1558564 – Mounting socket files from subPaths fail

Bug 1558564 - Mounting socket files from subPaths fail

Summary: Mounting socket files from subPaths fail

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Storage
Sub Component:
Version:	3.9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	3.9.z
Assignee:	Hemant Kumar
QA Contact:	Qin Ping
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1560710 1563317 1563329 1563336
TreeView+	depends on / blocked

Reported:	2018-03-20 13:54 UTC by Hemant Kumar
Modified:	2018-05-17 06:44 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1560710 1563317 1563329 1563336 (view as bug list)
Environment:
Last Closed:	2018-05-17 06:43:34 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:1566	0	None	None	None	2018-05-17 06:44:07 UTC

Description Hemant Kumar 2018-03-20 13:54:26 UTC

Description of problem:

Mounting sockets or special files from subpaths fails.

Version-Release number of selected component (if applicable): 3.9.x

How reproducible:

Steps to Reproduce:
1. Create a pod definition that uses "/" as hostPath.
2. Try and mount something like "/run/docker.sock" as a subpath within a container.
3. The pod will fail to start

The reason of this regression is - openat system call being used on https://github.com/kubernetes/kubernetes/blob/master/pkg/util/mount/mount_linux.go#L1138 does not work for special files like Unix sockets and it will throw - Errno::ENXIO: No such device or address /run/docker.sock


Actual results:

The pod fails to start


Expected results:
The pod should start

Comment 1 Hemant Kumar 2018-03-20 14:34:25 UTC

For now, while we make the fix. One possible workaround is to directly mount "/run/docker.sock" via a new volume entry and a new VolumeMounts entry that does not uses subpath.

Something like:

VolumeMounts: [
{ mountPath: "/run/docker.sock", name: docker_sock, readOnly: true}
],
volumes: [
{ name: docker_sock,
hostPath: { path: "/run/docker.sock", type: "" },
]

Comment 2 Hemant Kumar 2018-03-22 20:41:08 UTC

PR upstream for the fix https://github.com/kubernetes/kubernetes/pull/61480

Comment 3 Hemant Kumar 2018-03-26 15:30:50 UTC

Opened PR for Openshift/origin - https://github.com/openshift/origin/pull/19100

Comment 4 Hemant Kumar 2018-04-11 19:12:08 UTC

This is merged in both origin and OSE.So it is done and done from development POV.

Comment 6 Qin Ping 2018-04-17 06:19:58 UTC

Verified in OCP: v3.9.22

# cat pod.yaml 
kind: Pod
apiVersion: v1
metadata:
  name: testpod
spec:
  containers:
    - name: testpod
      image: aosqe/hello-openshift
      ports:
        - containerPort: 80
          name: "http-server"
      volumeMounts:
      - mountPath: "/mnt/run/docker.sock"
        subPath: "run/docker.sock"
        name: file
  volumes:
    - name: file
      hostPath:
        path: "/"

# oc exec testpod -- ls /mnt/run/docker.sock -l
srw-rw----    1 root     root             0 Apr 17 02:42 /mnt/run/docker.sock

Comment 8 Qin Ping 2018-04-20 02:39:27 UTC

Verified in OCP:
oc v3.9.24
openshift v3.9.24
kubernetes v1.9.1+a0ce1bc657

# uname -a
Linux host-172-16-120-35 3.10.0-693.21.1.el7.x86_64 #1 SMP Fri Feb 23 18:54:16 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.4 (Maipo)

Comment 11 errata-xmlrpc 2018-05-17 06:43:34 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1566

Note You need to log in before you can comment on or make changes to this bug.