+++ This bug was initially created as a clone of Bug #1558564 +++ Description of problem: Mounting sockets or special files from subpaths fails. Version-Release number of selected component (if applicable): 3.9.x How reproducible: Steps to Reproduce: 1. Create a pod definition that uses "/" as hostPath. 2. Try and mount something like "/run/docker.sock" as a subpath within a container. 3. The pod will fail to start The reason of this regression is - openat system call being used on https://github.com/kubernetes/kubernetes/blob/master/pkg/util/mount/mount_linux.go#L1138 does not work for special files like Unix sockets and it will throw - Errno::ENXIO: No such device or address /run/docker.sock Actual results: The pod fails to start Expected results: The pod should start --- Additional comment from Hemant Kumar on 2018-03-20 10:34:25 EDT --- For now, while we make the fix. One possible workaround is to directly mount "/run/docker.sock" via a new volume entry and a new VolumeMounts entry that does not uses subpath. Something like: VolumeMounts: [ { mountPath: "/run/docker.sock", name: docker_sock, readOnly: true} ], volumes: [ { name: docker_sock, hostPath: { path: "/run/docker.sock", type: "" }, ] --- Additional comment from Hemant Kumar on 2018-03-22 16:41:08 EDT --- PR upstream for the fix https://github.com/kubernetes/kubernetes/pull/61480 --- Additional comment from Hemant Kumar on 2018-03-26 11:30:50 EDT --- Opened PR for Openshift/origin - https://github.com/openshift/origin/pull/19100
https://github.com/openshift/ose/pull/1183
This is failed on oc v3.5.5.31.67 kubernetes v1.5.2+43a9be4 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://ip-172-18-6-183.ec2.internal:8443 openshift v3.5.5.31.67 kubernetes v1.5.2+43a9be4 oc get pods testpod 0/1 RunContainerError 0 1m test file is kind: Pod apiVersion: v1 metadata: name: testpod spec: containers: - name: testpod image: aosqe/hello-openshift ports: - containerPort: 80 name: "http-server" volumeMounts: - mountPath: "/mnt/run/docker.sock" subPath: "run/docker.sock" name: file volumes: - name: file hostPath: path: "/"
Moving the BZ to modified state because the problem that the fix was not picked in the build isn't something storage team controls. The BZ should not have moved to ON_QA.
Verified in OCP oc v3.5.5.31.80 kubernetes v1.5.2+43a9be4 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://ip-172-18-13-123.ec2.internal:8443 openshift v3.5.5.31.80 kubernetes v1.5.2+43a9be4 1.Create pod using kind: Pod apiVersion: v1 metadata: name: sock-pod spec: containers: - name: sockfile image: aosqe/hello-openshift ports: - containerPort: 80 name: "http-server" volumeMounts: - mountPath: "/mnt/run/docker.sock" subPath: "run/docker.sock" name: file volumes: - name: file hostPath: path: "/" 2.Pod is running 3.oc exec sock-pod -- ls /mnt/run/docker.sock -l srw-rw---- 1 root root 0 Nov 16 08:33 /mnt/run/docker.sock
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3624