-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crun --oci cgroup nesting causes error on cgroups v1 as non-root #1569
Comments
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
Apr 17, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in sylabs#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs#1569
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
Apr 17, 2023
Pick sylabs#1570 If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in sylabs#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs#1569
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Apr 24, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
May 24, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
May 24, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jun 14, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jun 14, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jun 14, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jun 16, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jul 4, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jul 11, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jul 21, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk
pushed a commit
to vzokay/apptainer
that referenced
this issue
Jul 24, 2023
If we are running under cgroups v1 or with the cgroupfs manager (i.e. not systemd as cgroup manager), do not attempt to enter a cgroup at startup with crun. We cannot create a cgroup unprivileged in this situation. Under cgroups v1, crun will not perform the cgroups manipulation that leads to the issue we worked around in apptainer#1539. Any other issue with the cgroup that we are in at launch cannot be rectified, either. Fixes sylabs/singularity#1569 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version of Singularity
main
Describe the bug
After #1539 attempting to run a container in
--oci
mode on a cgroups v1 system usingcrun
will fail with an error. This can be seen in the e2e-tests on RHEL8...To Reproduce
singularity run --oci docker://sylabsio/docker-user
on a system using cgroups v1 and crun (not runc).Expected Behavior
Under cgroups v1 as a normal user, we cannot create a cgroup to move into before calling
crun
, so we should not try to do this.In this mode of operation (cgroups v1, unprivileged),
crun
won't be trying to do the same cgroup manipulation as on a v2 system. Therefore we (a) generally don't hit the issue #1539 works around... and (b) have no ability to rectify any cgroup constraints that will cause a different failure.The text was updated successfully, but these errors were encountered: