1628272 – When /var/log is not available in container, oci-systemd-hook mounts under /run/journal instead of under /run/log/journal

Bug 1628272 - When /var/log is not available in container, oci-systemd-hook mounts under /run/journal instead of under /run/log/journal

Summary: When /var/log is not available in container, oci-systemd-hook mounts under /r...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	oci-systemd-hook
Sub Component:
Version:	28
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-09-12 15:37 UTC by Jan Pazdziora (Red Hat)
Modified:	2019-03-21 14:40 UTC (History)
CC List:	5 users (show)
Fixed In Version:	oci-systemd-hook-0.1.18-1.git38504cc.fc28 oci-systemd-hook-0.2.0-1.git05e6923.fc29
Clone Of:
Environment:
Last Closed:	2018-09-23 20:18:46 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jan Pazdziora (Red Hat) 2018-09-12 15:37:49 UTC

Description of problem:

The oci-systemd-hook tries to propagate the journal from systemd-based container to the host by creating and mounting host's directory to the container.

However, when /var/log is not available in the container image, oci-systemd-hook mounts under /run/journal instead of under /run/log/journal. And systemd-journald(8) says:

       The journal service stores log data either persistently below
       /var/log/journal or in a volatile way below /run/log/journal/ (in the
       latter case it is lost at reboot).

So the directory on the host is created and mounted but not used by systemd in the container.

Version-Release number of selected component (if applicable):

oci-systemd-hook-0.1.17-3.gitbd86a79.fc28.x86_64

How reproducible:

Deterministic.

Steps to Reproduce:
1. Have Dockerfile

FROM registry.fedoraproject.org/fedora:28
RUN mkdir -p /data-template/var && mv /var/log /data-template/var/log && ln -s /data/var/log /var/log
VOLUME [ "/data" ]
ENTRYPOINT [ "/usr/sbin/init" ]

2. Build image: docker build -t journald .
3. Run container: docker run --name systemd --rm -i journald
4. In different terminal, check the mounted directory:
   $ docker exec systemd mount | grep journal
/dev/mapper/vg_host-lv_fedora on /run/journal/92bfd207a8dc5f5e097172aa5adff47c type ext4 (rw,relatime,seclabel)
5. Check where the journal is actually stored in the container:
   $ docker exec systemd ls -dla /run/journal/92bfd207a8dc5f5e097172aa5adff47c/system.journal /run/log/journal/92bfd207a8dc5f5e097172aa5adff47c/system.journal
6. Check if the journal is stored on host:
   $ ls -la /var/log/journal/92bfd207a8dc5f5e097172aa5adff47c/

Actual results:

The ls in the container:

-rw-r-----+ 1 root systemd-journal 839680 Sep 12 15:31 /run/log/journal/92bfd207a8dc5f5e097172aa5adff47c/system.journal
ls: cannot access '/run/journal/92bfd207a8dc5f5e097172aa5adff47c/system.journal': No such file or directory

The ls on the host:

total 80
drwxr-sr-x+    2 root root             4096 Sep 12 17:31 .
drwxr-sr-x+ 1119 root systemd-journal 65536 Sep 12 17:31 ..

Expected results:

The ls in the container:

-rw-r-----+ 1 root systemd-journal 839680 Sep 12 15:31 /run/log/journal/92bfd207a8dc5f5e097172aa5adff47c/system.journal
ls: cannot access '/run/journal/92bfd207a8dc5f5e097172aa5adff47c/system.journal': No such file or directory

The ls on the host:

total 80
drwxr-sr-x+    2 root root             4096 Sep 12 17:31 .
drwxr-sr-x+ 1119 root systemd-journal 65536 Sep 12 17:31 ..
-rw-r-----+    1 root systemd-journal 839680 Sep 12 15:31 system.journal

Additional info:

Comment 1 Daniel Walsh 2018-09-13 13:37:11 UTC

I don't see a /run/log/journal on my F28 box?

Comment 2 Jan Pazdziora (Red Hat) 2018-09-14 08:01:37 UTC

You mean, when you run the above-built image on your Fedora 28 host with docker-1.13.1-61.git9cb56fd.fc28.x86_64, you see systemd running in the container but the /run/log/journal is not there?

Comment 3 Daniel Walsh 2018-09-14 12:57:29 UTC

No I am questioning the existence of /run/log/journal on my host?  If I don't see it on the host, why would I expect it in the container?

Comment 4 Jan Pazdziora (Red Hat) 2018-09-14 16:34:12 UTC

You likely don't have /run/log/journal on your host because you have persistent /var/log/journal.

The oci-systemd-hook tries to mount host's /var/log/journal subdirectory to container's /var/log/journal, and falls back to /run ... but falls back to /run/journal, instead of /run/log/journal.

Comment 5 Daniel Walsh 2018-09-14 16:57:46 UTC

PTAL https://github.com/projectatomic/oci-systemd-hook/pull/105

Comment 6 Fedora Update System 2018-09-14 18:30:39 UTC

oci-systemd-hook-0.1.18-1.git38504cc.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-70fe37d613

Comment 7 Fedora Update System 2018-09-14 18:30:46 UTC

oci-systemd-hook-0.1.18-1.git38504cc.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ea6d38282

Comment 8 Fedora Update System 2018-09-14 23:49:31 UTC

oci-systemd-hook-0.1.18-1.git38504cc.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ea6d38282

Comment 9 Fedora Update System 2018-09-17 01:07:01 UTC

oci-systemd-hook-0.1.18-1.git38504cc.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-70fe37d613

Comment 10 Fedora Update System 2018-09-23 20:18:46 UTC

oci-systemd-hook-0.1.18-1.git38504cc.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2019-03-06 15:50:01 UTC

oci-systemd-hook-0.2.0-1.git05e6923.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-baa35c7a81

Comment 12 Fedora Update System 2019-03-07 20:31:40 UTC

oci-systemd-hook-0.2.0-1.git05e6923.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-baa35c7a81

Comment 13 Fedora Update System 2019-03-20 22:12:34 UTC

oci-systemd-hook-0.2.0-1.git05e6923.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2019-03-21 14:40:13 UTC

oci-systemd-hook-0.2.0-1.git05e6923.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.