-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
permanent changes in ownership of /dev/null #3674
Comments
Please post a repro here:
|
Hi!
Regards, |
Well, this is not good enough for me to reproduce this locally. |
We use kernel 5.14.21-150400.24.11-default and the follwing packages:
We use Portainer's "Community Edition 2.16.1". Docker configuration from /etc/docker/daemon.json:
Since the symptom is not bound to a specific stack it shouldn't be necessary to publish any stacks here. |
Not sure whether it helps, but I managed to reproduce this issue (or at least a very similar one) using Terminal 1:
Terminal 2:
After downgrading to runc-1.0.3-16.18.1 the issue disappears (similarly to the original report above). Note: The owner is changed in the host system, but not inside the container (not sure whether that is relevant). Since this happens during docker exec, couldn't the cause be in #3355 , specifically the removal of: I am only assuming that |
Thanks a lot for looking into this! Since we use SLES15SP4 we can only go back to runc-1.0.3-27.1, which would leave us with more "outdated" packages we're supposed to keep up to date. We just never had a clue, what could possibly cause this and it didn't come up in a direct context of a specific action inside a container. Anyway, I can exactly reproduce this on SLES15SP4 with runc-1.1.4-150000.36.1 and the alpine image 3.17.1 as described above. If I open an SR with SUSE to point them to this I assume they will respond pointing back until this is changed back in runc to build a new package release. Thanks again to anyone contributing! |
Well, I am looking into this because somebody opened an SR with SUSE ;) |
I hope I am in the right place here.
Since the update from SLES 15/SP3 to SP4, ownership rights of containers to the /dev/null device are passed to the node.
On newly deployed SP4 systems we could also generate this behavior.
For example, the container user with ID=100 passes its permissions to /dev/null of the host. Then the permissions are given back to root or taken away and on and on.
This problem probably occurred with changes in RunC package 1.0.3- to 1.1.3. There was no improvement with version 1.1.4.
The servers have the latest patches installed.
Changing node ownership on /dev/null does not affect the container /dev/null device. Also, the other way around, ownership is not transferred from inside the container to the node.
There are no bidirectional effects.
Any ideas?
The text was updated successfully, but these errors were encountered: