinity"]
ubuntu-test-5:
container_name: ubuntu-test-5
image: ubuntu:latest
entrypoint: ["sleep", "infinity"]
ubuntu-test-6:
container_name: ubuntu-test-6
image: ubuntu:latest
entrypoint: ["sleep", "infinity"]
- Run
docker-compose -f docker-freeze-kde.yaml up; let containers to start. - Press Ctrl+C; let them stop.
- Run
docker-compose -f docker-freeze-kde.yaml down
Experience the desktop (e.g. KDE Plasma task bar) freezing and subsequently thawing (after a while).
Output of docker version:
Client: Docker Engine - Community
Version: 19.03.12
API version: 1.40
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:45:44 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.12
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:44:15 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
Output of docker info:
Client:
Debug Mode: false
Server:
Containers: 11
Running: 0
Paused: 0
Stopped: 11
Images: 1454
Server Version: 19.03.12
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.4.0-42-generic
Operating System: Ubuntu 20.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.56GiB
Name: Hyperion
ID: 2Z7O:HDBF:OEW2:GSCZ:H4BN:7JCI:42MU:2VT2:SNYV:M72R:FPLZ:2NDB
Docker Root Dir: /media/data/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
Additional environment details (AWS, VirtualBox, physical, etc.) Machine: laptop (physical) OS: Kubuntu 20.04 KDE Plasma 5.18.5 KDE frameworks 5.68
I recall there were udev rules that were added way in the past (for devicemapper at the time); https://github.com/moby/moby/pull/2983, but I don't think those are still included, and would likely have to be updated, or a different approach as you describe. Is x-gvfs-hide specific for KDE? I'd be a bit cautious with adding options that are very specific to the environment.
/cc @tianon
Heh, the udev rules added there are still included in the repo, and in downstream distro packages: https://github.com/moby/moby/blob/7ae5222c72cc2aac42225df8f62c2f71a1813ab4/contrib/udev/80-docker.rules
(not sure if they're still included in the Docker-published packages)
As for x-gvfs-hide being KDE-specific; if anything it's GNOME-specific and KDE happens to read/use it too (gvfs is technically a GNOME thing, but it's reasonably standardized these days, in my experience).
In other words, yeah, I think it would be pretty reasonable for Docker to apply this to rootfs mounts, although I am curious why it doesn't come up more often (ie, what are other display managers doing differently to hide the Docker mounts)?
I don't think udev rules are shipped with Docker packages (at least in Ubuntu):
apt-file list docker-ce
docker-ce: /etc/default/docker
docker-ce: /etc/init.d/docker
docker-ce: /etc/init/docker.conf
docker-ce: /lib/systemd/system/docker.service
docker-ce: /lib/systemd/system/docker.socket
docker-ce: /usr/bin/docker-init
docker-ce: /usr/bin/docker-proxy
docker-ce: /usr/bin/dockerd
docker-ce: /usr/share/doc/docker-ce/README.md
docker-ce: /usr/share/doc/docker-ce/changelog.Debian.gz
apt-file list docker-ce-cli
docker-ce-cli: /usr/bin/docker
docker-ce-cli: /usr/libexec/docker/cli-plugins/docker-app
docker-ce-cli: /usr/libexec/docker/cli-plugins/docker-buildx
docker-ce-cli: /usr/share/bash-completion/completions/docker
docker-ce-cli: /usr/share/doc/docker-ce-cli/changelog.Debian.gz
docker-ce-cli: /usr/share/fish/vendor_completions.d/docker.fish
...
(Clearly unrelated /usr/share/man/ entries suppressed)
I've tried manually adding them and restarting udev, but this didn't help (also tried replacing "/var/lib/docker/*" with "/media/data/docker/*"). Am not sure if a full reboot is required to apply them; if so, can try it later, as the machine is now in use.
I've same issue.
I'm using kubuntu 20.04. I tried to add https://github.com/moby/moby/blob/7ae5222c72cc2aac42225df8f62c2f71a1813ab4/contrib/udev/80-docker.rules in /etc/udev/rules.d but it's not working.
I am curious why it doesn't come up more often (ie, what are other display managers doing differently to hide the Docker mounts)?
As I understand it was ok for KDE. It stop working after this fix https://phabricator.kde.org/D22080 which allow to add overlay fs in Dolphin file manager. One more thread related to this issue.
Following the thread linked by @dmvslv:
solid-hardware5 list
udi = '/org/kde/fstab'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/7da333276364f9d119028db21847141988decd8567a5e8bd241779e96e4dccd8/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/5cf89946bd6472d9791888db9a4118383c23b8fcf05d1962367cbf383b68d1ef/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/b68d0c59567d2c8c577b1b55aee1792b7db86eb95cea8ce101392c4058897c8c/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/97f27433aee03359b9afebf89b907f60b96e125c1078b75a5eb135d612932de1/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/fac298fe2ce931af6a44b28d617987950411df118d09495627957f969acf8f9f/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/08f0724e7b747d21dad70eeb26dabe3aa6a4a31a2a8666a5201a2247c2f7d47a/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/718bda7c52051b735d9ff331a86a87171fee095690128a6c6b5d0aeba19fc9a2/merged'
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/6f80955eed645e2e872a3a1e637ad126b40d473ecffbe4409691f0bdf7ce4393/merged'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DLL06E4:01/0018:06CB:7A13.0001/input/input13'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DLL06E4:01/0018:06CB:7A13.0001/input/input13/event8'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DLL06E4:01/0018:06CB:7A13.0001/input/input13/mouse0'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DLL06E4:01/0018:06CB:7A13.0001/input/input14'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DLL06E4:01/0018:06CB:7A13.0001/input/input14/event9'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-1/i2c-DLL06E4:01/0018:06CB:7A13.0001/input/input14/mouse1'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1c.0/0000:02:00.0/net/wlp2s0'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/hwC0D0'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/hwC0D2'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D0c'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D0p'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D10p'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D3p'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D7p'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D8p'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/pcmC0D9p'
udi = '/org/kde/solid/udev/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/controlC0'
udi = '/org/kde/solid/udev/sys/devices/platform/serial8250/tty/ttyS0'
udi = '/org/kde/solid/udev/sys/devices/platform/serial8250/tty/ttyS1'
udi = '/org/kde/solid/udev/sys/devices/platform/serial8250/tty/ttyS2'
udi = '/org/kde/solid/udev/sys/devices/platform/serial8250/tty/ttyS3'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu0'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu1'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu2'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu3'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu4'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu5'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu6'
udi = '/org/kde/solid/udev/sys/devices/system/cpu/cpu7'
udi = '/org/kde/solid/udev/sys/devices/virtual/input/input35/event19'
udi = '/org/kde/solid/udev/sys/devices/virtual/input/input35/mouse2'
udi = '/org/kde/solid/udev/sys/devices/virtual/misc/uhid/0005:046D:B023.0005/input/input32'
udi = '/org/kde/solid/udev/sys/devices/virtual/misc/uhid/0005:046D:B023.0005/input/input32/event20'
udi = '/org/kde/solid/udev/sys/devices/virtual/misc/uhid/0005:046D:B023.0005/input/input32/mouse3'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-052ac8a5a965'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-09722d8ff285'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-17441e0ab94a'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-380f5236d6ca'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-4de11b8c4723'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-9a3b649224b1'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-9b33d4733457'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-a8268e336c52'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-c1abc059a354'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-cc78f835ff43'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-d6ad604d680b'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/br-dceec219c738'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/docker0'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/lo'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/veth0b5f749'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/veth3a168c8'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/veth5b4c0db'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/veth81d2f2d'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/vetha2d0258'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/vethb49dbdc'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/vethea924ec'
udi = '/org/kde/solid/udev/sys/devices/virtual/net/vethf5cc398'
udi = '/org/kde/solid/udev/sys/devices/virtual/sound/timer'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1p2'
udi = '/org/freedesktop/UDisks2/block_devices/loop0'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1'
udi = '/org/freedesktop/UDisks2/block_devices/loop6'
udi = '/org/freedesktop/UDisks2/block_devices/loop7'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1p3'
udi = '/org/freedesktop/UDisks2/block_devices/loop1'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1p4'
udi = '/org/freedesktop/UDisks2/block_devices/loop2'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1p5'
udi = '/org/freedesktop/UDisks2/block_devices/loop3'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1p6'
udi = '/org/freedesktop/UDisks2/block_devices/loop4'
udi = '/org/freedesktop/UDisks2/block_devices/loop5'
udi = '/org/freedesktop/UDisks2/block_devices/nvme0n1p1'
udi = '/org/freedesktop/UDisks2/drives/THNSN5512GPU7_NVMe_TOSHIBA_512GB_46FS10AHT5ZV'
udi = '/org/freedesktop/UPower'
udi = '/org/freedesktop/UPower/devices/line_power_AC'
udi = '/org/freedesktop/UPower/devices/battery_BAT0'
udi = '/org/freedesktop/UPower/devices/mouse_dev_D9_D3_23_91_17_66'
udi = '/org/freedesktop/UPower/devices/battery_hidpp_battery_3'
solid-hardware5 details /org/kde/fstab/overlay/var/lib/docker/overlay2/5cf89946bd6472d9791888db9a4118383c23b8fcf05d1962367cbf383b68d1ef/merged
udi = '/org/kde/fstab/overlay/var/lib/docker/overlay2/5cf89946bd6472d9791888db9a4118383c23b8fcf05d1962367cbf383b68d1ef/merged'
parent = '/org/kde/fstab' (string)
vendor = 'overlay' (string)
product = '/var/lib/docker/overlay2/5cf89946bd6472d9791888db9a4118383c23b8fcf05d1962367cbf383b68d1ef/merged' (string)
description = '/var/lib/docker/overlay2/5cf89946bd6472d9791888db9a4118383c23b8fcf05d1962367cbf383b68d1ef/merged (overlay)' (string)
icon = 'folder' (string)
StorageAccess.accessible = true (bool)
StorageAccess.filePath = '/var/lib/docker/overlay2/5cf89946bd6472d9791888db9a4118383c23b8fcf05d1962367cbf383b68d1ef/merged' (string)
StorageAccess.ignored = false (bool)
According to /u/kbroulik/:
"fstab backend only hides those with
x-gvfs-hideoption set"
Summary: it seems the x-gvfs-hide option should be set.
In my case the udev rules did nothing after creating the file and rebooting, i still see a bunch of entries on Dolphin device listing. Maybe the rules are outdated (last commit to that file was in 2013).
Ubuntu 20.04 (KDE Neon) Docker 19.03.13 (Swarm mode)
~Ok, I would like to precise how things are going.~
~Before placing the UDEV rule, Plasma Desktop was displaying burst of notifications which said that volume is not reachable or something like that.~
~After applying that UDEV rules file, these notifications are not appearing, Plasma still "freezes", but for significantly reduced period comparing to situation without this UDEV file.~
~I am working using 9 containers in docker-compose and that UDEV file made it more comfortable.~
EDIT: I have removed this UDEV rule, ale seems like something different caused that there are no notifications anymore. I have also learned how UDEV rules work and it is not possible that it would work with newest Docker-CE.
I was jumping around Docker-CE code, and seems that the lowest layers of mounting are using: https://golang.org/pkg/syscall/#Mount https://golang.hotexamples.com/examples/syscall/-/Mount/golang-mount-function-examples.html
I think relevant calls are somewhere there: https://github.com/moby/moby/tree/master/daemon/graphdriver/overlay which calls/references to: https://github.com/moby/sys
NOTE: I am not aware how graphdriver or just drivers are working in Docker-CE.
Worth looking part is a flow of /etc/docker/daemon.json parsing while using devicemapper because it has storage-opt flow implemented:
https://docs.docker.com/engine/reference/commandline/dockerd/#options-per-storage-driver
which might be a way to be "a model" for all another Linux storage drivers, to introduce a way, to pass x-gvfs-hide mounting attribute.
I think "a bottleneck" to introduce that option is https://github.com/moby/sys/blob/master/mount/mounter_linux_test.go
If I understand correctly moby/sys is "hand-made" middleware/translator between graphdriver and syscall/Mount.
I think that is not "trivial" to pass x-gvfs-hide via config - especially without GoLang IDE.
Maybe hard-coding an option as being Linux specific could be easier.
I have upgraded to kubuntu 20.10 and the problem seems to be gone now.
In my case fresh booting of the newest KDE Neon does not cause freezing Plasma, but with "brute-force-like" test, while doing looped up-sleep-down-sleep in sequence it appears again after a while.
In my case, the desktop seems to freeze due to lots of notification popups. As a (very ugly) workaround, you can disable them, preventing the desktop from freezing:
- Right click the notifications icon in the task bar
- Select "Configure Event notifications and actions"
- Button "Configure"
- Select "Plasma Workspace" in the list
- Button "Configure Events..."
- Select notification with title "Fatal error" in the list
- Disable the checkboxes for "Play a sound" and "Show a message in a popup"
- Save/close all windows
i bind mount /var/lib/docker to my encrypted /home/docker and dolphin shows TWO entries for every container:
/var/lib/docker /home/docker
this very much wants configuration but LibSolid is quite lacking in documentation.
I'm facing this issue and could not find any workaround either from Docker side (i.e., is there a way to add the x-gfvs-hide option at mount time?) or from KDE (not sure if there is an option to ignore the mounting of these volumes).
I'm really unsure about the motivations from KDE to the patch linked, specially because they sort of ignored situations such ephemeral mounts that should not be remembered as removable media. KDE keeps track of these volumes on two places, one is the ~/.local/share/user-places.xbel file, that remembers these entries (each of them, forever!!!) and the other is the removable media devices seen by KDED in another file under ~/.config. After a few time, it is just crazy full and started to break other stuff like loading the removable media screen.
I'm using KDE from Debian Stable now, so I'm doomed with no updates on this even if fixed by KDE unless I patch it myself (which I may do eventually).
Following up if this ever get fixed by Docker side. Thanks for the attention.
I'm using KDE from Debian Stable now
I can only say, that using:
Docker version 20.10.11, build dea9396
and
Package: plasma-desktop
Version: 4:5.23.4-0xneon+20.04+focal+release+build45
Seems to not cause any troubles, but I can't tell you what have changed and what caused "a fix", and which version of all packages variations/permutations provided the fix.
The issue still persists on my system, following here for updates on a fix.
