Skip to content
This repository has been archived by the owner on May 6, 2020. It is now read-only.

runtime leaves mounts around after container shutdown #924

Closed
jodh-intel opened this issue Jan 15, 2018 · 5 comments · Fixed by #929
Closed

runtime leaves mounts around after container shutdown #924

jodh-intel opened this issue Jan 15, 2018 · 5 comments · Fixed by #929
Assignees
@jodh-intel
Labels
P2

Comments

@jodh-intel
Copy link
Contributor

As noted by @grahamwhaley:

$ sudo docker run -ti busybox true
$ mount|grep /run/hyper/shared/pods
/dev/mapper/zesty--vg-root on /run/hyper/shared/pods/a31e028e712b0710cf0373e418729b5fd8df782ab3463d47faab8e582ad89064/a31e028e712b0710cf0373e418729b5fd8df782ab3463d47faab8e582ad89064-44262945da62c2d6-hostname type ext4 (rw,relatime,errors=remount-ro,data=ordered)
/dev/mapper/zesty--vg-root on /run/hyper/shared/pods/a31e028e712b0710cf0373e418729b5fd8df782ab3463d47faab8e582ad89064/a31e028e712b0710cf0373e418729b5fd8df782ab3463d47faab8e582ad89064-25d8a0dc5936aa0a-hosts type ext4 (rw,relatime,errors=remount-ro,data=ordered)

The commit that introduced this issue is the virtcontainers re-vendor commit cec1b6f.

$ git log --format="%B" -1 cec1b6f4d8b9bc71887bc687ed39dc2502ccf9e8|grep mount
4c2c9a4 mounts: Fix bug while checking if /dev was bind-mounted
b3da3de mount: Fix tests for bindMountContainerRootfs function
c4a4be4 mount: Gather the entire bind mount API

c4a4be4 looks like a likely suspect but need to dig into that...
@jodh-intel jodh-intel added the P2 label Jan 15, 2018
@jodh-intel
Copy link
Contributor Author

The stray mounts in question are /etc bind mounts. An example from config.json (but not the same one as for the container above:

    { 
      "destination": "/etc/resolv.conf",
      "options": [
        "rbind",
        "rprivate"
      ],
      "source": "/var/lib/docker/containers/75e7b69fa65458418ed7dc008c62b22433a122b076e12b234d2609597fc5b844/resolv.conf",
      "type": "bind"
    },
    {
      "destination": "/etc/hostname",
      "options": [
        "rbind",
        "rprivate"
      ],
      "source": "/var/lib/docker/containers/75e7b69fa65458418ed7dc008c62b22433a122b076e12b234d2609597fc5b844/hostname",
      "type": "bind"
    },
    {
      "destination": "/etc/hosts",
      "options": [
        "rbind",
        "rprivate"
      ],
      "source": "/var/lib/docker/containers/75e7b69fa65458418ed7dc008c62b22433a122b076e12b234d2609597fc5b844/hosts",
      "type": "bind"
    },

What's odd is that there isn't also a bind mount left for /etc/resolv.conf (unless the string host is the key ;)

@grahamwhaley
Copy link
Contributor

Thanks for opening this @jodh-intel
For reference, I do sometimes also see a resolv.conf mount left as well - not as often as the other two, but I have seen it (which smells like a race to me then maybe....)

@jodh-intel jodh-intel self-assigned this Jan 16, 2018
@jodh-intel jodh-intel mentioned this issue Jan 16, 2018
Closed
@grahamwhaley grahamwhaley mentioned this issue Jan 16, 2018
Open
@jodh-intel
Copy link
Contributor Author

This is fixed in virtcontainers by containers/virtcontainers#567.

Once that lands, we need to revendor virtcontainers into the runtime of course.

