Bug 1471803
Summary: | oci-kvm-hook Doesn't work on RHEL7 docker | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Daniel Walsh <dwalsh> | |
Component: | docker | Assignee: | Frantisek Kluknavsky <fkluknav> | |
Status: | CLOSED ERRATA | QA Contact: | atomic-bugs <atomic-bugs> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 7.4 | CC: | amurdaca, fdeutsch, lsm5, lsu, stefw | |
Target Milestone: | rc | Keywords: | Extras | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1472815 1472848 (view as bug list) | Environment: | ||
Last Closed: | 2017-08-02 00:13:50 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1472848 |
Description
Daniel Walsh
2017-07-17 13:20:37 UTC
Alright, I figured this out. Turns out we needed to backport a patch to make it possible for prestart hooks to edit cgroup stuff. Patches for 1.12.6, 1.13.1 and 1.13.1-rhel are here: projectatomic/runc@79c3939 projectatomic/runc@d90fcb7 projectatomic/runc@79db05f Original patch: opencontainers/runc#1239 https://github.com/projectatomic/runc/commit/79c3939053c870fbb4de5484d98640d5ba028ef4 https://github.com/projectatomic/runc/commit/d90fcb78c3886d01d48829a11fb481af5db08372 https://github.com/projectatomic/runc/commit/79db05ff0192bae1d0e505b93c5ac28818beb441 For now # docker run -it timesu/test-kvm /bin/bash //docker-1.12.6-48.git0fdc778.el7.x86_64 #ls -l /sys/fs/cgroup/devices/system.slice/docker-45da3109bf49026fa288603c1c1d9c762150de9fc9fce34a89eb60ff4f70bc23.scope/ total 0 -rw-r--r--. 1 root root 0 Jul 25 12:18 cgroup.clone_children --w--w--w-. 1 root root 0 Jul 25 12:18 cgroup.event_control -rw-r--r--. 1 root root 0 Jul 25 12:18 cgroup.procs --w-------. 1 root root 0 Jul 25 12:18 devices.allow --w-------. 1 root root 0 Jul 25 12:18 devices.deny -r--r--r--. 1 root root 0 Jul 25 12:18 devices.list -rw-r--r--. 1 root root 0 Jul 25 12:18 notify_on_release -rw-r--r--. 1 root root 0 Jul 25 12:18 tasks compared with before https://github.com/stefwalter/oci-kvm-hook/issues/3 -rw-r--r--. 1 root root 0 Jul 14 14:09 cgroup.clone_children -rw-r--r--. 1 root root 0 Jul 14 14:09 cgroup.procs --w-------. 1 root root 0 Jul 14 14:09 devices.allow --w-------. 1 root root 0 Jul 14 14:09 devices.deny -r--r--r--. 1 root root 0 Jul 14 14:09 devices.list -rw-r--r--. 1 root root 0 Jul 14 14:09 notify_on_release -rw-r--r--. 1 root root 0 Jul 14 14:09 tasks Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2344 |