[debug] Int test for #3551

[kolyshkin]

Making sure the test fails before the fix

[kolyshkin]

Hmm, I am having a problem reproducing this. Perhaps we need to have some special (non-default) device rules, such as those set in containerd. Could you some help with this

[thaJeztah]

@kolyshkin not sure if relevant for the CI environment, but in https://github.com/moby/moby/discussions/43960 I noticed that the failures only occurred with SELinux in enforce mode.

[kolyshkin]

Ah! Finally reproduced that locally:

[kir@kir-rhat runc-tst]$ sudo ./runc --systemd-cgroup run -d 234
[kir@kir-rhat runc-tst]$ sudo ./runc --systemd-cgroup exec -t 234 sh -c 'ls -l /proc/self/fd/0; echo 123'
lrwx------    1 root     root            64 Aug 17 22:13 /proc/self/fd/0 -> /dev/pts/0
123
[kir@kir-rhat runc-tst]$ sudo ./runc --systemd-cgroup exec -t 234 sh -c 'ls -l /proc/self/fd/0; echo 123'
lrwx------    1 root     root            64 Aug 17 22:13 /proc/self/fd/0 -> /dev/pts/0
123
[kir@kir-rhat runc-tst]$ sudo systemctl daemon-reload
[kir@kir-rhat runc-tst]$ sudo ./runc --systemd-cgroup exec -t 234 sh -c 'ls -l /proc/self/fd/0; echo 123'
ERRO[0000] exec failed: unable to start container process: open /dev/pts/0: operation not permitted 

[kolyshkin]

Hmm, I am having a problem reproducing this.

Ah! It was missing -t from the runc exec 🤦🏻

[kolyshkin]

OK, the test fails for ci / test jobs (recent Ubuntu) as well as for CentOS 8, 9, and Fedora 36.

For some reason it does not fail for CentOS 7 -- I guess the version of systemd in there does not reload device rules upon systemctl daemon-reload.