@jodh-intel
Copy link
Contributor Author

Worth noting that running cc-collect-data.sh actually did log the problem:

time="2018-01-16T10:06:10Z" level=warning msg="Could not umount" error="<nil>" host-path=/run/hyper/shared/pods/abfea09350acb235cc0ac1e55404194aeb092ad75b0b295107270bd58795a205/abfea09350acb235cc0ac1e55404194aeb092ad75b0b295107270bd58795a205-7521959b6352a12a-resolv.conf source=virtcontainers subsystem=mount

The clue being that error=<nil>.

@jodh-intel
Copy link
Contributor Author

Blocked on containers/virtcontainers#567.

jodh-intel added a commit to jodh-intel/runtime that referenced this issue Jan 16, 2018
@jodh-intel
vendor: Re-vendor virtcontainers
9799c43 
Update virtcontainer specifically for commit fb1eecd which fixes the
issue of lingering bind-mounts after a container has been killed.

shortlog of virtcontainer changes:

    fb1eecd mount: Fix unmount of dangling bind-mounts
    d7462c7 pkg/oci: Clarify resource calculation comment
    027aab8 qemu: adjust QMP naming to avoid non-unique truncation
    0c4064e capabilities: Pass capabilities to hyperstart.
    e20ba9d oci: Add support for capabilities
    6776dd9 shim: Correct kata debug flag
    b307c08 qemu: refactor/simplify addDevice function
    747d364 vhost-user: rewrite to use interfaces/embedded types
    cc67fb0 vhost-user: enabling for vhost-user network devices
    f5587cf device: make a more generic function for hypervisor args
    d6f0600 gitignore: Add new shim binary to gitignore list
    bf8359f gitignore: Add new shim binary to gitignore list
    c30fd9a ci: Install missing dep tool
    d1bb792 kata_agent: Signal the kata shim
    08c96c2 shim: Generalize stopShim

Fixes clearcontainers#924.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
@jodh-intel jodh-intel mentioned this issue Jan 16, 2018
Merged
jodh-intel added a commit to jodh-intel/runtime that referenced this issue Jan 16, 2018
@jodh-intel
vendor: Re-vendor virtcontainers
8760806 
Update virtcontainers specifically for commit fb1eecd which fixes the
issue of lingering bind-mounts after a container has been killed.

shortlog of virtcontainers changes:

    fb1eecd mount: Fix unmount of dangling bind-mounts
    d7462c7 pkg/oci: Clarify resource calculation comment
    027aab8 qemu: adjust QMP naming to avoid non-unique truncation
    0c4064e capabilities: Pass capabilities to hyperstart.
    e20ba9d oci: Add support for capabilities
    6776dd9 shim: Correct kata debug flag
    b307c08 qemu: refactor/simplify addDevice function
    747d364 vhost-user: rewrite to use interfaces/embedded types
    cc67fb0 vhost-user: enabling for vhost-user network devices
    f5587cf device: make a more generic function for hypervisor args
    d6f0600 gitignore: Add new shim binary to gitignore list
    bf8359f gitignore: Add new shim binary to gitignore list
    c30fd9a ci: Install missing dep tool
    d1bb792 kata_agent: Signal the kata shim
    08c96c2 shim: Generalize stopShim

Fixes clearcontainers#924.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
@jcvenegas jcvenegas mentioned this issue Jan 18, 2018
Merged
mcastelino pushed a commit to mcastelino/runtime that referenced this issue Dec 6, 2018
@flyflypeng
virtcontainers: fix sandbox store struct VFIODevice bug
cba7a88 
Since struct VFIODevice needed to be stored into disk by storeSandboxDevices() function,
however struct VFIODevice has a field named "vfioDevs", which is named begin with lower-case,
so it can't be written into file by json.Marshal.And this bug will will cause hotplug vfio
device can not been removed correctly while container exits.

Fixes: clearcontainers#924

Signed-off-by: flyflypeng <jiangpengfei9@huawei.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jodh-intel jodh-intel

Labels
P2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

vendor: Re-vendor virtcontainers jodh-intel/runtime
2 participants
@grahamwhaley @jodh-intel