Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

guest OCI hooks are not working with Kata #2763

Closed
bpradipt opened this issue Jun 10, 2020 · 5 comments
Closed

guest OCI hooks are not working with Kata #2763

bpradipt opened this issue Jun 10, 2020 · 5 comments
Labels
bug Incorrect behaviour needs-review Needs to be assessed by the team.

Comments

@bpradipt
Copy link
Contributor

Description of problem

OCI hooks are not working with Kata. Created a rootfs with hook scripts and enabled guest_hook_path = "/usr/share/oci/hooks" in the configuration.toml.
Running the container results in the following error:

Error response from daemon: OCI runtime create failed: rpc error: code = Unknown desc = open /run/kata-containers/shared/containers/7217217f69ef8af65581790aa06fe3b54499dd3b8f1a79e6116
94ec670a6182a/config.json: read-only file system: unknown.
time="2020-06-10T11:49:58Z" level=error msg="error waiting for container: context canceled"

The problem got introduced since the following commit a3dec26

Expected result

Container should start and hooks should run

Actual result

Container fails to start.
@bpradipt bpradipt added bug Incorrect behaviour needs-review Needs to be assessed by the team. labels Jun 10, 2020
@devimc
Copy link

devimc commented Jun 10, 2020

cc @bergwolf

@jodh-intel jodh-intel mentioned this issue Jun 11, 2020
Closed
@bpradipt
Copy link
Contributor Author

The following call is failing - https://github.com/kata-containers/agent/blob/master/grpc.go#L679
since the root path is read-only and it's trying to write the config.json in that path
Relevant code - https://github.com/kata-containers/agent/blob/master/oci.go#L29-L39

One option is to write the config.json to a rw path - eg /run/. However I'm not sure what's the other side-effect of the same.

@dgibson
Copy link
Contributor

dgibson commented Jun 22, 2020

To clarify, AFAICT this is specifically about hooks set with the guest_hook_path configuration option. Hooks set in the OCI config.json appear to work ok, and are executed on the host, rather than the sandbox VM.

@jodh-intel jodh-intel changed the title OCI hooks are not working with Kata guest OCI hooks are not working with Kata Jun 22, 2020
@jodh-intel
Copy link
Contributor

Updated title to make that point clearer.

@bpradipt bpradipt mentioned this issue Aug 24, 2020
Closed
@amshinde
Copy link
Member

I think the fix has been merged.
@bpradipt Please feel free open if work still needs to be done in this area.

egernst pushed a commit to egernst/runtime that referenced this issue Feb 9, 2021
@bpradipt
oci: Fix running of OCI hooks
02d2f97 
OCI hooks fails to run since the code was writing the config.json
to the read-only path. This patch fixes it

Fixes: kata-containers#2763

Signed-off-by: Pradipta Kr. Banerjee <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Incorrect behaviour needs-review Needs to be assessed by the team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dgibson @amshinde @bpradipt @devimc @jodh-intel