Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

checkpoint of contianer with userns is not working #1207

Open
Luap99 opened this issue May 8, 2023 · 2 comments
Open

checkpoint of contianer with userns is not working #1207

Luap99 opened this issue May 8, 2023 · 2 comments

Comments

@Luap99
Copy link
Member

Luap99 commented May 8, 2023 

$ sudo bin/podman run -d --name test --uidmap 0:0:1000 quay.io/libpod/testimage:20221018 top
fcfc957177dec9a4ae308ad79713bb2a1b5598af76f1d128b24b576ad0a90021
$ sudo bin/podman container checkpoint test
2023-05-08T12:49:06.173711Z: CRIU checkpointing failed -52.  Please check CRIU logfile /var/lib/containers/storage/overlay-containers/fcfc957177dec9a4ae308ad79713bb2a1b5598af76f1d128b24b576ad0a90021/userdata/dump.log
Error: `/usr/bin/crun checkpoint --image-path /var/lib/containers/storage/overlay-containers/fcfc957177dec9a4ae308ad79713bb2a1b5598af76f1d128b24b576ad0a90021/userdata/checkpoint --work-path /var/lib/containers/storage/overlay-containers/fcfc957177dec9a4ae308ad79713bb2a1b5598af76f1d128b24b576ad0a90021/userdata fcfc957177dec9a4ae308ad79713bb2a1b5598af76f1d128b24b576ad0a90021` failed: exit status 1

Relevant line from the log:
(00.120964) Error (criu/mount.c:753): mnt: 2049:./dev/urandom doesn't have a proper root mount
Full log: dump.log

When the --uidmap argument is not used it works correctly, it works with runc but there is still a podman bug: containers/podman#18502

$ crun --version
crun version 1.8.4
commit: 5a8fa99a5e41facba2eda4af12fa26313918805b
rundir: /run/user/1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
@Luap99 Luap99 mentioned this issue May 9, 2023
Open
@Luap99 Luap99 mentioned this issue Aug 3, 2023
Open
@saschagrunert saschagrunert mentioned this issue Aug 14, 2024
Merged
@saschagrunert
Copy link
Member

@Luap99 is this still an issue? Do you think we could fix that in the near future somehow? cc @adrianreber

@Luap99
Copy link
Member Author

Luap99 commented Sep 16, 2024

I would assume so, nothing has changed and my reproducer still fails with the same error message

In general restoring the network namespace for a userns is currently broken anyways with the runtime restore API as the process is started right away so podman has no chance to configure the netns after oci runtime created the namespaces as the process is started right away (unlike the normal container startup sequence with uses two steps for create then start so we can configure the netns in between there without issues).

But I guess crun first should be able to checkpoint before we can work on the restore side.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@saschagrunert @Luap99