1406830 – using --tmpfs to specify the sizes of things like /run and /tmp get overridden by the hook

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1406830 - using --tmpfs to specify the sizes of things like /run and /tmp get overridden by the hook

Summary: using --tmpfs to specify the sizes of things like /run and /tmp get overridde...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	oci-systemd-hook
Sub Component:
Version:	25
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-12-21 15:15 UTC by James Hogarth
Modified:	2017-04-01 16:57 UTC (History)
CC List:	4 users (show)
Fixed In Version:	oci-systemd-hook-0.1.5-1.git16f7c8a.fc25 oci-systemd-hook-0.1.6-1.gitfe22236.fc25 oci-systemd-hook-0.1.6-1.gitfe22236.fc26
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-03-14 17:22:56 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	projectatomic oci-systemd-hook issues 38	0	None	None	None	2016-12-21 15:22:59 UTC

Description James Hogarth 2016-12-21 15:15:25 UTC

Description of problem:
If there's a preference to set the size allocated to something the hook usually handles (eg /tmp or /run) using --tmpfs this gets overridden by the hook and no longer has any effect

Version-Release number of selected component (if applicable):
docker-1.12.3-12.git97974ae.fc25.x86_64
oci-systemd-hook-0.1.4-3.git41491a3.fc25.x86_64


How reproducible:
deterministic

Steps to Reproduce:
1. 

cat > Dockerfile.systemd-test << EOF
FROM centos:latest

RUN yum -y install systemd bash
ENTRYPOINT ["/sbin/init"]
EOF


2. docker build -f Dockerfile.systemd-test -t systemd-test . 
3. docker run -d --tmpfs /tmp:rw,mode=1777,size=2G --name systemd-test systemd-test
4. docker exec systemd-test df -h

Actual results:
Filesystem                                             Size  Used Avail Use% Mounted on
/dev/mapper/luks-533c35ab-2572-45ad-b18b-5203c8b8563f  231G  192G   37G  84% /
tmpfs                                                  3.9G     0  3.9G   0% /dev
tmpfs                                                  3.9G     0  3.9G   0% /sys/fs/cgroup
tmpfs                                                  4.0E     0  4.0E   0% /tmp
/dev/mapper/luks-533c35ab-2572-45ad-b18b-5203c8b8563f  231G  192G   37G  84% /etc/hosts
shm                                                     64M     0   64M   0% /dev/shm
tmpfs                                                   64M   16K   64M   1% /run


Expected results:
A /tmp of 2G in size

Additional info:
Using docker inspect the tmpfs point is seen:

"Tmpfs": {
  "/tmp": "rw,mode=1777,size=2G"
},

However this is not reflect in mounts:

"Mounts": [],

The oci-systemd-hook checks mounts in the json, but not tmpfs:

https://github.com/projectatomic/oci-systemd-hook/blob/master/src/systemdhook.c#L775

As a result it doesn't "see" /tmp as already mounted so promptly mounts over it with its own setting.

Comment 1 Fedora Update System 2017-02-08 13:50:02 UTC

oci-systemd-hook-0.1.5-1.git16f7c8a.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-8a6b1e478c

Comment 2 James Hogarth 2017-02-09 12:17:34 UTC

This doesn't fix this test case ...

[ja.hogarth@lap37607 tmpfstest]$ docker run -d --tmpfs /tmp:rw,mode=1777,size=2G --name systemd-test systemd-test
0fa074ee8e282c0806dd5ca3d7023e3915a441eda66952732edf9ec4bda42d4a
[ja.hogarth@lap37607 tmpfstest]$  docker exec systemd-test df -h
Filesystem                                             Size  Used Avail Use% Mounted on
/dev/mapper/luks-533c35ab-2572-45ad-b18b-5203c8b8563f  231G   98G  131G  43% /
tmpfs                                                  3.9G     0  3.9G   0% /dev
tmpfs                                                  3.9G     0  3.9G   0% /sys/fs/cgroup
tmpfs                                                  3.9G     0  3.9G   0% /tmp
/dev/mapper/luks-533c35ab-2572-45ad-b18b-5203c8b8563f  231G   98G  131G  43% /etc/hosts
shm                                                     64M     0   64M   0% /dev/shm
tmpfs                                                   64M   16K   64M   1% /run
tmpfs                                                   64M     0   64M   0% /var/log/journal

Based on that run I'd have expect /tmp to be 2G but it is still 50% of the host RAM as it has been overridden by the automounting of oci-systemd-hook still.

Comment 3 James Hogarth 2017-02-09 12:23:19 UTC

From docker inspect:

 "Tmpfs": {
                "/tmp": "rw,mode=1777,size=2G"
            },
 "Mounts": [],


Looking at the code the decision about whether oci-systemd-hook should auto create the tmpfs structures (such as /tmp) is still based on Mounts, which is unpopulated.


[ja.hogarth@lap37607 tmpfstest]$ rpm -qa \*docker\* oci-systemd-hook
oci-systemd-hook-0.1.5-1.git16f7c8a.fc25.x86_64
python2-dockerfile-parse-0.0.5-7.fc25.noarch
docker-common-1.12.6-6.gitae7d637.fc25.x86_64
docker-1.12.6-6.gitae7d637.fc25.x86_64
docker-v1.10-migrator-1.12.6-6.gitae7d637.fc25.x86_64
python-docker-py-1.10.6-1.fc25.noarch
python2-docker-pycreds-0.2.1-2.fc25.noarch
docker-client-4.0.6-3.fc25.noarch

Comment 4 Daniel Walsh 2017-02-09 16:43:34 UTC

James could you attempt your test with this patch on oci-systemd-hook

https://github.com/projectatomic/oci-systemd-hook/pull/49

From my testing it fixes your issue, and greatly simplifies oci-systemd-hook.

Comment 5 Fedora Update System 2017-02-09 22:20:47 UTC

oci-systemd-hook-0.1.5-1.git16f7c8a.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-8a6b1e478c

Comment 6 James Hogarth 2017-02-09 23:05:22 UTC

So the good news:

So I popped this on top of the most recent F25 build in koji (the one with the bodhi update) and it does indeed fix this issue:

rb:system|[james@james-lap tmpfstest]$ docker run -d --tmpfs /tmp:rw,mode=1777,size=2G --name systemd-test systemd-test
ae30a11142d7ee67d9693643ce74d90d74f76fce1b5aa32b067e66d60d241029
rb:system|[james@james-lap tmpfstest]$  docker exec systemd-test df -h
Filesystem                                             Size  Used Avail Use% Mounted on
/dev/sdb1                                              932G  348G  583G  38% /
tmpfs                                                  7.8G     0  7.8G   0% /dev
tmpfs                                                  7.8G     0  7.8G   0% /sys/fs/cgroup
tmpfs                                                  2.0G     0  2.0G   0% /tmp
/dev/sdb1                                              932G  348G  583G  38% /etc/hosts
shm                                                     64M     0   64M   0% /dev/shm
tmpfs                                                   64M     0   64M   0% /run
tmpfs                                                   64M     0   64M   0% /var/log/journal
/dev/mapper/luks-2d9f6449-a51a-41eb-9ee0-56b54271c942  111G   89G   21G  82% /var/log/journal/ae30a11142d7ee67d9693643ce74d90d

A 2GB /tmp on tmpfs specified and the container indeed shows /tmp with only 2G rather than the 8GB I'd expect on this machine otherwise.

The bad news:

For some reason although you can see /sbin/init in docker top it doesn't appear to actually do anything:

rb:system|[james@james-lap tmpfstest]$ while true; do  docker top localtest-mdb ; sleep 1 ; done
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                8027                8011                0                   23:02               ?                   00:00:00            /sbin/init
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                8027                8011                0                   23:02               ?                   00:00:00            /sbin/init
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD

There's no journald or dbus etc so it's pretty broken like that and nothing in the way of logs.

Comment 7 Daniel Walsh 2017-02-10 13:33:00 UTC

Yes, I am continuing to work on it. For some reason I can't get anywhere on Rawhide with this stuff.  But I have pushed more patches to that branch which might fix your last issue.

Basically remount /sys/fs/cgroup/systemd so that it can be read/write

Comment 8 James Hogarth 2017-02-10 20:08:44 UTC

So I've built oci-systemd-hook with the current koji build and this applied on top of it:

https://patch-diff.githubusercontent.com/raw/projectatomic/oci-systemd-hook/pull/49.patch

From the three issues I raised recently:

bug 1406435 - this is still fixed with this patch applied

bug 1406830 - this bug is not fixed with this patch

docker run -d --tmpfs /tmp:rw,mode=1777,size=2G --name systemd-test systemd-test
tmpfs    7.8G     0  7.8G   0% /tmp

bug 1419040 - this bug is still fixed with this patch applied

Comment 9 Daniel Walsh 2017-02-10 21:33:38 UTC

That's weird, that one works for me.

docker run --rm -ti --tmpfs /tmp:rw,mode=1777,size=2G --name systemd-test fedora mount | grep /tmp
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noexec,relatime,context="system_u:object_r:container_file_t:s0:c607,c838",size=2097152k)

Comment 10 Fedora Update System 2017-03-12 11:41:48 UTC

oci-systemd-hook-0.1.6-1.gitfe22236.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-a25973481c

Comment 11 Fedora Update System 2017-03-12 11:42:07 UTC

oci-systemd-hook-0.1.6-1.gitfe22236.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-5e4259e590

Comment 12 Fedora Update System 2017-03-12 21:51:53 UTC

oci-systemd-hook-0.1.5-1.git16f7c8a.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2017-03-13 00:21:45 UTC

oci-systemd-hook-0.1.6-1.gitfe22236.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-5e4259e590

Comment 14 Fedora Update System 2017-03-13 01:51:11 UTC

oci-systemd-hook-0.1.6-1.gitfe22236.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-a25973481c

Comment 15 Fedora Update System 2017-03-14 17:22:56 UTC

oci-systemd-hook-0.1.6-1.gitfe22236.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2017-04-01 16:57:17 UTC

oci-systemd-hook-0.1.6-1.gitfe22236.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.