The container mounted /var/lib/containers cannot read the merged directory of the container started after it

[LinanV]

hi, Team:

this's my env.

Version: 0.1.0
RuntimeName: cri-o
RuntimeVersion: 1.20.3-6.rhaos4.7.git0d0f863.el8
RuntimeApiVersion: v1alpha1

OpenshiftVersion: 4.7

detail:
step 1: start a privileged container mounted /var/lib/containers:/var/lib/containers and named A

step 2: start a normal container named Busybox after A

step 3: use crictl inspect <contianer-id> to search Busybox merged directory

step4: into container A, view Busybox merged directory like this:

can not view any file or direcotry in Busybox merged directory.

but on the host：

Could you help me solve this problem?

[haircommander]

what is the pod spec for A?

[LinanV]

what is the pod spec for A?
A's spec the same as this:
spec:
selector:
matchLabels:
app: ciss
template:
metadata:
creationTimestamp: null
labels:
app: ciss
spec:
restartPolicy: Always
serviceAccountName: ncsp-account
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
securityContext: {}
containers:
- resources:
limits:
memory: 1Gi
terminationMessagePath: /dev/termination-log
name: main
env:
- name: LOG_LEVEL
value: INFO
- name: CONTAINER_SOCKET
value: 'unix:///var/run/crio/crio.sock'
securityContext:
privileged: true
ports:
- hostPort: 38418
containerPort: 38418
protocol: TCP
imagePullPolicy: Always
volumeMounts:
- name: crio-sock
mountPath: /var/run/crio/crio.sock
- name: container-fs
mountPath: /var/lib/containers
terminationMessagePolicy: File
image: 'image-registry.openshift-image-registry.svc:5000/ctnsec/ciss:latest'
serviceAccount: ncsp-account
volumes:
- name: crio-sock
hostPath:
path: /var/run/crio/crio.sock
type: Socket
- name: container-fs
hostPath:
path: /var/lib/containers
type: Directory
dnsPolicy: ClusterFirst
tolerations:
- operator: Exists
effect: NoSchedule
- key: CriticalAddonsOnly
operator: Exists
- operator: Exists
effect: NoExecute
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node.kubernetes.io/not-ready
operator: Equal
effect: NoSchedule
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
revisionHistoryLimit: 9

Thanks!

[V1nceZhang]

Also encountered the same problem, hope to answer

[haircommander]

could you update to latest 4.7 to see if it fixes the issue? we have had a fix in our container storage library that may help

[LinanV]

could you update to latest 4.7 to see if it fixes the issue? we have had a fix in our container storage library that may help

thanks, let me try

[saschagrunert]

A friendly reminder that this issue had no activity for 30 days.

[haircommander]

I believe this issue is still present, and has to do with mount propegation of the home directory for c/storage. Adding the skip_mount_home option to /etc/containers/storage.conf fixes I believe