google/gvisor

Unable to get hostname of host when running container with --uts=host

Open

#7995 aperta il 19 set 2022

Vedi su GitHub
 (6 commenti) (0 reazioni) (0 assegnatari)Go (1061 fork)batch import
good first issuestatus: help wantedtype: bug

Metriche repository

Star
 (12.713 star)
Metriche merge PR
 (Merge medio 6g 13h) (156 PR mergiate in 30 g)

Descrizione

Description

Runsc will always return empty hostname when running container with --uts=host by docker, this is not the host-uts expects. And runtime runc is OK. The reason is runsc always create new uts namespace, and set hostname by runtime-spec.Hostname from here. When specify --uts=host by docker, docker daemon will clear the runtime-spec.Hostname argument and expect runtime to inherit uts namepsace from host, and runsc do not does. I'm not sure if we should consider --uts=host of docker, but it makes some application run failed.

Steps to reproduce

  1. Configure /etc/docker/daemon.json with runtime runsc ... "runtimes": { "runsc": { "path": "/usr/local/bin/runsc", }, ...

  2. Run container with --uts=host and runtime runsc

$ docker run --uts=host --runtime runsc centos:7 hostname


$

We will get empty hostname, but runtime runc is correct.

$ hostname
yiftan-LC0

$ docker run --uts=host --runtime runc centos:7 hostname 
yiftan-LC0

$

runsc version

runsc version release-20220913.0-19-gcfc29d3b5dac
spec: 1.0.2-dev

docker version (if using docker)

$ docker version 
Client:
 Version:           20.10.7
 API version:       1.41
 Go version:        go1.13.8
 Git commit:        20.10.7-0ubuntu5~18.04.3
 Built:             Mon Nov  1 01:04:14 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          20.10.7
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.8
  Git commit:       20.10.7-0ubuntu5~18.04.3
  Built:            Fri Oct 22 00:57:37 2021
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          v1.6.6
  GitCommit:        10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
 runc:
  Version:          1.1.2
  GitCommit:        v1.1.2-0-ga916309f
 docker-init:
  Version:          0.19.0
  GitCommit:

uname

5.4.0-67-generic #75-Ubuntu SMP Sat Jun 25 08:13:10 CST 2022 x86_64 x86_64 x86_64 GNU/Linux

kubectl (if using Kubernetes)

No response

repo state (if built from source)

No response

runsc debug logs (if available)

I0919 15:20:40.139188    9070 main.go:214] ***************************
I0919 15:20:40.139217    9070 main.go:215] Args: [runsc-sandbox --root=/var/run/docker/runtime-runc/moby --log=/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/log.json --log-format=json --debug-log=/tmp/HEAD/logs/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --log-fd=3 --debug-log-fd=4 boot --bundle=/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4 --setup-root --cpu-num 8 --total-memory 33494695936 --io-fds=5 --io-fds=6 --io-fds=7 --io-fds=8 --mounts-fd=9 --start-sync-fd=10 --controller-fd=11 --spec-fd=12 --stdio-fds=13 --stdio-fds=14 --stdio-fds=15 4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4]
I0919 15:20:40.139230    9070 main.go:216] Version 25a21fa6eaa5-dirty
I0919 15:20:40.139235    9070 main.go:217] GOOS: linux
I0919 15:20:40.139240    9070 main.go:218] GOARCH: amd64
I0919 15:20:40.139245    9070 main.go:219] PID: 9070
I0919 15:20:40.139250    9070 main.go:220] UID: 65534, GID: 65534
I0919 15:20:40.139255    9070 main.go:221] Configuration:
I0919 15:20:40.139260    9070 main.go:222]              RootDir: /var/run/docker/runtime-runc/moby
I0919 15:20:40.139265    9070 main.go:223]              Platform: ptrace
I0919 15:20:40.139270    9070 main.go:224]              FileAccess: exclusive, overlay: false
I0919 15:20:40.139276    9070 main.go:225]              Network: sandbox, logging: false
I0919 15:20:40.139281    9070 main.go:226]              Strace: false, max size: 1024, syscalls: 
I0919 15:20:40.139286    9070 main.go:227]              LISAFS: false
I0919 15:20:40.139291    9070 main.go:228]              Debug: false
I0919 15:20:40.139296    9070 main.go:229]              Systemd: false
I0919 15:20:40.139301    9070 main.go:230] ***************************
I0919 15:20:40.139336    9070 boot.go:185] Setting product_name: "10SMS07T00"
I0919 15:20:40.139344    9070 chroot.go:86] Setting up sandbox chroot in "/tmp"
I0919 15:20:40.139408    9070 chroot.go:31] Mounting "/proc" at "/tmp/proc"
I0919 15:20:40.139645    9070 cmd.go:95] Execve "/proc/self/exe" again, bye!
I0919 15:20:40.149289    9070 main.go:214] ***************************
I0919 15:20:40.149308    9070 main.go:215] Args: [runsc-sandbox --root=/var/run/docker/runtime-runc/moby --log=/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/log.json --log-format=json --debug-log=/tmp/HEAD/logs/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --log-fd=3 --debug-log-fd=4 boot --product-name 10SMS07T00 --bundle=/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4 --cpu-num 8 --total-memory 33494695936 --io-fds=5 --io-fds=6 --io-fds=7 --io-fds=8 --mounts-fd=9 --start-sync-fd=10 --controller-fd=11 --spec-fd=12 --stdio-fds=13 --stdio-fds=14 --stdio-fds=15 4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4]
I0919 15:20:40.149323    9070 main.go:216] Version 25a21fa6eaa5-dirty
I0919 15:20:40.149329    9070 main.go:217] GOOS: linux
I0919 15:20:40.149335    9070 main.go:218] GOARCH: amd64
I0919 15:20:40.149340    9070 main.go:219] PID: 9070
I0919 15:20:40.149346    9070 main.go:220] UID: 65534, GID: 65534
I0919 15:20:40.149351    9070 main.go:221] Configuration:
I0919 15:20:40.149357    9070 main.go:222]              RootDir: /var/run/docker/runtime-runc/moby
I0919 15:20:40.149363    9070 main.go:223]              Platform: ptrace
I0919 15:20:40.149368    9070 main.go:224]              FileAccess: exclusive, overlay: false
I0919 15:20:40.149375    9070 main.go:225]              Network: sandbox, logging: false
I0919 15:20:40.149382    9070 main.go:226]              Strace: false, max size: 1024, syscalls: 
I0919 15:20:40.149387    9070 main.go:227]              LISAFS: false
I0919 15:20:40.149393    9070 main.go:228]              Debug: false
I0919 15:20:40.149398    9070 main.go:229]              Systemd: false
I0919 15:20:40.149404    9070 main.go:230] ***************************
W0919 15:20:40.150036    9070 specutils.go:113] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
I0919 15:20:40.159199    9070 loader.go:538] Platform: ptrace
I0919 15:20:40.160002    9070 subprocess_linux.go:49] Latest seccomp behavior found (kernel >= 4.8 likely)
I0919 15:20:40.162407    9070 loader.go:346] CPUs: 8
I0919 15:20:40.162428    9070 loader.go:354] Setting total memory to 31.19 GB
I0919 15:20:40.162577    9070 loader.go:383] Packet logging disabled
I0919 15:20:40.162589    9070 watchdog.go:182] Watchdog waiting 30s for startup
I0919 15:20:40.305402    9070 network.go:181] Enabling loopback interface "lo" with id 1 on addresses [127.0.0.1/8]
I0919 15:20:40.305486    9070 network.go:215] gso max size is: 65536
I0919 15:20:40.305516    9070 network.go:239] Enabling FIFO QDisc on "eth0"
I0919 15:20:40.305596    9070 network.go:243] Enabling interface "eth0" with id 2 on addresses [172.17.0.2/16] (02:42:ac:11:00:02) w/ 1 channels
I0919 15:20:40.305681    9070 network.go:291] Setting routes [127.0.0.0/8 nic 1 172.17.0.0/16 nic 2 0.0.0.0/0 via 172.17.0.1 nic 2]
I0919 15:20:40.305871    9070 seccomp.go:60] Installing seccomp filters for 67 syscalls (action=kill process)
I0919 15:20:40.306428    9070 seccomp.go:88] Seccomp filters installed.
