[Bug 1222499] New: runc v1.2.0~rc1 breaks distrobox (and maybe more)
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1222499 Bug ID: 1222499 Summary: runc v1.2.0~rc1 breaks distrobox (and maybe more) Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Containers Assignee: containers-bugowner@suse.de Reporter: fcrozat@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Since runc was updated to v1.2.0~rc1 last week in TW, distrobox (and therefore podman), when forcing runc engine, is no longer able to start container rootless. Error is : Error: unable to start container "988cc7b326ef04596a3d14ccc41bbdb43c74a6420b5e476b5da00b4e381f0d6f": runc: runc create failed: unable to start container process: error during container init: error mounting "/" to rootfs at "/run/host": mount dst=/run/host, dstFd=/proc/thread-self/fd/8, flags=0x5020: operation not permitted: OCI permission denied" ~/.config/containers/containers.conf [containers] [engine] runtime="runc" -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1222499
Dan Čermák
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1222499
Eugenio Paolantonio
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1222499
https://bugzilla.suse.com/show_bug.cgi?id=1222499#c2
Aleksa Sarai
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1222499
https://bugzilla.suse.com/show_bug.cgi?id=1222499#c3
Frederic Crozat
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1222499
https://bugzilla.suse.com/show_bug.cgi?id=1222499#c4
--- Comment #4 from Luca Di Maio
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1222499
https://bugzilla.suse.com/show_bug.cgi?id=1222499#c5
--- Comment #5 from Luca Di Maio
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1222499
https://bugzilla.suse.com/show_bug.cgi?id=1222499#c6
--- Comment #6 from Luca Di Maio
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1222499
https://bugzilla.suse.com/show_bug.cgi?id=1222499#c7
--- Comment #7 from Luca Di Maio
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1222499
https://bugzilla.suse.com/show_bug.cgi?id=1222499#c8
--- Comment #8 from Eduardo Minguez
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1222499
https://bugzilla.suse.com/show_bug.cgi?id=1222499#c9
--- Comment #9 from Aleksa Sarai
After a further investigation, it seems it really is related to that breaking change
mounting as ":rslave" something that is :ro, will output that error
runc treats propagation flags and mount options separately, this is odd. I'll see if I can come up with a test using runc directly (I don't know what podman is doing to the mount options before giving them to runc).
---
Changing the code for mounting the rootfs into this:
for rootdir in /*; do if findmnt --notruncate --noheadings --list --output OPTIONS --target "${rootdir}" | tr ',' '\n' | grep -q "^ro$"; then
result_command="${result_command} --volume ${rootdir}:/run/host/${rootdir}:ro,rslave" else result_command="${result_command} --volume ${rootdir}:/run/host/${rootdir}:rslave" fi done
rro,rslave might be a less painful way of doing this. runc 1.1.0 and later support this though it requires Linux 5.12. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com