crun --oci cgroup nesting causes error on cgroups v1 as non-root #1569
Comments
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
Apr 17, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in sylabs#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs#1569
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
Apr 17, 2023
Pick sylabs#1570 If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in sylabs#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs#1569
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Apr 24, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
May 24, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
May 24, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jun 14, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jun 14, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jun 14, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jun 16, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jul 4, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jul 11, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jul 21, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jul 24, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version of Singularity
main
Describe the bug
After #1539 attempting to run a container in
--ocimode on a cgroups v1 system usingcrunwill fail with an error. This can be seen in the e2e-tests on RHEL8...To Reproduce
singularity run --oci docker://sylabsio/docker-useron a system using cgroups v1 and crun (not runc).Expected Behavior
Under cgroups v1 as a normal user, we cannot create a cgroup to move into before calling
crun, so we should not try to do this.In this mode of operation (cgroups v1, unprivileged),
crunwon't be trying to do the same cgroup manipulation as on a v2 system. Therefore we (a) generally don't hit the issue #1539 works around... and (b) have no ability to rectify any cgroup constraints that will cause a different failure.The text was updated successfully, but these errors were encountered: