gvisor
gvisor copied to clipboard
Published
20 hours ago •
google
google
Unable to get hostname of host when running container with --uts=host
Description
Runsc will always return empty hostname when running container with --uts=host by docker, this is not the host-uts expects. And runtime runc is OK. The reason is runsc always create new uts namespace, and set hostname by runtime-spec.Hostname from here. When specify --uts=host by docker, docker daemon will clear the runtime-spec.Hostname argument and expect runtime to inherit uts namepsace from host, and runsc do not does. I'm not sure if we should consider --uts=host of docker, but it makes some application run failed.
Steps to reproduce
-
Configure /etc/docker/daemon.json with runtime runsc ... "runtimes": { "runsc": { "path": "/usr/local/bin/runsc", }, ...
-
Run container with --uts=host and runtime runsc
$ docker run --uts=host --runtime runsc centos:7 hostname
$
We will get empty hostname, but runtime runc is correct.
$ hostname
yiftan-LC0
$ docker run --uts=host --runtime runc centos:7 hostname
yiftan-LC0
$
runsc version
runsc version release-20220913.0-19-gcfc29d3b5dac
spec: 1.0.2-dev
docker version (if using docker)
$ docker version
Client:
Version: 20.10.7
API version: 1.41
Go version: go1.13.8
Git commit: 20.10.7-0ubuntu5~18.04.3
Built: Mon Nov 1 01:04:14 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.7
API version: 1.41 (minimum version 1.12)
Go version: go1.13.8
Git commit: 20.10.7-0ubuntu5~18.04.3
Built: Fri Oct 22 00:57:37 2021
OS/Arch: linux/amd64
Experimental: true
containerd:
Version: v1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309f
docker-init:
Version: 0.19.0
GitCommit:
uname
5.4.0-67-generic #75-Ubuntu SMP Sat Jun 25 08:13:10 CST 2022 x86_64 x86_64 x86_64 GNU/Linux
kubectl (if using Kubernetes)
No response
repo state (if built from source)
No response
runsc debug logs (if available)
I0919 15:20:40.139188 9070 main.go:214] ***************************
I0919 15:20:40.139217 9070 main.go:215] Args: [runsc-sandbox --root=/var/run/docker/runtime-runc/moby --log=/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/log.json --log-format=json --debug-log=/tmp/HEAD/logs/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --log-fd=3 --debug-log-fd=4 boot --bundle=/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4 --setup-root --cpu-num 8 --total-memory 33494695936 --io-fds=5 --io-fds=6 --io-fds=7 --io-fds=8 --mounts-fd=9 --start-sync-fd=10 --controller-fd=11 --spec-fd=12 --stdio-fds=13 --stdio-fds=14 --stdio-fds=15 4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4]
I0919 15:20:40.139230 9070 main.go:216] Version 25a21fa6eaa5-dirty
I0919 15:20:40.139235 9070 main.go:217] GOOS: linux
I0919 15:20:40.139240 9070 main.go:218] GOARCH: amd64
I0919 15:20:40.139245 9070 main.go:219] PID: 9070
I0919 15:20:40.139250 9070 main.go:220] UID: 65534, GID: 65534
I0919 15:20:40.139255 9070 main.go:221] Configuration:
I0919 15:20:40.139260 9070 main.go:222] RootDir: /var/run/docker/runtime-runc/moby
I0919 15:20:40.139265 9070 main.go:223] Platform: ptrace
I0919 15:20:40.139270 9070 main.go:224] FileAccess: exclusive, overlay: false
I0919 15:20:40.139276 9070 main.go:225] Network: sandbox, logging: false
I0919 15:20:40.139281 9070 main.go:226] Strace: false, max size: 1024, syscalls:
I0919 15:20:40.139286 9070 main.go:227] LISAFS: false
I0919 15:20:40.139291 9070 main.go:228] Debug: false
I0919 15:20:40.139296 9070 main.go:229] Systemd: false
I0919 15:20:40.139301 9070 main.go:230] ***************************
I0919 15:20:40.139336 9070 boot.go:185] Setting product_name: "10SMS07T00"
I0919 15:20:40.139344 9070 chroot.go:86] Setting up sandbox chroot in "/tmp"
I0919 15:20:40.139408 9070 chroot.go:31] Mounting "/proc" at "/tmp/proc"
I0919 15:20:40.139645 9070 cmd.go:95] Execve "/proc/self/exe" again, bye!
I0919 15:20:40.149289 9070 main.go:214] ***************************
I0919 15:20:40.149308 9070 main.go:215] Args: [runsc-sandbox --root=/var/run/docker/runtime-runc/moby --log=/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/log.json --log-format=json --debug-log=/tmp/HEAD/logs/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --log-fd=3 --debug-log-fd=4 boot --product-name 10SMS07T00 --bundle=/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4 --cpu-num 8 --total-memory 33494695936 --io-fds=5 --io-fds=6 --io-fds=7 --io-fds=8 --mounts-fd=9 --start-sync-fd=10 --controller-fd=11 --spec-fd=12 --stdio-fds=13 --stdio-fds=14 --stdio-fds=15 4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4]
I0919 15:20:40.149323 9070 main.go:216] Version 25a21fa6eaa5-dirty
I0919 15:20:40.149329 9070 main.go:217] GOOS: linux
I0919 15:20:40.149335 9070 main.go:218] GOARCH: amd64
I0919 15:20:40.149340 9070 main.go:219] PID: 9070
I0919 15:20:40.149346 9070 main.go:220] UID: 65534, GID: 65534
I0919 15:20:40.149351 9070 main.go:221] Configuration:
I0919 15:20:40.149357 9070 main.go:222] RootDir: /var/run/docker/runtime-runc/moby
I0919 15:20:40.149363 9070 main.go:223] Platform: ptrace
I0919 15:20:40.149368 9070 main.go:224] FileAccess: exclusive, overlay: false
I0919 15:20:40.149375 9070 main.go:225] Network: sandbox, logging: false
I0919 15:20:40.149382 9070 main.go:226] Strace: false, max size: 1024, syscalls:
I0919 15:20:40.149387 9070 main.go:227] LISAFS: false
I0919 15:20:40.149393 9070 main.go:228] Debug: false
I0919 15:20:40.149398 9070 main.go:229] Systemd: false
I0919 15:20:40.149404 9070 main.go:230] ***************************
W0919 15:20:40.150036 9070 specutils.go:113] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
I0919 15:20:40.159199 9070 loader.go:538] Platform: ptrace
I0919 15:20:40.160002 9070 subprocess_linux.go:49] Latest seccomp behavior found (kernel >= 4.8 likely)
I0919 15:20:40.162407 9070 loader.go:346] CPUs: 8
I0919 15:20:40.162428 9070 loader.go:354] Setting total memory to 31.19 GB
I0919 15:20:40.162577 9070 loader.go:383] Packet logging disabled
I0919 15:20:40.162589 9070 watchdog.go:182] Watchdog waiting 30s for startup
I0919 15:20:40.305402 9070 network.go:181] Enabling loopback interface "lo" with id 1 on addresses [127.0.0.1/8]
I0919 15:20:40.305486 9070 network.go:215] gso max size is: 65536
I0919 15:20:40.305516 9070 network.go:239] Enabling FIFO QDisc on "eth0"
I0919 15:20:40.305596 9070 network.go:243] Enabling interface "eth0" with id 2 on addresses [172.17.0.2/16] (02:42:ac:11:00:02) w/ 1 channels
I0919 15:20:40.305681 9070 network.go:291] Setting routes [127.0.0.0/8 nic 1 172.17.0.0/16 nic 2 0.0.0.0/0 via 172.17.0.1 nic 2]
I0919 15:20:40.305871 9070 seccomp.go:60] Installing seccomp filters for 67 syscalls (action=kill process)
I0919 15:20:40.306428 9070 seccomp.go:88] Seccomp filters installed.
I0919 15:20:40.306514 9070 vfs.go:366] Configuring container's file system with VFS2
I0919 15:20:40.306527 9070 vfs.go:418] Mounting root over 9P, ioFD: 5
W0919 15:20:40.307612 9070 vfs.go:784] ignoring unknown mount option "nosuid"
W0919 15:20:40.307639 9070 vfs.go:784] ignoring unknown mount option "strictatime"
W0919 15:20:40.307652 9070 vfs.go:784] ignoring unknown mount option "mode=755"
W0919 15:20:40.307659 9070 vfs.go:784] ignoring unknown mount option "size=65536k"
I0919 15:20:40.307767 9070 vfs.go:676] Mounted "/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/tmpfs" to "/dev" type: devtmpfs, internal-options: ""
W0919 15:20:40.307796 9070 vfs.go:784] ignoring unknown mount option "nosuid"
W0919 15:20:40.307807 9070 vfs.go:784] ignoring unknown mount option "nodev"
I0919 15:20:40.307943 9070 vfs.go:676] Mounted "/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/sysfs" to "/sys" type: sysfs, internal-options: ""
W0919 15:20:40.307964 9070 vfs.go:784] ignoring unknown mount option "nosuid"
W0919 15:20:40.307971 9070 vfs.go:784] ignoring unknown mount option "nodev"
I0919 15:20:40.308479 9070 vfs.go:676] Mounted "/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/proc" to "/proc" type: proc, internal-options: ""
W0919 15:20:40.308506 9070 vfs.go:784] ignoring unknown mount option "nosuid"
W0919 15:20:40.308513 9070 vfs.go:784] ignoring unknown mount option "newinstance"
W0919 15:20:40.308519 9070 vfs.go:784] ignoring unknown mount option "ptmxmode=0666"
W0919 15:20:40.308525 9070 vfs.go:784] ignoring unknown mount option "mode=0620"
W0919 15:20:40.308532 9070 vfs.go:784] ignoring unknown mount option "gid=5"
I0919 15:20:40.308553 9070 vfs.go:676] Mounted "/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/devpts" to "/dev/pts" type: devpts, internal-options: ""
W0919 15:20:40.308567 9070 vfs.go:784] ignoring unknown mount option "nosuid"
W0919 15:20:40.308574 9070 vfs.go:784] ignoring unknown mount option "nodev"
W0919 15:20:40.308579 9070 vfs.go:784] ignoring unknown mount option "mode=1777"
W0919 15:20:40.308584 9070 vfs.go:784] ignoring unknown mount option "size=67108864"
I0919 15:20:40.308598 9070 vfs.go:676] Mounted "/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/shm" to "/dev/shm" type: tmpfs, internal-options: "mode=1777,size=67108864"
W0919 15:20:40.308611 9070 vfs.go:784] ignoring unknown mount option "rprivate"
I0919 15:20:40.309328 9070 vfs.go:676] Mounted "/data/var/lib/docker/containers/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/hosts" to "/etc/hosts" type: bind, internal-options: "trans=fd,rfdno=8,wfdno=8,cache=remote_revalidating"
W0919 15:20:40.309372 9070 vfs.go:739] ignoring unknown filesystem type "mqueue"
W0919 15:20:40.309389 9070 vfs.go:784] ignoring unknown mount option "rprivate"
I0919 15:20:40.310033 9070 vfs.go:676] Mounted "/data/var/lib/docker/containers/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/hostname" to "/etc/hostname" type: bind, internal-options: "trans=fd,rfdno=7,wfdno=7,cache=remote_revalidating"
W0919 15:20:40.310059 9070 vfs.go:784] ignoring unknown mount option "rprivate"
I0919 15:20:40.321194 9070 vfs.go:676] Mounted "/data/var/lib/docker/containers/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/resolv.conf" to "/etc/resolv.conf" type: bind, internal-options: "trans=fd,rfdno=6,wfdno=6,cache=remote_revalidating"
I0919 15:20:40.321690 9070 vfs.go:885] Skipping internal tmpfs mount for "/tmp" because it's not empty
I0919 15:20:40.322556 9070 kernel.go:939] EXEC: [hostname]
W0919 15:20:40.323374 9070 loader.go:878] Seccomp spec is being ignored
I0919 15:20:40.324198 9070 loader.go:685] Process should have started...
I0919 15:20:40.324235 9070 watchdog.go:205] Starting watchdog, period: 45s, timeout: 3m0s, action: logWarning
I0919 15:20:40.334601 9070 loader.go:917] Gofer socket disconnected, killing container "4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4"
I0919 15:20:40.335558 9070 boot.go:332] application exiting with exit status 0
I0919 15:20:40.335656 9070 watchdog.go:221] Stopping watchdog
I0919 15:20:40.335684 9070 watchdog.go:225] Watchdog stopped
I0919 15:20:40.335813 9070 main.go:246] Exiting with status: 0
