sysbox icon indicating copy to clipboard operation
sysbox copied to clipboard
verified publisher icon nestybox

Sysbox doesn't work with estargz compressed images

Open rahuldesai1 opened this issue 2 years ago • 0 comments

When I attempt to run a Kubernetes pod from a estargz compressed container image I get the following error:

Error: error creating an ID-mapped copy of layer "bd259b14ef7a0ab45d52898b79bd23c80f6c3a7e54911a196ca0791b63327194": exit status 1: error during chown: storage-chown-by-maps: lchown bin: no such device or address

The error seems to be coming from cri-o but when I set the runtimeClassName in my pod spec to runc instead of sysbox-runc , I am able to launch the container without issue.

I have this annotation set in my podspec: io.kubernetes.cri-o.userns-mode: private:uidmapping=0:1048576:65536;gidmapping=0:1048576:65536

This is my /etc/crio/crio.conf:

[crio]

  [crio.api]

  [crio.image]

  [crio.metrics]

  [crio.network]

  [crio.runtime]
    cgroup_manager = "cgroupfs"
    conmon_cgroup = "pod"
    default_capabilities = ["SETFCAP", "AUDIT_WRITE", "NET_RAW", "SYS_CHROOT", "MKNOD", "NET_BIND_SERVICE", "KILL", "CHOWN", "SETGID", "SETUID"]
    pids_limit = 16384

    [crio.runtime.runtimes]

      [crio.runtime.runtimes.sysbox-runc]
        allowed_annotations = ["io.kubernetes.cri-o.userns-mode"]
        runtime_path = "/usr/bin/sysbox-runc"
        runtime_type = "oci"

  [crio.stats]

  [crio.tracing]

rahuldesai1 avatar Feb 23 '24 18:02 rahuldesai1