I0919 15:20:40.306514    9070 vfs.go:366] Configuring container's file system with VFS2
I0919 15:20:40.306527    9070 vfs.go:418] Mounting root over 9P, ioFD: 5
W0919 15:20:40.307612    9070 vfs.go:784] ignoring unknown mount option "nosuid"
W0919 15:20:40.307639    9070 vfs.go:784] ignoring unknown mount option "strictatime"
W0919 15:20:40.307652    9070 vfs.go:784] ignoring unknown mount option "mode=755"
W0919 15:20:40.307659    9070 vfs.go:784] ignoring unknown mount option "size=65536k"
I0919 15:20:40.307767    9070 vfs.go:676] Mounted "/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/tmpfs" to "/dev" type: devtmpfs, internal-options: ""
W0919 15:20:40.307796    9070 vfs.go:784] ignoring unknown mount option "nosuid"
W0919 15:20:40.307807    9070 vfs.go:784] ignoring unknown mount option "nodev"
I0919 15:20:40.307943    9070 vfs.go:676] Mounted "/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/sysfs" to "/sys" type: sysfs, internal-options: ""
W0919 15:20:40.307964    9070 vfs.go:784] ignoring unknown mount option "nosuid"
W0919 15:20:40.307971    9070 vfs.go:784] ignoring unknown mount option "nodev"
I0919 15:20:40.308479    9070 vfs.go:676] Mounted "/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/proc" to "/proc" type: proc, internal-options: ""
W0919 15:20:40.308506    9070 vfs.go:784] ignoring unknown mount option "nosuid"
W0919 15:20:40.308513    9070 vfs.go:784] ignoring unknown mount option "newinstance"
W0919 15:20:40.308519    9070 vfs.go:784] ignoring unknown mount option "ptmxmode=0666"
W0919 15:20:40.308525    9070 vfs.go:784] ignoring unknown mount option "mode=0620"
W0919 15:20:40.308532    9070 vfs.go:784] ignoring unknown mount option "gid=5"
I0919 15:20:40.308553    9070 vfs.go:676] Mounted "/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/devpts" to "/dev/pts" type: devpts, internal-options: ""
W0919 15:20:40.308567    9070 vfs.go:784] ignoring unknown mount option "nosuid"
W0919 15:20:40.308574    9070 vfs.go:784] ignoring unknown mount option "nodev"
W0919 15:20:40.308579    9070 vfs.go:784] ignoring unknown mount option "mode=1777"
W0919 15:20:40.308584    9070 vfs.go:784] ignoring unknown mount option "size=67108864"
I0919 15:20:40.308598    9070 vfs.go:676] Mounted "/run/containerd/io.containerd.runtime.v2.task/moby/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/shm" to "/dev/shm" type: tmpfs, internal-options: "mode=1777,size=67108864"
W0919 15:20:40.308611    9070 vfs.go:784] ignoring unknown mount option "rprivate"
I0919 15:20:40.309328    9070 vfs.go:676] Mounted "/data/var/lib/docker/containers/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/hosts" to "/etc/hosts" type: bind, internal-options: "trans=fd,rfdno=8,wfdno=8,cache=remote_revalidating"
W0919 15:20:40.309372    9070 vfs.go:739] ignoring unknown filesystem type "mqueue"
W0919 15:20:40.309389    9070 vfs.go:784] ignoring unknown mount option "rprivate"
I0919 15:20:40.310033    9070 vfs.go:676] Mounted "/data/var/lib/docker/containers/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/hostname" to "/etc/hostname" type: bind, internal-options: "trans=fd,rfdno=7,wfdno=7,cache=remote_revalidating"
W0919 15:20:40.310059    9070 vfs.go:784] ignoring unknown mount option "rprivate"
I0919 15:20:40.321194    9070 vfs.go:676] Mounted "/data/var/lib/docker/containers/4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4/resolv.conf" to "/etc/resolv.conf" type: bind, internal-options: "trans=fd,rfdno=6,wfdno=6,cache=remote_revalidating"
I0919 15:20:40.321690    9070 vfs.go:885] Skipping internal tmpfs mount for "/tmp" because it's not empty
I0919 15:20:40.322556    9070 kernel.go:939] EXEC: [hostname]
W0919 15:20:40.323374    9070 loader.go:878] Seccomp spec is being ignored
I0919 15:20:40.324198    9070 loader.go:685] Process should have started...
I0919 15:20:40.324235    9070 watchdog.go:205] Starting watchdog, period: 45s, timeout: 3m0s, action: logWarning
I0919 15:20:40.334601    9070 loader.go:917] Gofer socket disconnected, killing container "4848960403d05a26d037db293febb241e558d6a9e998f894906140b5e0bea6d4"
I0919 15:20:40.335558    9070 boot.go:332] application exiting with exit status 0
I0919 15:20:40.335656    9070 watchdog.go:221] Stopping watchdog
I0919 15:20:40.335684    9070 watchdog.go:225] Watchdog stopped
I0919 15:20:40.335813    9070 main.go:246] Exiting with status: 0

Guida contributor

Direzione di ricerca
Esamina come runsc di gvisor crea lo spazio dei nomi UTS in loader.go. Modificalo per ereditare lo spazio dei nomi UTS dell'host quando l'Hostname della spec è vuoto (indicando uts=host). Verifica anche che /etc/hostname non venga sovrascritto.
Tech stack
go
Dominio
infrastructure
Tipo issue
Bug
DifficoltàQuanto dovrebbe essere impegnativa per un nuovo contributor.
2
Tempo stimatoTempo stimato per completare e verificare uno scope piccolo.
1-3 ore
Stato attivitàQuanto è probabile che la issue sia ancora attiva e reviewable.
Datata
ChiarezzaQuanto chiaramente la issue descrive problema, scope e risultato atteso.
Chiara
Prerequisiti
LinuxDockerGo
Adatta ai principiantiQuanto la issue è adatta a contributor alla prima esperienza.
65