-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Warning when using an unsupported version of Linux #268
Comments
Currently runsc fails with an error like the following because the kernel is missing the memfd_create syscall which was added in Linux 3.17
See #100 |
In theory, we do have a warning: https://github.com/google/gvisor/blob/master/pkg/sentry/memutil/memutil_unsafe.go#L34 I know the plumbing all the way up to the Docker CLI worked when that was added, but it must have regressed since then. |
I think it broke when a synchronization point was added to sandbox.New(). It will be fixed with: https://gvisor-review.git.corp.google.com/c/gvisor/+/18260 |
Hi all, I traced this issue from here However, It supports memfd_create syscall. And my gVisor version is: "Version release-20210906.0" |
I believe you're running into #5865 (you need to enable cgroup v1 controller). If you run |
This is something that also occurs when running inside unprivileged LXC containers (Kernel 5.10) , but I haven't figured out why that is yet. There shouldn't be any reason why that syscall is blocked there...
With this docker daemon.json:
|
@outis151 I'm not totally sure that's the same problem. |
|
@outis151 yes, by root I mean a privileged root user. gvisor/runsc/container/container.go Lines 1279 to 1290 in bf86207
aside: I was actually wrong. You can't only use host networking or no networking with --rootless Lines 70 to 73 in 4e99f17
|
Thanks for the suggestions. Will continue trying to find what is causing this |
gVisor fails in unintuitive ways when run on an older version of Linux. We should print a warning or simply fail if he version of Linux used is less than the currently supported version.
The text was updated successfully, but these errors were encountered: