lfbzhm
lfbzhm
> > > > systemd cgroup changed to 1:name=systemd:/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-poda5c1f8d5_1919_434d_add7_4afaafdaef89.slice/crio-conmon-5eed917563583925ffdbd40a64efb2aaffe58638e57add8becaf460fe74f5b1c.scope > > > > > > > > > What dose this mean? I think it should be `/crio-`, but not...
> [root@oss37 ~]# cat /proc/21689/cgroup ... > 3:pids:/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-poda5c1f8d5_1919_434d_add7_4afaafdaef89.slice/crio-5eed917563583925ffdbd40a64efb2aaffe58638e57add8becaf460fe74f5b1c.scope > 2:cpu,cpuacct:/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-poda5c1f8d5_1919_434d_add7_4afaafdaef89.slice/crio-5eed917563583925ffdbd40a64efb2aaffe58638e57add8becaf460fe74f5b1c.scope > 1:name=systemd:/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-poda5c1f8d5_1919_434d_add7_4afaafdaef89.slice/crio-conmon-5eed917563583925ffdbd40a64efb2aaffe58638e57add8becaf460fe74f5b1c.scope > 0::/ Who moved this process from `crio-` to `crio-conmon-`, I think it's not `runc`, because there is...
Could you confirm that it can works with crun? I have a test case to reproduce it, but it also can't works with crun. ```bash root@iZj6cgggwb62cxurec74geZ:/opt/bb# crun/crun run -d test...
> Maybe the core reason is that the permission of the `/proc/self/fd/2` is `300`? It should be `700` in the host. But I can't confirm. This is not the real...
> @ctrox could you please try v1.2.0 + PR #4477? It still have the issue. @ctrox @rata Could you help to see if #4478 has fixed your issue or not?
> Maybe containerd-shim should create pipe in that user namespace. Yes, I think so. If the target link of stderr/stdout in runc is owned by the user namespace, it will...
> One other question (I forgot) is why this works with crun. Afaik it uses the same shim as for runc. I see the crun implementation, it uses `Fchown` to...
Do you think we should change `chmod` to `chown` in #4478? Because if this will be fixed in containerd, runc also should fix this issue for runc direct user?
> I tried the repro from there with current runc head, it works: I guess you run the crun first, and then test runc in the same terminal. Because the...
> I noticed that it removed the call to parent.terminate when a hook has failed. Without #4348 , another missing parent.terminate mentioned in #4355 : https://github.com/opencontainers/runc/blob/v1.2.0-rc.2/libcontainer/container_linux.go#L357-L360