Bug 1563336 - Mounting socket files from subPaths fail
Summary: Mounting socket files from subPaths fail
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Storage
Version: 3.10.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 3.10.0
Assignee: Hemant Kumar
QA Contact: Wenqi He
Depends On: 1558564
Blocks: 1560710 1563317 1563329
TreeView+ depends on / blocked
Reported: 2018-04-03 16:05 UTC by Hemant Kumar
Modified: 2018-07-30 19:12 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1558564
Last Closed: 2018-07-30 19:11:39 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:1816 None None None 2018-07-30 19:12:03 UTC

Description Hemant Kumar 2018-04-03 16:05:38 UTC
+++ This bug was initially created as a clone of Bug #1558564 +++

Description of problem:

Mounting sockets or special files from subpaths fails.

Version-Release number of selected component (if applicable): 3.9.x

How reproducible:

Steps to Reproduce:
1. Create a pod definition that uses "/" as hostPath.
2. Try and mount something like "/run/docker.sock" as a subpath within a container.
3. The pod will fail to start

The reason of this regression is - openat system call being used on https://github.com/kubernetes/kubernetes/blob/master/pkg/util/mount/mount_linux.go#L1138 does not work for special files like Unix sockets and it will throw - Errno::ENXIO: No such device or address /run/docker.sock

Actual results:

The pod fails to start

Expected results:
The pod should start

--- Additional comment from Hemant Kumar on 2018-03-20 10:34:25 EDT ---

For now, while we make the fix. One possible workaround is to directly mount "/run/docker.sock" via a new volume entry and a new VolumeMounts entry that does not uses subpath.

Something like:

VolumeMounts: [
{ mountPath: "/run/docker.sock", name: docker_sock, readOnly: true}
volumes: [
{ name: docker_sock,
hostPath: { path: "/run/docker.sock", type: "" },

--- Additional comment from Hemant Kumar on 2018-03-22 16:41:08 EDT ---

PR upstream for the fix https://github.com/kubernetes/kubernetes/pull/61480

--- Additional comment from Hemant Kumar on 2018-03-26 11:30:50 EDT ---

Opened PR for Openshift/origin - https://github.com/openshift/origin/pull/19100

Comment 1 Hemant Kumar 2018-04-11 19:22:12 UTC
I created this BZ for making sure that subpath socket fix is available in 3.10 - but there is no 3.10 target release available in Bugzilla. 

The bug in 3.9 has been fixed and merged already - https://bugzilla.redhat.com/show_bug.cgi?id=1558564

Comment 2 Hemant Kumar 2018-04-11 19:29:26 UTC
Also for the record. This fix is not available in origin/master currently - so I need a target release which accurately reflects the bug or we can close this bug but in that case we lose track of fixes we need to backport to 3.10...

Comment 3 Hemant Kumar 2018-04-11 21:14:10 UTC
PR for fixing in origin-3.10  , https://github.com/openshift/origin/pull/19329

Comment 5 Wenqi He 2018-05-17 07:28:23 UTC
Tested on below version:
openshift v3.10.0-0.47.0
kubernetes v1.10.0+b81c8f8

This bug is fixed
# cat pod.yaml 
kind: Pod
apiVersion: v1
  name: testpod
    - name: testpod
      image: aosqe/hello-openshift
        - containerPort: 80
          name: "http-server"
      - mountPath: "/mnt/run/docker.sock"
        subPath: "run/docker.sock"
        name: file
    - name: file
        path: "/"

# oc exec testpod -- ls /mnt/run/docker.sock -l
srw-rw----    1 root     root             0 May 17 02:09 /mnt/run/docker.sock

Comment 7 errata-xmlrpc 2018-07-30 19:11:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.