Unclear on how to run `libcontainer` based container
drahnr opened this issue · comments
Hey, I have a hacky CLI, trying to setup a container env for a basic fedora or ubuntu or busybox image before going for a deeper integration.
I am currently struggling with
[pid 3007887] write(2, 0x562f8af479d0, 187 2024-01-25T14:44:37.547Z DEBUG libcgroups::common > scan pids in folder: "/sys/fs/cgroup/:youki:2dbb9a12-1e3a-4961-b1f5-ecb35e55cd88"
) = 187
[pid 3007887] statx(AT_FDCWD, 0x7ffe3226c800, AT_STATX_SYNC_AS_STAT, STATX_ALL, <unfinished ...>
[pid 3014228] <... execve resumed>) = -1 ENOENT (No such file or directory)
[pid 3007887] <... statx resumed>0x7ffe3226c580) = -1 ENOENT (No such file or directory)
[pid 3007887] openat(AT_FDCWD, 0x7ffe3226cdd0, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
[pid 3014228] execve(0x7ffe3225f450, 0x562f8aeac7a0, 0x562f8ae51e20 <unfinished ...>
[pid 3007887] close(7 <unfinished ...>
[pid 3014228] <... execve resumed>) = -1 ENOENT (No such file or directory)
[pid 3007887] <... close resumed>) = 0
[pid 3014228] execve(0x7ffe3225f450, 0x562f8aeac7a0, 0x562f8ae51e20) = -1 ENOENT (No such file or directory)
[pid 3007887] futex(0x562f8ad1f498, FUTEX_WAKE_PRIVATE, 1 <unfinished ...>
[pid 3014228] write(2, 0x562f8af479d0, 183 <unfinished ...>
2024-01-25T14:44:37.547Z ERROR libcontainer::workload::default > failed to execvp err=ENOENT filename="bash" args=["bash", "-c", "ls"]
Any support would be much appreciated
# grep cgroup /proc/filesystems
nodev cgroup
nodev cgroup2
The fully reproducing demo code lives in https://github.com/drahnr/oci-pull-and-unpack-layers
2024-01-26T06:41:00.126Z ERROR libcontainer::rootfs::rootfs > failed to bind mount rootfs rootfs="/root/oci-overlayer/containers/1a76ef46-d71c-4481-a823-f3bc29cca707/rootfs" err=Nix(EACCES)
2024-01-26T06:41:00.126Z ERROR libcontainer::process::container_init_process > failed to prepare rootfs err=Syscall(Nix(EACCES))
2024-01-26T06:41:00.126Z ERROR libcontainer::process::container_intermediate_process > failed to initialize container process: failed to prepare rootfs
2024-01-26T06:41:00.127Z ERROR libcontainer::process::container_main_process > failed to wait for init ready: failed to receive. "waiting for init ready". BrokenChannel
2024-01-26T06:41:00.127Z ERROR libcontainer::container::builder_impl > failed to run container process err=Channel(ReceiveError { msg: "waiting for init ready", source: BrokenChannel })
we try run this https://github.com/drahnr/oci-pull-and-unpack-layers code, error info.
It makes an assumption about running a rootless container, as user 1000.
Got some help from a different angle, and will persue that one. Possilbe /lib64/ldlinux.so.. doesn't exist and hence loading any lib fails.
@drahnr Thanks for giving it a try to use libcontainer. We need to prepare for documentation on how to use libcontainer, as well you pointed out.
Have you already checked youki crate directory? It is the best place to start learning how to use it.
youki/crates/youki/src/commands/run.rs
Line 17 in 04f8f2d
Thanks, turns out it was symlinks, dealing with foreground signals and not immediately killing the process was also a good thing. 9522166f2ffd76ca81f625329a9f9ac3187178a1 contains a working state.