RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1282945 - /run should not be a volume
Summary: /run should not be a volume
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: rhel-server-container
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: rc
: ---
Assignee: Frantisek Kluknavsky
QA Contact: atomic-bugs@redhat.com
URL:
Whiteboard:
Depends On:
Blocks: 1282733
TreeView+ depends on / blocked
 
Reported: 2015-11-17 21:10 UTC by Scott Dodson
Modified: 2015-12-08 14:04 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-08 14:04:05 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2015:2575 0 normal SHIPPED_LIVE Red Hat Enterprise Linux 7.2.1 Container Image Update 2016-01-18 17:46:09 UTC

Description Scott Dodson 2015-11-17 21:10:11 UTC 
After much investigation we arrived at the fact that the rhel7.2 base image has added a volume for /run/ this breaks building images that depend on persisting anything in /run/ if you're not a root user lacking permissions to create data in /run/ during startup.

See https://bugzilla.redhat.com/show_bug.cgi?id=1282733

We can come up with no solution to this problem.
Comment 4 Daniel Walsh 2015-11-23 16:30:04 UTC 
Yes we should not have /run as a volume in the base image.  We are working on other solutions for handling systemd in the container.  --tmpfs patch is moving  along and dockerhooks are both better solutions.
Comment 5 Stephen Tweedie 2015-11-23 17:16:36 UTC 
(In reply to Daniel Walsh from comment #4)
> Yes we should not have /run as a volume in the base image.

Trouble is, *not* having it breaks things.  As one specific example, on rhel7/rhel-7.1-24, we don't have /run and so we get a broken fs symlink for an important sub-directory:

# docker run --rm -ti rhel7/rhel:7.1-24 ls -l /var/lock
lrwxrwxrwx. 1 root root 11 Oct 30 07:05 /var/lock -> ../run/lock

See https://bugzilla.redhat.com/show_bug.cgi?id=1105616
    "Base image is missing several files from /run/*"

> We are working
> on other solutions for handling systemd in the container.  --tmpfs patch is
> moving  along and dockerhooks are both better solutions.
Comment 6 Daniel Walsh 2015-11-23 17:50:58 UTC 
In that case the image should just create /run/lock.  Not use volume mounts.
Comment 7 Daniel Walsh 2015-11-23 17:54:25 UTC 
Docker has specified that /run on the image should be populated by the tools installed, for example "yum install httpd" will create /run/httpd on the image.

The secrets patch should not create a volume, but will create a mount point /run/secrets I believe.  But docker build will not save the content in this directory to an image.
Comment 8 Stephen Tweedie 2015-11-23 18:04:38 UTC 
OK -- then yes, this definitely shouldn't be a volume in the base image.  

Do we know why the /run volume was added?  Any expected consequences of reverting that change?
Comment 9 Frantisek Kluknavsky 2015-11-23 18:26:06 UTC 
https://bugzilla.redhat.com/show_bug.cgi?id=1235969
Primary expected consequence would be systemd not running.
Comment 10 Frantisek Kluknavsky 2015-11-23 18:33:26 UTC 
(Of course the user can fix it easily when running the container. I meant, systemd not running out of box.)
Comment 11 Stephen Tweedie 2015-11-23 18:47:09 UTC 
OK; for now I think it's far preferable to require the user does a manual
  VOLUME /run
for the special case of running systemd, than to be unable to persist anything in /run.

It would be nice if we could handle this automatically in the future, but for now should we not just revert the VOLUME in the base image?
Comment 17 Martin Jenner 2015-12-07 16:56:54 UTC 
# docker inspect registry.access.stage.redhat.com/rhel7.2:7.2-38

<snip>
        "Image": "",
        "Volumes": null,
Comment 19 errata-xmlrpc 2015-12-08 14:04:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2015-2575.html
Note You need to log in before you can comment on or make changes to this bug.