Bug 1331781 - Duplicate mount point error when using --tmpfs on a mountpoint which is already defined in Dockerfile as VOLUME
Summary: Duplicate mount point error when using --tmpfs on a mountpoint which is alrea...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: docker-latest
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Antonio Murdaca
QA Contact: atomic-bugs@redhat.com
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-29 13:39 UTC by Jan Pazdziora
Modified: 2016-08-04 13:46 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2016-08-04 13:46:13 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1447 normal SHIPPED_LIVE docker-latest bug fix and enhancement fix update 2016-08-05 19:35:10 UTC

Description Jan Pazdziora 2016-04-29 13:39:30 UTC
Description of problem:

Systemd in container needs /run to be a separate volume or it complains

# docker run --rm -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro rhel7 /usr/sbin/init
Failed to mount tmpfs at /run: Operation not permitted
[!!!!!!] Failed to mount API filesystems, freezing.

So in my FreeIPA server Dockerfiles I do

VOLUME /run

to minimize the number of options that users have to pass docker run (avoid having to specify -v /run).

This works but with Docker 1.10, it'd be good to be able to use --tmpfs for that volume.

Version-Release number of selected component (if applicable):

docker-common-1.9.1-38.el7.x86_64
docker-latest-1.10.3-19.el7.x86_64

How reproducible:

Deterministic.

Steps to Reproduce:
1. Have Dockerfile:

FROM rhel7
VOLUME /run

2. Built image with docker build -t test-tmpfs .
3. Run docker run --rm -ti test-tmpfs true, see it pass.
4. Run docker run --rm -ti --tmpfs /run test-tmpfs true.

Actual results:

docker: Error response from daemon: Cannot start container 4086ca4dc1a375346d28a12ab34c45448f898614b21c6960f42008fa76e19639: Duplicate mount point '/run'.

Expected results:

No error, Docker just using tmpfs for the /run volume.

Additional info:

This is primarily compatibility and upgrade issue. Since it does not seem to be possible to specify the TMPFS in Dockerfile, it needs to be specified as docker run parameter. But it's not available with docker 1.9-, so it has to be optional. It be good if people on docker 1.10+ could take the advantage of --tmpfs, and people with older dockers could just keep using the built-in VOLUME /run definition.

Comment 2 Antonio Murdaca 2016-06-03 20:42:48 UTC
I'm going to reproduce and probably report upstream as well.

Comment 3 Antonio Murdaca 2016-06-04 16:52:11 UTC
can reproduce with 1.12-dev also - I'm going to work on this with upstream since I think --tmpfs should be handled the same as bind mounts (Dan correct me if I'm wrong)

assuming "test" has been built with "VOLUME /run":

docker run --rm -v /tmp:/run test true <--- this pass
docker run --rm --tmpfs /run test true <--- this should pass as well

I think the behavior should be the same

Comment 4 Daniel Walsh 2016-06-05 19:02:30 UTC
I agree.

Comment 5 Antonio Murdaca 2016-06-05 19:16:51 UTC
Alright, I'm already working on it

Comment 6 Antonio Murdaca 2016-06-06 10:13:53 UTC
Discussion and PR upstream: https://github.com/docker/docker/pull/23301

Comment 8 Luwen Su 2016-06-12 14:09:21 UTC
Still in error with docker-latest-1.10.3-40.el7.x86_64:
# docker-latest run --rm -ti --tmpfs /run test-tmpfs true
docker: Error response from daemon: Cannot start container 4db05f807cafb33fa027792b8be72d241c020536c9e22220d0d8e310c6c33229: Duplicate mount point '/run'.

do we need a new build to include it?

Comment 9 Antonio Murdaca 2016-06-12 14:20:18 UTC
This should not have been in modified state - still working on this with upstream

Comment 10 Daniel Walsh 2016-06-13 15:16:11 UTC
It should be removed from the errata then...

Comment 11 Lokesh Mandvekar 2016-06-13 15:27:25 UTC
alright, i'll remove it

Comment 13 Antonio Murdaca 2016-06-15 17:15:29 UTC
merged upstream :) Dan, will be going to carry a patch for this in 1.10.3?

Comment 14 Daniel Walsh 2016-06-15 18:32:35 UTC
Yes we should carry a patch.

Comment 18 Luwen Su 2016-07-25 09:09:14 UTC
In docker-latest-1.10.3-46.el7.8.x86_64,
steps per comment#8, move to verified.

#docker-latest run --rm -ti --tmpfs /run test-tmpfs true
# echo $?
0

Comment 20 errata-xmlrpc 2016-08-04 13:46:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-1447.html


Note You need to log in before you can comment on or make changes to this bug.