Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cgroup2: \"open /sys/fs/cgroup/cgroup.subtree_control: permission denied\"": unknown. #2339

Closed
AkihiroSuda opened this issue Apr 21, 2020 · 2 comments · Fixed by #2340
Closed

cgroup2: \"open /sys/fs/cgroup/cgroup.subtree_control: permission denied\"": unknown. #2339

AkihiroSuda opened this issue Apr 21, 2020 · 2 comments · Fixed by #2340
Labels
area/cgroupv2 area/rootless kind/bug

Comments

@AkihiroSuda
Copy link
Member

Rootless runc on cgroup v2 (but without actual cgroup control) seems to have got broken recently

$ docker --context=rootless run -it --rm alpine
docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:305: applying cgroup configuration for process caused \"open /sys/fs/cgroup/cgroup.subtree_control: permission denied\"": unknown.
ERRO[0000] error waiting for container: context canceled 
$ docker --context=rootless info
Client:
 Debug Mode: false
 Plugins:
  buildx: Build with BuildKit (Docker Inc., v0.3.1-31-g891d355)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 2
 Server Version: dev
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: false
 Logging Driver: json-file
 Cgroup Driver: none
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 1d083fec4939ce58f23a48ad3a914adb826d592a
 runc version: 46be7b612e2533c494e6a251111de46d8e286ed5
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
  rootless
  cgroupns
 Kernel Version: 5.3.0-46-generic
 Operating System: Ubuntu 19.10
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 7.748GiB
 Name: suda-ws01
 ID: CWVR:KJQU:3CNT:IJF7:FMME:22Y7:GKFW:AFKJ:IVLQ:JOVW:3KZY:S25M
 Docker Root Dir: /home/suda/.local/share/docker
 Debug Mode: false
 Username: akihirosuda
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No kernel memory limit support
WARNING: No kernel memory TCP limit support
$ docker --context=rootless version
Client:
 Version:           20.03.0-dev
 API version:       1.41
 Go version:        go1.13.10
 Git commit:        abafad3df
 Built:             Tue Apr 21 15:06:56 2020
 OS/Arch:           linux/amd64
 Experimental:      true

Server:
 Engine:
  Version:          dev
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.10
  Git commit:       ba8129b28a
  Built:            Tue Apr 21 15:06:37 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.3.0-511-g1d083fec
  GitCommit:        1d083fec4939ce58f23a48ad3a914adb826d592a
 runc:
  Version:          1.0.0-rc10+dev
  GitCommit:        46be7b612e2533c494e6a251111de46d8e286ed5
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683
@AkihiroSuda
Copy link
Member Author

Regression in 813cb3e (#2299)

@AkihiroSuda AkihiroSuda mentioned this issue Apr 21, 2020
Merged
AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 21, 2020
@AkihiroSuda
fs2: ignore cgroup.subtree_control EPERM when rootless
8a2a7e0 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda AkihiroSuda mentioned this issue Apr 21, 2020
Merged
@AkihiroSuda
Copy link
Member Author

PR: #2340

AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 21, 2020
@AkihiroSuda
fs2: ignore cgroup.subtree_control EPERM when rootless + add CI
303f465 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
@kolyshkin kolyshkin mentioned this issue Apr 21, 2020
Closed
AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 21, 2020
@AkihiroSuda
fs2: fix cgroup.subtree_control EPERM on rootless + add CI
cec6bab 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 21, 2020
@AkihiroSuda
fs2: fix cgroup.subtree_control EPERM on rootless + add CI
26d44d9 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 21, 2020
@AkihiroSuda
fs2: fix cgroup.subtree_control EPERM on rootless + add CI
473a18d 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 21, 2020
@AkihiroSuda
fs2: fix cgroup.subtree_control EPERM on rootless + add CI
4a5ba4c 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 21, 2020
@AkihiroSuda
fs2: fix cgroup.subtree_control EPERM on rootless + add CI
2dab750 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 21, 2020
@AkihiroSuda
fs2: fix cgroup.subtree_control EPERM on rootless + add CI
5e157cd 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 21, 2020
@AkihiroSuda
fs2: fix cgroup.subtree_control EPERM on rootless + add CI
ce64430 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 22, 2020
@AkihiroSuda
fs2: fix cgroup.subtree_control EPERM on rootless + add CI
7fc5bae 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 22, 2020
@AkihiroSuda
fs2: fix cgroup.subtree_control EPERM on rootless + add CI
197faf5 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 22, 2020
@AkihiroSuda
fs2: fix cgroup.subtree_control EPERM on rootless + add CI
726c46b 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 22, 2020
@AkihiroSuda
fs2: fix cgroup.subtree_control EPERM on rootless + add CI
9867192 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda added a commit to AkihiroSuda/runc that referenced this issue Apr 22, 2020
@AkihiroSuda
fs2: fix cgroup.subtree_control EPERM on rootless + add CI
753857c 
Fix opencontainers#2339 (regression in 813cb3e)

Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda added a commit that referenced this issue Oct 20, 2020
@AkihiroSuda
Revert "rootfs: handle nested procfs mounts for MS_MOVE"
2aa00eb 
This reverts commit b8bf572.

Revert #2647
Reopen #2339

Signed-off-by: Akihiro Suda <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/cgroupv2 area/rootless kind/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fs2: fix cgroup.subtree_control EPERM on rootless + add CI AkihiroSuda/runc
1 participant
@AkihiroSuda