1772460 – After upgrading my silverblue to crun-0.10.5, toolbox stopped to work.

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1772460 - After upgrading my silverblue to crun-0.10.5, toolbox stopped to work.

Summary: After upgrading my silverblue to crun-0.10.5, toolbox stopped to work.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	crun
Sub Component:
Version:	31
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Giuseppe Scrivano
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1773440 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-11-14 12:16 UTC by Martin Vala
Modified:	2019-11-20 03:15 UTC (History)
CC List:	5 users (show)
Fixed In Version:	crun-0.10.6-1.fc31
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-11-19 01:36:05 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Martin Vala 2019-11-14 12:16:51 UTC

Description of problem:
After upgrading my silverblue to crun-0.10.5, toolbox stopped to work.

Version-Release number of selected component (if applicable):


How reproducible:
Alwasy

Steps to Reproduce:
1.toolbox -v enter
...
Error: unable to start container "fedora-toolbox-31": cannot configure rootless cgroup using the cgroupfs manager
creating file '/var/home/mvala/.local/share/containers/storage/overlay/332882d167052a4cfb35be429fe3787bfeefc90aa506dd4ac9a2978b8d68376f/merged/mnt': Is a directory: OCI runtime error
toolbox: failed to start container fedora-toolbox-31

2.
3.

Actual results:
Toolbox doesn't work

Expected results:
toolbox will work


Additional info:
It is working with crun-0.10.2

Comment 1 Giuseppe Scrivano 2019-11-14 13:43:06 UTC

fixed with: https://github.com/containers/crun/pull/178

Comment 2 Jens Petersen 2019-11-18 02:36:33 UTC

Please test toolbox before pushing container package updates to Bodhi :)

Comment 3 Jens Petersen 2019-11-18 02:37:44 UTC

Of course what we really need is dependent CI and gating.

Comment 4 Giuseppe Scrivano 2019-11-18 07:59:09 UTC

(In reply to Jens Petersen from comment #2)
> Please test toolbox before pushing container package updates to Bodhi :)

testing toolbox wouldn't have been enough.  The issue happens when the source is a symlink as it is the case on Silverblue.

Comment 5 Martin Pitt 2019-11-18 08:51:52 UTC

*** Bug 1773440 has been marked as a duplicate of this bug. ***

Comment 6 Fedora Update System 2019-11-18 09:37:55 UTC

FEDORA-2019-4b4957bbc6 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-4b4957bbc6

Comment 7 Fedora Update System 2019-11-19 01:36:05 UTC

crun-0.10.6-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Bryan Roessler 2019-11-20 03:15:21 UTC

I'm running into this issue on crun-0.10.6:

[conmon:d]: failed to write to /proc/self/oom_score_adj: Permission denied

DEBU[0000] Received: -1                                 
DEBU[0000] Cleaning up container a3f4802cea8f85f6d7a99c4f7533f927e26c8a9d69fdf6028f8e3c179db7706b 
DEBU[0000] Network is already cleaned up, skipping...   
DEBU[0000] unmounted container "a3f4802cea8f85f6d7a99c4f7533f927e26c8a9d69fdf6028f8e3c179db7706b" 
DEBU[0000] Cleaning up container a3f4802cea8f85f6d7a99c4f7533f927e26c8a9d69fdf6028f8e3c179db7706b 
DEBU[0000] Network is already cleaned up, skipping...   
DEBU[0000] Container a3f4802cea8f85f6d7a99c4f7533f927e26c8a9d69fdf6028f8e3c179db7706b storage is already unmounted, skipping... 
DEBU[0000] Container a3f4802cea8f85f6d7a99c4f7533f927e26c8a9d69fdf6028f8e3c179db7706b storage is already unmounted, skipping... 
DEBU[0000] ExitCode msg: "creating file '/home/bryan/.local/share/containers/storage/overlay/1c23f4e29c00e151b4f10d11580c352a05539b4acda4d9b513101d5d595d19d7/merged/run/secrets': permission denied: oci runtime permission denied error" 
ERRO[0000] creating file '/home/bryan/.local/share/containers/storage/overlay/1c23f4e29c00e151b4f10d11580c352a05539b4acda4d9b513101d5d595d19d7/merged/run/secrets': Permission denied: OCI runtime permission denied error 

If I terminate a container then I cannot create a new container of the same name:

ERRO[0000] error creating container storage: the container name "mc_guacgui" is already in use by "07ddddde745f0848dd22264828d4aa7503ca10721678ca8c1326f2251561bc87". You have to remove that container to be able to reuse that name.: that name is already in use 

That container is not listed in `podman container ls -a`, so I must remove it with:

podman rm --force --storage 07ddddde745f0848dd22264828d4aa7503ca10721678ca8c1326f2251561bc87

After this, if I try to rerun podman run to build the container, I get the OCI error listed above.

If I reboot then I can run podman run successfully until I terminate the container, which brings me back into the loop. So I am stuck only running the same container ONCE per reboot.

Note You need to log in before you can comment on or make changes to this bug.