| *** devimc_ is now known as devimc | 17:23 | |
| kata-irc-bot | <feng.wang> It seems the host device nodes are not passed correctly to the privileged container. ``` spec: runtimeClassName: kata-runtime | 18:51 |
|---|---|---|
| kata-irc-bot | containers: - name: ubuntu | 18:51 |
| kata-irc-bot | image: ubuntu securityContext: | 18:51 |
| kata-irc-bot | privileged: true ports: - containerPort: 80 ``` in the | 18:51 |
| kata-irc-bot | container: ```root@nginx-deployment-58447f87-2lhwz:/# ls -al /dev total 0 drwxr-xr-x 5 root root 340 Sep 24 18:45 . drwxr-xr-x 1 root root 28 Sep 24 18:45 .. lrwxrwxrwx 1 root root 13 Sep 24 18:45 fd -> /proc/self/fd crw-rw-rw- 1 root root 1, 7 Sep 24 18:45 full drwxrwxrwt 2 root root 40 Sep 24 18:45 mqueue crw-rw-rw- 1 root root 1, 3 Sep 24 18:45 null lrwxrwxrwx 1 root root 8 Sep 24 18:45 ptmx -> pts/ptmx drwxr-xr-x 2 root root 0 | 18:51 |
| kata-irc-bot | Sep 24 18:45 pts crw-rw-rw- 1 root root 1, 8 Sep 24 18:45 random drwxrwxrwt 2 root root 40 Sep 24 18:45 shm lrwxrwxrwx 1 root root 15 Sep 24 18:45 stderr -> /proc/self/fd/2 lrwxrwxrwx 1 root root 15 Sep 24 18:45 stdin -> /proc/self/fd/0 lrwxrwxrwx 1 root root 15 Sep 24 18:45 stdout -> /proc/self/fd/1 -rw-rw-rw- 1 root root 0 Sep 24 18:45 termination-log crw-rw-rw- 1 root root 5, 0 Sep 24 18:45 tty crw-rw-rw- 1 root root 1, 9 Sep 24 | 18:51 |
| kata-irc-bot | 18:45 urandom crw-rw-rw- 1 root root 1, 5 Sep 24 18:45 zero``` in the vm (through debug console): ```root@nginx-deployment-58447f87-2lhwz:/# ls /dev/ autofs kmsg ptp0 random tty2 tty36 tty52 ttyS2 console loop-control pts shm tty20 tty37 tty53 ttyS3 cpu loop0 ram0 stderr tty21 tty38 tty54 urandom cpu_dma_latency loop1 ram1 stdin tty22 tty39 tty55 vcs fd | 18:51 |
| kata-irc-bot | loop2 ram10 stdout tty23 tty4 tty56 vcs1 full loop3 ram11 tty tty24 tty40 tty57 vcsa fuse loop4 ram12 tty0 tty25 tty41 tty58 vcsa1 hugepages loop5 ram13 tty1 tty26 tty42 tty59 vcsu hvc0 loop6 ram14 tty10 tty27 tty43 tty6 vcsu1 hvc1 loop7 ram15 tty11 tty28 tty44 tty60 vga_arbiter hvc2 | 18:51 |
| kata-irc-bot | mapper ram2 tty12 tty29 tty45 tty61 vport0p0 hvc3 mqueue ram3 tty13 tty3 tty46 tty62 vsock hvc4 ndctl0 ram4 tty14 tty30 tty47 tty63 zero hvc5 nmem0 ram5 tty15 tty31 tty48 tty7 hvc6 null ram6 tty16 tty32 tty49 tty8 hvc7 pmem0 ram7 tty17 tty33 tty5 tty9 hwrng pmem0p1 ram8 tty18 | 18:51 |
| kata-irc-bot | tty34 tty50 ttyS0 initctl ptmx ram9 tty19 tty35 tty51 ttyS1``` Many devices are missing in the container. I tried a privilege container without Kata and I can see all the device nodes present inside the container. Is this a bug? | 18:51 |
| kata-irc-bot | <feng.wang> @eric.ernst @fidencio @julio.montes Any idea? | 18:54 |
| kata-irc-bot | <eric.ernst> That’s a containerd configuration | 19:00 |
| kata-irc-bot | <eric.ernst> basically, it often doesn’t make sense to pass all host devices. | 19:00 |
| kata-irc-bot | <eric.ernst> if you want a specific device, ask for it specifically. | 19:00 |
| kata-irc-bot | <eric.ernst> if you’re on containerd, checkout the resulting config.json that “we” get. | 19:01 |
| kata-irc-bot | <eric.ernst> see /var/run/containerd/io.containerd.runtime.v2.task/default/<sandboxid/config.json <-- or something like that | 19:01 |
| kata-irc-bot | <feng.wang> What’s the containerd configuration name? | 19:01 |
| kata-irc-bot | <eric.ernst> that’s what is received by kata for running the container. | 19:02 |
| kata-irc-bot | <eric.ernst> (or sandbox, depending…) | 19:02 |
| kata-irc-bot | <feng.wang> Got it. Thanks. Eric. | 19:06 |
| kata-irc-bot | <fidencio> That's the config @shuo.chen | 19:10 |
| *** devimc_ is now known as devimc | 20:08 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!