Description

while run the bellow command facing an issue.

docker run --runtime=runsc --device /dev/video101:/dev/video1 -it ubuntu bash

Error:
docker: Error response from daemon: OCI runtime start failed: starting container: starting root container: urpc method "containerManager.StartRoot" failed: EOF: unknown. ERRO[0003] error waiting for container: context canceled

Runsc logs:
runsc.zip

Is this feature related to a specific bug?

No response

Do you have a specific solution in mind?

No response

@nixprime / @ayushr2 Could one of you take a look. Looks like VFS2 is panicking.

I0314 11:49:56.903854 311066 vfs.go:261] mns%!(EXTRA *vfs.MountNamespace=&{{1} 0xc0000fe000 0xc00019e840 map[]})
I0314 11:49:56.903905 311066 fs.go:368] file info &{[0xc0002bfe70 0xc0002bfe78 0xc0002bfe80]}
I0314 11:49:56.903951 311066 fs.go:372] file is not empty [FD: 6 FD: 7 FD: 8]
I0314 11:49:56.903975 311066 fs.go:368] file info &{[0xc0002bfe78 0xc0002bfe80]}
I0314 11:49:56.903998 311066 fs.go:372] file is not empty [FD: 7 FD: 8]
I0314 11:49:56.904016 311066 fs.go:368] file info &{[0xc0002bfe80]}
I0314 11:49:56.904032 311066 fs.go:372] file is not empty [FD: 8]
I0314 11:49:56.904050 311066 fs.go:368] file info &{[]}
panic: fdDispenser out of fds

goroutine 1 [running]:
panic({0x107ac80, 0x13c4150})
GOROOT/src/runtime/panic.go:1147 +0x3a8 fp=0xc0004e51f8 sp=0xc0004e5138 pc=0x4351c8
gvisor.dev/gvisor/runsc/boot.(*fdDispenser).remove(0xc00007e340)
runsc/boot/fs.go:370 +0x1ab fp=0xc0004e5240 sp=0xc0004e51f8 pc=0xf25bab
gvisor.dev/gvisor/runsc/boot.(*containerMounter).prepareMountsVFS2(0xc00007e320)
runsc/boot/vfs.go:437 +0xed fp=0xc0004e5328 sp=0xc0004e5240 pc=0xf3bd6d
gvisor.dev/gvisor/runsc/boot.(*containerMounter).mountSubmountsVFS2(0xc00007e320, {0x141f8b8, 0xc0000c62e0}, 0xc00003ba40, 0x107ac80, 0xc000298be0)
runsc/boot/vfs.go:373 +0x67 fp=0xc0004e5480 sp=0xc0004e5328 pc=0xf3b327
gvisor.dev/gvisor/runsc/boot.(*containerMounter).mountAll(0xc00007e320, 0x7fb0e6580108, 0xc0003ac020)
runsc/boot/vfs.go:215 +0x531 fp=0xc0004e55a0 sp=0xc0004e5480 pc=0xf39571
gvisor.dev/gvisor/runsc/boot.setupContainerVFS2({0x141f8b8, 0xc0000c6000}, 0xc00003ba40, 0xc00007e320, 0xc0003ac020)
runsc/boot/vfs.go:161 +0x16c fp=0xc0004e5618 sp=0xc0004e55a0 pc=0xf38e2c
gvisor.dev/gvisor/runsc/boot.setupContainerFS({0x141f8b8, 0xc0000c6000}, 0xc0000aa058, 0x5, 0x0)
runsc/boot/fs.go:328 +0xda fp=0xc0004e5650 sp=0xc0004e5618 pc=0xf2581a
gvisor.dev/gvisor/runsc/boot.(*Loader).createContainerProcess(0xc0003ac000, 0x1, {0x7ffe1c027fa8, 0x40}, 0xc0003ac010)
runsc/boot/loader.go:778 +0x305 fp=0xc0004e58c8 sp=0xc0004e5650 pc=0xf30665
gvisor.dev/gvisor/runsc/boot.(*Loader).run(0xc0003ac000)
runsc/boot/loader.go:619 +0x19e fp=0xc0004e5968 sp=0xc0004e58c8 pc=0xf2ed3e
gvisor.dev/gvisor/runsc/boot.(*Loader).Run(0xc0003ac000)
runsc/boot/loader.go:570 +0x25 fp=0xc0004e59a8 sp=0xc0004e5968 pc=0xf2eb05
gvisor.dev/gvisor/runsc/cmd.(*Boot).Execute(0xc000280000, {0xc00003a260, 0xc0001e5cf8}, 0xc00019e780, {0xc00007b060, 0x2, 0x20})
runsc/cmd/boot.go:298 +0xae5 fp=0xc0004e5cd0 sp=0xc0004e59a8 pc=0xfc6aa5
github.com/google/subcommands.(*Commander).Execute(0xc00011a000, {0x13f3d50, 0xc00003e010}, {0xc00007b060, 0x2, 0x2})
external/com_github_google_subcommands/subcommands.go:200 +0x3bc fp=0xc0004e5d70 sp=0xc0004e5cd0 pc=0x4fb25c
github.com/google/subcommands.Execute(...)
external/com_github_google_subcommands/subcommands.go:481
gvisor.dev/gvisor/runsc/cli.Main({0x13f0a00, 0x29})
runsc/cli/main.go:245 +0x1986 fp=0xc0004e5f60 sp=0xc0004e5d70 pc=0xfe9e86
main.main()
runsc/main.go:23 +0x27 fp=0xc0004e5f80 sp=0xc0004e5f60 pc=0xfea467
runtime.main()
GOROOT/src/runtime/proc.go:255 +0x227 fp=0xc0004e5fe0 sp=0xc0004e5f80 pc=0x437d07
runtime.goexit()
src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0004e5fe8 sp=0xc0004e5fe0 pc=0x469321

I am unable to repro. Here is what I did:

sudo mknod video101 c 101 1
sudo mv video101 /dev/
docker run --runtime=runsc --rm --device /dev/video101:/dev/video1 -it ubuntu bash

^ this works for me and the container starts up.

Related #7007

@ayushr2 --device working now but inside a container it is not available FYI i am attaching the image and logs.

Logs:
runsc.zip

See @fvoznika's comments in #7007. gVisor does not support character devices yet.

@ayushr2 Is there any other way to map character device by doing some modifications in code.

You can try patching #7082. @fvoznika is working on that.

i am able map the device but at sentry level i am unable get the nodes for respected device.FYI i am attaching image

There are a few things at play here that is preventing this from working. First, the --device docker flag (Spec.Linux.Devices in OCI) is not supported and is currently being ignored. This is the reason you don't see the device mapped inside gVisor. Another problem is that we don't support bridging character files from the host to inside the sandbox.

As for supporting character devices, there is a tentative change to add support for it (see comments in #7007). However, it's not fully working yet. The character device must support epoll(2) so that gVisor can be notified when data is available, and I'm guessing that either epoll is not supported or is not working in the way we expect. If you want to give it a try, patch #7082 and use the -v option to mount the character device inside gVisor. Instead of --device /dev/video101:/dev/video1, use -v /dev/video101:/dev/video1.

I'll resolve this issue as duplicate of #7007. If the path above doesn't work for you, please reply with full debug logs to the other issue.

Duplicate of #7007