Bug 1217945

Summary: Docker shutdown breakout
Product: Red Hat Enterprise Linux 7 Reporter: Anatoly Litovsky <tlitovsk>
Component: dockerAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact: Luwen Su <lsu>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 7.1CC: bazulay, dwalsh, fdeutsch, lsm5, tlitovsk
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-28 14:39:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Anatoly Litovsky 2015-05-03 08:00:14 UTC 
Description of problem:

stopping privileged and SPC container running systemd services result in host os shutdown.

How reproducible: 50% 


Steps to Reproduce:

Create a systemd based container
Run the container issue stop command for the container.

Actual results:
After some time the host will shutdown too.

Expected results:
Only container shutdown


Additional info:
it occurs more frequent in case the container is service launched by systemd on the host boot.
Comment 2 Daniel Walsh 2015-05-04 06:34:42 UTC 
Well if the service asks systemd to shutdown then this can happen.  What did the SPC service do? Is there a way to make it a little less sharing of the host.

Did you volume mount in /run?
Comment 5 Daniel Walsh 2015-05-18 12:32:45 UTC 
How are you running this container?  What does the run or create line look like.  The docker file you handed me just shows install and uninstall.
Comment 6 Anatoly Litovsky 2015-05-21 07:20:13 UTC 
Please look at this repository 
git clone git://gerrit.ovirt.org/ovirt-container-node
You will see the create command and we start the container using systemd
Comment 7 Daniel Walsh 2015-06-02 18:16:09 UTC 
Could this be a process within the container sending a signal to /dev/initctl which is shared within the container and the host a message telling it to shutdown?
Comment 8 Anatoly Litovsky 2015-06-08 09:23:20 UTC 
I assume systemd is doing this .
But its systemd-container so I dont know how much it is container / host aware
Comment 9 Daniel Walsh 2015-07-15 20:53:27 UTC 
Is /run shared between the container and the host?
Comment 10 Anatoly Litovsky 2015-07-27 07:33:37 UTC 
/run/udev is shared.
just in case here is my shared list 

-v /sys/fs/cgroup:/sys/fs/cgroup:rw \
-v /dev:/dev:rw \
-v /lib/modules:/lib/modules:ro \
-v /run/udev:/run/udev:rw \
Comment 11 Daniel Walsh 2015-07-27 15:01:13 UTC 
I believe the problem is the shared /dev, and someone is communicating with /dev/initctl which is causing your machine to shutdown.

You could prove this out by volume mounting something over /dev/initctl.
Comment 12 Daniel Walsh 2015-08-21 03:34:07 UTC 
Anatoly any comment?
Comment 13 Anatoly Litovsky 2015-09-03 14:53:57 UTC 
I did and then systemd broke down.
It didnt even go up properly.
I guess mounting empty file over is not good idea.
Comment 14 Daniel Walsh 2015-09-04 11:21:54 UTC 
You could mount /dev/null over /dev/initctl and it should solve your problem.
Comment 15 Daniel Walsh 2015-09-28 18:31:44 UTC 
Anatoly?