View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017089 | CentOS-7 | docker | public | 2020-02-26 15:53 | 2020-03-02 07:31 |
Reporter | bitsbeats | Assigned To | |||
Priority | normal | Severity | major | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 7.7-1908 | ||||
Summary | 0017089: runc version has issues when container pid 1 contains spaces in /proc/1/stat | ||||
Description | Hey, runc version has issues when container pid 1 contains spaces in /proc/1/stat. This bug was fixed in the upstream repo with this https://github.com/opencontainers/runc/pull/1136 pull request. Sadly the docker package in extras (1.13.1-108.git4ef4b30.el7.centos) ships an older version of runc. We currently assume it comes from here https://github.com/projectatomic/runc/ (master branch) since the commit hash of docker info matches. We also noticed that a runc package exists which ships a newer version of runc (which seems to be coming from the runc upstream repo https://github.com/opencontainers/runc). But dockers systemd service explicitly specifies its own runc binary. The builds log contains the git hashes: runc: https://buildlogs.centos.org/c7-extras.x86_64/runc/20190915140320/1.0.0-65.rc8.el7.centos.x86_64/build.log docker: https://buildlogs.centos.org/c7-extras.x86_64/docker/20200121171404/1.13.1-108.git4ef4b30.el7.centos.x86_64/build.log | ||||
Steps To Reproduce | After installing docker run a new container with a process with a space in /proc/1/stat # docker run -d --rm --name cant_exec_me -it node:12-alpine -e "process.title = 'hi there'; setTimeout(() => {}, 100000)" Try executing a command in that container # docker exec -it cant_exec_me sh rpc error: code = 2 desc = oci runtime error: exec failed: cannot exec a container that has run and stopped | ||||
Additional Information | docker info: Containers: 46 Running: 29 Paused: 0 Stopped: 17 Images: 35 Server Version: 1.13.1 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: systemd Plugins: Volume: local Network: bridge host macvlan null overlay Swarm: inactive Runtimes: runc docker-runc Default Runtime: docker-runc Init Binary: /usr/libexec/docker/docker-init-current containerd version: (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1) runc version: e45dd70447fb72ee4e1f6989173aa6c5dd492d87 (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f) init version: fec3683b971d9c3ef73f284f176672c44b448662 (expected: 949e6facb77383876aeff8a6944dde66b3089574) Security Options: seccomp WARNING: You're not using the default seccomp profile Profile: /etc/docker/seccomp.json selinux Kernel Version: 3.10.0-1062.12.1.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 Number of Docker Hooks: 3 CPUs: 6 Total Memory: 15.67 GiB Name: REMOVED ID: RX6V:NAPN:UDBV:YM4G:JT4T:QN5S:AWX6:54YG:6NEC:BBTY:OTHU:QO45 Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false Registries: docker.io (secure) | ||||
Tags | No tags attached. | ||||
abrt_hash | |||||
URL | |||||
RHEL seems to have a newer package (-109) where this is fixed. | |
https://bugzilla.redhat.com/show_bug.cgi?id=1793062 | |
Unsure about that, but is the current runc missing almost all commit since ee992e5ff7143ea3fedb1bb4aa88a41d65a0bd66? Including the CVE fixes? | |
Quck update: the older version seems to be based of https://github.com/projectatomic/runc/commit/9c3c5f853ebf0ffac0d087e94daef462133b69c7 Seems like the package switched from the 1.3.1-rhel branch to master? |
|
I guess this will get fixed after it's fixed in RHEL. I don't control the CentOS package, setting assignee to JohnnyHughes | |
Maybe it's just that version -109 is not build for centos? | |
Date Modified | Username | Field | Change |
---|---|---|---|
2020-02-26 15:53 | bitsbeats | New Issue | |
2020-02-26 16:23 | bitsbeats | Note Added: 0036388 | |
2020-02-26 16:36 | bitsbeats | Note Added: 0036389 | |
2020-02-26 17:05 | bitsbeats | Note Added: 0036390 | |
2020-02-27 08:00 | bitsbeats | Note Added: 0036396 | |
2020-02-28 13:47 | lsm5 | Note Added: 0036398 | |
2020-03-02 07:31 | bitsbeats | Note Added: 0036412 |