- Notifications
You must be signed in to change notification settings - Fork2.9k
Closed
Assignees
Description
Is this a BUG REPORT or FEATURE REQUEST?:
Uncomment only one, leave it on its own line:
/kind bug
/kind feature
Description
When podman stops a systemd container with bind mounts, it leaves behind a lot of cgroup debris.
This prevents the container from starting thethird time.
Steps to reproduce the issue:
Workaround: currently to get working bind mounts I have to set
mount --make-private /tmp. Otherwise oci-systemd-hook cannot move the mount to the overlay. This on Fedora 28.Cannot move mount from /tmp/ocitmp.XXXX to .../merged/run projectatomic/oci-systemd-hook#92Create a systemd-based fedora:28 container
podman create --name bobby_silver -v /srv/docker/volumes/podman/home:/home:z --env container=podman --entrypoint=/sbin/init --stop-signal=RTMIN+3 fedora:28- Start container 3 times
podman start bobby_silverpodman stop bobby_silverpodman start bobby_silverpodman stop bobby_silverpodman start bobby_silverpodman stop bobby_silverDescribe the results you received:
After first start/stop cycle there is cgroup debris:
cgroup on /sys/fs/cgroup/systemd/libpod_parent/libpod-conmon-cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0/cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0 type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,xattr,name=systemd)cgroup on /sys/fs/cgroup/systemd/libpod_parent/libpod-conmon-cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0/cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0 type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,xattr,name=systemd)cgroup on /sys/fs/cgroup/systemd/libpod_parent/libpod-conmon-cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0/cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0/libpod_parent/libpod-conmon-cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0/cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0 type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,xattr,name=systemd)## third time unluckyunable to start container "bobby_silver": container create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting \\\"cgroup\\\" to rootfs \\\"/var/lib/containers/storage/overlay/52f7959a1a8a171b2c8aee587ea81c964e84130681444f0ff03b3202804a91cb/merged\\\" at \\\"/sys/fs/cgroup\\\" caused \\\"stat /sys/fs/cgroup/systemd/libpod_parent/libpod-conmon-cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0/cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0/libpod_parent/libpod-conmon-cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0/cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0/libpod_parent/libpod-conmon-cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0/cd8be22a52efaed7e2790d2eb3421c00542c3eb9763bfe715c3ad23647c419e0: no such file or directory\\\"\""journal
May 06 10:37:05 podman.localdomain kernel: IPv6: ADDRCONF(NETDEV_UP): eth0: link is not readyMay 06 10:37:05 podman.localdomain audit: ANOM_PROMISCUOUS dev=vethd814e8bb prom=256 old_prom=0 auid=1050 uid=0 gid=0 ses=3May 06 10:37:05 podman.localdomain kernel: IPv6: ADDRCONF(NETDEV_UP): vethd814e8bb: link is not readyMay 06 10:37:05 podman.localdomain kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethd814e8bb: link becomes readyMay 06 10:37:05 podman.localdomain kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes readyMay 06 10:37:05 podman.localdomain kernel: cni0: port 2(vethd814e8bb) entered blocking stateMay 06 10:37:05 podman.localdomain kernel: cni0: port 2(vethd814e8bb) entered disabled stateMay 06 10:37:05 podman.localdomain kernel: device vethd814e8bb entered promiscuous modeMay 06 10:37:05 podman.localdomain kernel: cni0: port 2(vethd814e8bb) entered blocking stateMay 06 10:37:05 podman.localdomain kernel: cni0: port 2(vethd814e8bb) entered forwarding stateMay 06 10:37:05 podman.localdomain NetworkManager[1159]: <info> [1525574225.9736] device (vethd814e8bb): carrier: link connectedMay 06 10:37:05 podman.localdomain NetworkManager[1159]: <info> [1525574225.9747] manager: (vethd814e8bb): new Veth device (/org/freedesktop/NetworkManager/Devices/12)May 06 10:37:05 podman.localdomain systemd-udevd[18311]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.May 06 10:37:05 podman.localdomain systemd-udevd[18311]: Could not generate persistent MAC address for vethd814e8bb: No such file or directoryMay 06 10:37:05 podman.localdomain audit: NETFILTER_CFG table=nat family=2 entries=89May 06 10:37:05 podman.localdomain audit: NETFILTER_CFG table=nat family=2 entries=91May 06 10:37:05 podman.localdomain audit: NETFILTER_CFG table=nat family=2 entries=92May 06 10:37:05 podman.localdomain audit: NETFILTER_CFG table=nat family=2 entries=93May 06 10:37:05 podman.localdomain audit: NETFILTER_CFG table=filter family=2 entries=155May 06 10:37:06 podman.localdomain conmon[18363]: conmon cd8be22a52efaed7e279 <ninfo>: about to waitpid: 18364May 06 10:37:06 podman.localdomain kernel: SELinux: mount invalid. Same superblock, different security settings for (dev mqueue, type mqueue)May 06 10:37:06 podman.localdomain oci-systemd-hook[18389]: systemdhook <error>: cd8be22a52ef: pid not found in state: SuccessMay 06 10:37:06 podman.localdomain conmon[18363]: conmon cd8be22a52efaed7e279 <error>: Failed to create container: exit status 1May 06 10:37:06 podman.localdomain audit: NETFILTER_CFG table=filter family=2 entries=156May 06 10:37:06 podman.localdomain audit: NETFILTER_CFG table=nat family=2 entries=94May 06 10:37:06 podman.localdomain audit: NETFILTER_CFG table=nat family=2 entries=96May 06 10:37:06 podman.localdomain audit: NETFILTER_CFG table=nat family=2 entries=94May 06 10:37:06 podman.localdomain audit: NETFILTER_CFG table=nat family=2 entries=96May 06 10:37:06 podman.localdomain audit: NETFILTER_CFG table=nat family=10 entries=78May 06 10:37:06 podman.localdomain audit: NETFILTER_CFG table=nat family=10 entries=80May 06 10:37:06 podman.localdomain kernel: cni0: port 2(vethd814e8bb) entered disabled stateMay 06 10:37:06 podman.localdomain audit: ANOM_PROMISCUOUS dev=vethd814e8bb prom=0 old_prom=256 auid=1050 uid=0 gid=0 ses=3May 06 10:37:06 podman.localdomain kernel: device vethd814e8bb left promiscuous modeMay 06 10:37:06 podman.localdomain kernel: cni0: port 2(vethd814e8bb) entered disabled stateMay 06 10:37:06 podman.localdomain NetworkManager[1159]: <info> [1525574226.1560] device (vethd814e8bb): released from master device cni0May 06 10:37:06 podman.localdomain gnome-shell[3393]: Removing a network device that was not addedMay 06 10:37:06 podman.localdomain gnome-shell[2067]: Removing a network device that was not addedMay 06 10:37:06 podman.localdomain audit: NETFILTER_CFG table=nat family=2 entries=94May 06 10:37:06 podman.localdomain audit: NETFILTER_CFG table=nat family=2 entries=93May 06 10:37:06 podman.localdomain audit: NETFILTER_CFG table=nat family=2 entries=91Describe the results you expected:
start/stop without any issue
Additional information you deem important (e.g. issue happens only occasionally):
Output ofpodman version:
# podman versionVersion: 0.5.2-devGo Version: go1.10.1OS/Arch: linux/amd64Output ofpodman info:
``
host:
MemFree: 17688948736
MemTotal: 33667493888
SwapFree: 0
SwapTotal: 0
arch: amd64
cpus: 8
hostname: podman.localdomain
kernel: 4.16.5-300.fc28.x86_64
os: linux
uptime: 10h 3m 7.91s (Approximately 0.42 days)
insecure registries:
registries: []
registries:
registries:
- docker.io
- registry.fedoraproject.org
- quay.io
- registry.access.redhat.com
store:
ContainerStore:
number: 4
GraphDriverName: overlay
GraphOptions: - overlay.override_kernel_check=true
GraphRoot: /var/lib/containers/storage
GraphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
ImageStore:
number: 2
RunRoot: /var/run/containers/storage
**Additional environment details (AWS, VirtualBox, physical, etc.):*** physical* Fedora 28