-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Still got an occasional "permission denied" error while cgroup frozen failed. #3803
Comments
jiusanzhou
added a commit
to jiusanzhou/runc
that referenced
this issue
Apr 3, 2023
jiusanzhou
added a commit
to jiusanzhou/runc
that referenced
this issue
Apr 3, 2023
…iled. opencontainers#3803 Signed-off-by: Zoe <[email protected]>
This is an old version. Can you please retry with the latest released runc version, 1.1.5? |
Sorry I gave a wrong version, it's actually 1.1.2 |
jiusanzhou
added a commit
to jiusanzhou/runc
that referenced
this issue
Apr 6, 2023
…iled. opencontainers#3803 Signed-off-by: Zoe <[email protected]>
jiusanzhou
added a commit
to jiusanzhou/runc
that referenced
this issue
Apr 6, 2023
…iled. opencontainers#3803 Signed-off-by: Zoe <[email protected]>
jiusanzhou
added a commit
to jiusanzhou/runc
that referenced
this issue
Apr 7, 2023
In code we have frozen the cgroup to avoid the processes get an occasional "permission denied" error, while the systemd's application of device rules is done disruptively. When the processes in the container can not be frozen over 2 seconds (which defined in fs/freezer.go), we still update the cgroup which resulting the container get an occasional "permission denied" error in some cases. Return error directly without updating cgroup, when freeze fails. Fixes: opencontainers#3803 Signed-off-by: Zoe <[email protected]>
jiusanzhou
added a commit
to jiusanzhou/runc
that referenced
this issue
Apr 7, 2023
In code we have frozen the cgroup to avoid the processes get an occasional "permission denied" error, while the systemd's application of device rules is done disruptively. When the processes in the container can not be frozen over 2 seconds (which defined in fs/freezer.go), we still update the cgroup which resulting the container get an occasional "permission denied" error in some cases. Return error directly without updating cgroup, when freeze fails. Fixes: opencontainers#3803 Signed-off-by: Zoe <[email protected]>
jiusanzhou
added a commit
to jiusanzhou/runc
that referenced
this issue
Apr 17, 2023
In code we have frozen the cgroup to avoid the processes get an occasional "permission denied" error, while the systemd's application of device rules is done disruptively. When the processes in the container can not be frozen over 2 seconds (which defined in fs/freezer.go), we still update the cgroup which resulting the container get an occasional "permission denied" error in some cases. Return error directly without updating cgroup, when freeze fails. Fixes: opencontainers#3803 Signed-off-by: Zoe <[email protected]>
jiusanzhou
added a commit
to jiusanzhou/runc
that referenced
this issue
Apr 27, 2023
In code we have frozen the cgroup to avoid the processes get an occasional "permission denied" error, while the systemd's application of device rules is done disruptively. When the processes in the container can not be frozen over 2 seconds (which defined in fs/freezer.go), we still update the cgroup which resulting the container get an occasional "permission denied" error in some cases. Return error directly without updating cgroup, when freeze fails. Fixes: opencontainers#3803 Signed-off-by: Zoe <[email protected]>
jiusanzhou
added a commit
to jiusanzhou/runc
that referenced
this issue
Apr 29, 2023
In code we have frozen the cgroup to avoid the processes get an occasional "permission denied" error, while the systemd's application of device rules is done disruptively. When the processes in the container can not be frozen over 2 seconds (which defined in fs/freezer.go), we still update the cgroup which resulting the container get an occasional "permission denied" error in some cases. Return error directly without updating cgroup, when freeze fails. Fixes: opencontainers#3803 Signed-off-by: Zoe <[email protected]>
jiusanzhou
added a commit
to jiusanzhou/runc
that referenced
this issue
Jun 12, 2023
In code we have frozen the cgroup to avoid the processes get an occasional "permission denied" error, while the systemd's application of device rules is done disruptively. When the processes in the container can not be frozen over 2 seconds (which defined in fs/freezer.go), we still update the cgroup which resulting the container get an occasional "permission denied" error in some cases. Return error directly without updating cgroup, when freeze fails. Fixes: opencontainers#3803 Signed-off-by: Zoe <[email protected]>
jiusanzhou
added a commit
to jiusanzhou/runc
that referenced
this issue
Jun 30, 2023
In code we have frozen the cgroup to avoid the processes get an occasional "permission denied" error, while the systemd's application of device rules is done disruptively. When the processes in the container can not be frozen over 2 seconds (which defined in fs/freezer.go), we still update the cgroup which resulting the container get an occasional "permission denied" error in some cases. Return error directly without updating cgroup, when freeze fails. Fixes: opencontainers#3803 Signed-off-by: Zoe <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Currenty we have frozen the container to avoid the container get
an occasional "permission denied" error, while the systemd's application of device
rules is done disruptively.
But when the processes in the container can not be frozen over 2 seconds, we still update the cgroup which resulting the container get
an occasional "permission denied" error in some cases.
The code in
libcontainer/cgroups/systemd/v1.go
btw, 2 seconds set in
libcontainer/cgroups/fs/freezer.go
Steps to reproduce the issue
Describe the results you received and expected
Avoid an occasional "permission denied" error.
What version of runc are you using?
1.1.2
Host OS information
No response
Host kernel information
No response
The text was updated successfully, but these errors were encountered: