-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running container is reported as stopped when cgroup v1 is used and freezer is disabled #1612
Comments
since you've already analyzed the root cause, would you mind opening a PR to fix it? I think what we can do is to do a check |
The problem is that for some reason, that one path does exist, but there is nothing inside... |
ok, I ran |
So far, I have something like this: diff --git a/src/libcrun/cgroup.c b/src/libcrun/cgroup.c
index 4a9497d..a984f70 100644
--- a/src/libcrun/cgroup.c
+++ b/src/libcrun/cgroup.c
@@ -37,6 +37,7 @@
#include <inttypes.h>
#include <time.h>
+#include <linux/magic.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
@@ -173,7 +174,22 @@ libcrun_cgroup_is_container_paused (struct libcrun_cgroup_status *status, bool *
ret = read_all_file (path, &content, NULL, err);
if (UNLIKELY (ret < 0))
- return ret;
+ {
+ errno = crun_error_get_errno (err);
+ if (errno != ENOENT || cgroup_mode == CGROUP_MODE_UNIFIED)
+ return ret;
+
+ struct statfs freezer_stat;
+ if ( statfs (CGROUP_ROOT "/freezer", &freezer_stat))
+ return crun_make_error (err, errno, "error getting stats of `%s`", CGROUP_ROOT "/freezer");
+
+ if (freezer_stat.f_type == CGROUP_SUPER_MAGIC)
+ return ret;
+
+ crun_error_release (err);
+ *paused = false;
+ return 0;
+ }
*paused = strstr (content, state) != NULL;
return 0; I will need to add some comments and change error text, but the logic is more or less there. AFAIK, cgroupv2 cannot exist without the freeze ability, so no need to check that case. Once I do that, and I have a proper commit message, I will create the PR @giuseppe |
thanks, the patch looks good to me |
Please open a PR? |
@michalsieron I am going to cut a new release today. If you hurry to open a PR, I'll merge your patch |
On cgroup v1 it is possible to disable freezer subsystem. In such case freezer.state file won't be present. Due to the race condition handling in libcrun_get_container_state_string, missing freezer.state would be interpreted as cgroup being removed when check is being performed. But as indicated earlier, that is not the case when it's cgroup v1 and the freezer is disabled. Therefore introduce logic that checks for that using type of the filesystem mounted under the freezer directory. When freezer is disabled, container simply cannot be paused. Fixes containers#1612 Signed-off-by: Michal Sieron <[email protected]>
On cgroup v1 it is possible to disable freezer subsystem. In such case freezer.state file won't be present. Due to the race condition handling in libcrun_get_container_state_string, missing freezer.state would be interpreted as cgroup being removed when check is being performed. But as indicated earlier, that is not the case when it's cgroup v1 and the freezer is disabled. Therefore introduce logic that checks for that using type of the filesystem mounted under the freezer directory. When freezer is disabled, container simply cannot be paused. Fixes containers#1612 Signed-off-by: Michal Sieron <[email protected]>
On cgroup v1 it is possible to disable freezer subsystem. In such case freezer.state file won't be present. Due to the race condition handling in libcrun_get_container_state_string, missing freezer.state would be interpreted as cgroup being removed when check is being performed. But as indicated earlier, that is not the case when it's cgroup v1 and the freezer is disabled. Therefore introduce logic that checks for that using type of the filesystem mounted under the freezer directory. When freezer is disabled, container simply cannot be paused. Fixes containers#1612 Signed-off-by: Michal Sieron <[email protected]>
Environment
systemd.unified_cgroup_hierarchy=0 cgroup_no_v1=freezer
Steps to reproduce
systemd.unified_cgroup_hierarchy=0 cgroup_no_v1=freezer
paramsconfig.json
:mkdir rootfs
and put there a static busybox binary (I took one from EXALAB/Busybox-static)sudo crun --systemd-cgroup run -d test1234
sudo crun state test1234
Expected results: Status of the
test1234
container isrunning
Actual results: Status of the
test1234
container isstopped
Notes
Even though
crun state
reports the container is stopped,crun ps
confirms that there is a process running inside. Trying to usecrun start
on such a container results in an error about missingexec.fifo
file.The issue comes from this interpretation of the missing
freezer.state
file, which was originally merged in #474:crun/src/libcrun/container.c
Lines 3130 to 3146 in 52ed588
When freezer is disabled, the
freezer.state
files don't exist and containers simply cannot be paused/resumed.While writing this, I checked also with
--cgroup-manager=cgroupfs
and it reproduces as well. Only--cgroup-manager=disabled
doesn't reproduce.runc
doesn't have this problem. I think it doesn't take race condition into consideration and when thefreezer.state
file is missing it just interprets it as container not being paused.Proposed solutions
freezer.state
file means (or simply to exit early from "is container paused" check)The text was updated successfully, but these errors were encountered: