-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Podman in systemd mode fails on non-systemd hosts #15647
Comments
@vrothberg PTAL |
Thanks for reaching out, @LewisGaul! Would systemd inside a container work without it being present on the host, @giuseppe @rhatdan? I do not know why it wouldn't but may be overlooking something. |
Yes, we have a container that uses systemd and it works fine on Alpine with |
You can manually mount it with:
|
@giuseppe should we add auto-detection to Podman for that? |
IMO, Podman should not change the system configuration. Maybe just a warning when systemd mode is used && the host is not using systemd && cgroupv1 && |
I'm fully aware of this workaround. This is not required to be able to create the mount inside the container though, and podman fails to handle this case. IMO podman shouldn't require the |
completely untested as I've no access to a cgroupv1 system without systemd at the moment, but would something like the following patch work for you?: diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 5c5fd471b..c4a85bc64 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1073,10 +1073,15 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
g.AddMount(systemdMnt)
} else {
mountOptions := []string{"bind", "rprivate"}
-
+ typ := "bind"
var statfs unix.Statfs_t
if err := unix.Statfs("/sys/fs/cgroup/systemd", &statfs); err != nil {
- mountOptions = append(mountOptions, "nodev", "noexec", "nosuid")
+ if os.IsNotExist(err) {
+ typ = "cgroup"
+ mountOptions = []string{"none", "name=systemd"}
+ } else {
+ mountOptions = append(mountOptions, "nodev", "noexec", "nosuid")
+ }
} else {
if statfs.Flags&unix.MS_NODEV == unix.MS_NODEV {
mountOptions = append(mountOptions, "nodev")
@@ -1094,7 +1099,7 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
systemdMnt := spec.Mount{
Destination: "/sys/fs/cgroup/systemd",
- Type: "bind",
+ Type: typ,
Source: "/sys/fs/cgroup/systemd",
Options: mountOptions,
} |
@giuseppe the suggested patch looks like a reasonable approach to me. FWIW here's a minimal reproducer (e.g. on Alpine with cgroups v1), showing that systemd containers do work on hosts that don't have
|
is there any special reason for not using cgroup v2? That would also solve the issue you are seeing |
We provide the container image and users pick the host - we support cgroup v1 and cgroup v2. Using docker is also an option - there are quite a few alternatives. If this is something that could be fixed in podman would it be possible to reopen the issue? :) |
I think @giuseppe fix is reasonable. Can it handle cgroupsV1 and V2 though. |
one issue with my patch above is that both crun and runc treat the mount of type "cgroup" as an entire cgroup hierarchy, so there is no way to mount the systemd named cgroup alone. Given this limitation, you will still need the mount on the host for podman to work with the existing OCI runtimes |
I'm not sure I follow. It should be fine if the container runtime doesn't mount |
it will create that only if you grant
|
As per https://systemd.io/CONTAINER_INTERFACE/, |
Podman aims at the use case described later in that document: Given that adding this change won't regress other use cases, I've opened a PR: #15668 |
skip adding the /sys/fs/cgroup/systemd bind mount if it is not already present on the host. [NO NEW TESTS NEEDED] requires a system without systemd. Closes: containers#15647 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
On Alpine 3.15, trying to run systemd containers leads to an error from trying to stat the host's
/sys/fs/cgroup/systemd/
, which does not exist.I realise Alpine may not be an officially supported distro, but this may be an issue worth fixing anyway?
Steps to reproduce the issue:
Run container on cgroups v1 host that does not have
/sys/fs/cgroup/systemd/
in systemd mode (either with--systemd=always
or with/sbin/init
as the entrypoint).Describe the results you received:
Describe the results you expected:
No error.
Additional information you deem important (e.g. issue happens only occasionally):
Example above uses
--systemd=always
, but the default is for podman to detect whether the container is running systemd, so this issue can be seen even without the--systemd
arg (and--systemd=false
is a workaround).Output of
podman version
:Output of
podman info
:Package info (output of
apk info podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
No
Additional environment details (AWS, VirtualBox, physical, etc.):
QEMU VM running Alpine 3.15 cloud image.
The text was updated successfully, but these errors were encountered: