Rodrigo Campos
Rodrigo Campos
But I honestly don't think this is something we want to fix in runc. I'm okay if the PR to fix this is very small, but it seems like the...
Thinking about it more, we can probably break other setups changing the syscalls we do at that point. I think it is unlikely we do, but we can check if...
Thanks! This change of behavior, judging from the runtime-spec PR, requires a change of behavior at the runtime-spec first. I'm marking as draft for now, let me know if I'm...
@AkihiroSuda awesome, thanks a lot! So https://github.com/opencontainers/runc/commit/8e1cd2f56d518f8d6292b8bb39f0d0932e4b6c2a still fails with other errors, but its parent passes all the test? Or which is the last good commit? https://github.com/opencontainers/runc/commit/f2f16213e174fb63e931fe0546bbbad1d9bbed6f is present in...
Reverting https://github.com/opencontainers/runc/commit/f2f16213e174fb63e931fe0546bbbad1d9bbed6f on top of main (the conflicts are just the context, it is trivial), fixes a lot of the tests: https://github.com/moby/moby/actions/runs/10558009347/job/29246756508?pr=48336. This fixes rootless and systemd+22.04, docker-py and maybe...
So, the first bad commit is "nsenter: cloned_binary: remove bindfd logic entirely" (b999376fb237195265081a8b8ba3fd3bd6ef8c2c). The parent commit, 23e41ef04d7d5eee201f0d7444c3ce68bc675d9f, passes all the tests just fine. Here are the tests: https://github.com/moby/moby/actions/runs/10567858267/job/29277756893?pr=48336. Of course...
Adding more info to the puzzle. If I disable the runc-binary sealing (no self/exe clone at all) and I revert "init: close internal fds before execve" (f2f16213e174fb63e931fe0546bbbad1d9bbed6f) from runc main,...
Reverting only one of the commits doesn't fix all the tests, I need both "reverts" for all tests to pass.
@cyphar it seems that was right on spot, thanks! So, using just runc 1.2.0-rc.2 and adding a lot of "wait for the container to be running" in moby and some...
> Ah, I expected that to only help with some of the issues. What about the `procError` ones? I didn't expect those to be races with the log reading as...