sysbox
sysbox copied to clipboard
nestybox
Bidirectional Mount Propagation fail container creation
We are running cri-o + sysbox on kubernetes and getting an error jailing process inside rootfs caused: pivot_root invalid argument when setting a volume mount propagation to bidirectional, would really appreciate it if we can get some support on this.
spec:
template:
metadata:
annotations:
io.kubernetes.cri-o.Devices: /dev/fuse
io.kubernetes.cri-o.userns-mode: "auto:size=65536"
spec:
runtimeClassName: sysbox-runc
volumes:
- name: fuse-mounts
hostPath:
path: /mnt/fuse-mounts
type: DirectoryOrCreate
containers:
- command:
- "/bin/sh"
- "-c"
- |
sleep infinity
image: buildbarn-worker:xxx
imagePullPolicy: IfNotPresent
name: app
resources:
requests:
cpu: "4"
memory: 31Gi
limits:
memory: 31Gi
volumeMounts:
- name: fuse-mounts
mountPath: /mnt/fuse-mounts
mountPropagation: Bidirectional
securityContext:
privileged: true
- command: ["sleep", "infinity"]
image: buildbarn-worker:xxx
imagePullPolicy: IfNotPresent
name: buildbarn
resources:
requests:
cpu: "1"
memory: 3Gi
limits:
memory: 3Gi
volumeMounts:
- name: fuse-mounts
mountPath: /mnt/fuse-mounts
mountPropagation: HostToContainer
Thanks @kevinye202 for filing the issue, apologies for the belated reply.
A few questions to help me understand:
-
Does the problem only occur with bidirectional mount propagation? Or does it also occur with no-propagation or host-to-container propagation?
-
Does it occur with non-FUSE bidirectional mounts?
-
Does it occur with
runc(i.e., the default runtime)?
Thanks.
