runc restore fails #1333
Comments
|
runc version: criu --version riddler --version ip a from the container: |
|
--inherit-fd,this option can be used in the needs of my next (a pipe file descriptor with one end in the checkpointed process and the other end in a separate process), I don't know if this option is not automatically in the runc restore option is completed,automatic or manual |
|
How do you checkpoint a container? I tried to runc checkpoint and it works fine for me. |
|
$sudo runc run Test |
|
@avagin Hi,You go to checkpoint is successful, with my profile, and through the Riddler tool successfully added the IP? if so, I then investigate the environment But still failed, the log is wrong,logs: 1037 (00.532294) 1: Error (criu/pipes.c:246): Unable to reopen the pipe /pr oc/self/fd/3: Permission denied Finally, I tried to go through root, the problem is still |
|
I think I reproduced the issue with your config. |
|
Ok,Please don't forget to add network configuration via Riddler tools, |
If a pipe is inherited (external), it may be impossible to reopen it from a restored user namespace due to lack of permession, so in this case we have to reopen it via usernsd. opencontainers/runc#1333
|
@kingsin-fzj Could you try out avagin/criu@9986792 |
|
Thx very much for your patience, avagin, I tried your patch, and now can be used properly!!! |
If a pipe is inherited (external), it may be impossible to reopen it from a restored user namespace due to lack of permession, so in this case we have to reopen it via usernsd. opencontainers/runc#1333 Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
If a pipe is inherited (external), it may be impossible to reopen it from a restored user namespace due to lack of permession, so in this case we have to reopen it via usernsd. opencontainers/runc#1333 Signed-off-by: Andrei Vagin <avagin@virtuozzo.com> Acked-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
If a pipe is inherited (external), it may be impossible to reopen it from a restored user namespace due to lack of permession, so in this case we have to reopen it via usernsd. opencontainers/runc#1333 Signed-off-by: Andrei Vagin <avagin@virtuozzo.com> Acked-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
I was in the runc when I encountered such a problem, in the case of the normal function of checkpoint/restore, through the Riddler tool to add the network after the failure of restore:
The restore.log about Error:
(00.681993) 1: Restoring fd 0 (state -> prepare)
(00.681996) 1: Restoring fd 1 (state -> prepare)
(00.681998) 1: Restoring fd 2 (state -> prepare)
(00.682001) 1: Restoring fd 0 (state -> create)
(00.682009) 1: Creating pipe pipe_id=0x327060f id=0x7
(00.682015) 1: Found id pipe:[52889103] (fd 0) in inherit fd list
(00.682019) 1: File pipe:[52889103] will be restored from fd 3 dumped from i
nherit fd 0
(00.682045) 1: Error (criu/pipes.c:224): Unable to reopen the pipe /proc/sel
f/fd/3: Permission denied
(00.718520) mnt: Switching to new ns to clean ghosts
(00.718567) uns: calling exit_usernsd (-1, 1)
(00.718604) uns: daemon calls 0x4592a0 (4752, -1, 1)
(00.718623) uns: `- daemon exits w/ 0
(00.718932) uns: daemon stopped
my config :
{
"ociVersion": "1.0.0-rc3",
"platform": {
"os": "linux",
"arch": "amd64"
},
"process": {
"terminal": false,
"user": {
},
"args": [
"sh"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TZ=Asia/Shanghai",
"TERM=xterm"
],
"cwd": "/",
"capabilities": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FSETID",
"CAP_FOWNER",
"CAP_MKNOD",
"CAP_NET_RAW",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETFCAP",
"CAP_SETPCAP",
"CAP_NET_BIND_SERVICE",
"CAP_SYS_CHROOT",
"CAP_KILL",
"CAP_AUDIT_WRITE"
],
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 1024,
"soft": 1024
}
],
"noNewPrivileges": true,
"apparmorProfile": "docker-default"
},
"root": {
"path": "rootfs",
"readonly": false
},
"hostname": "Test",
"mounts": [
{
"destination": "/proc",
"type": "proc",
"source": "proc"
},
{
"destination": "/dev",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"nosuid",
"strictatime",
"mode=755",
"size=65536k"
]
},
{
"destination": "/dev/pts",
"type": "devpts",
"source": "devpts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620"
]
},
{
"destination": "/dev/shm",
"type": "tmpfs",
"source": "shm",
"options": [
"nosuid",
"noexec",
"nodev",
"mode=1777",
"size=65536k"
]
},
{
"destination": "/sys",
"type": "sysfs",
"source": "sysfs",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys/fs/cgroup",
"type": "cgroup",
"source": "cgroup",
"options": [
"nosuid",
"noexec",
"nodev",
"relatime"
]
},
{
"destination": "/etc/hosts",
"type": "bind",
"source": "/etc/hosts",
"options": [
"rbind",
"rprivate",
"ro"
]
},
{
"destination": "/etc/resolv.conf",
"type": "bind",
"source": "/etc/resolv.conf",
"options": [
"rbind",
"rprivate",
"ro"
]
}
],
"hooks": {
"prestart": [
{
"path": "/usr/bin/netns"
}
]
},
"linux": {
"uidMappings": [
{
"hostID": 1000,
"containerID": 0,
"size": 65536
}
],
"gidMappings": [
{
"hostID": 1000,
"containerID": 0,
"size": 65536
}
],
"resources": {
"devices": [
{
"allow": true,
"type": "c",
"major": 1,
"minor": 3,
"access": "rwm"
},
{
"allow": true,
"type": "c",
"major": 1,
"minor": 5,
"access": "rwm"
},
{
"allow": true,
"type": "c",
"major": 1,
"minor": 7,
"access": "rwm"
},
{
"allow": true,
"type": "c",
"major": 1,
"minor": 9,
"access": "rwm"
},
{
"allow": true,
"type": "c",
"major": 1,
"minor": 8,
"access": "rwm"
}
],
"disableOOMKiller": false,
"oomScoreAdj": 0,
"memory": {
"limit": 0,
"reservation": 0,
"swap": 0,
"kernel": 0,
"kernelTCP": null,
"swappiness": 18446744073709551615
},
"cpu": {
"shares": 0,
"quota": 0,
"period": 0,
"cpus": "",
"mems": ""
},
"pids": {
"limit": 0
},
"blockIO": {
"blkioWeight": 0
}
},
"namespaces": [
{
"type": "ipc"
},
{
"type": "uts"
},
{
"type": "mount"
},
{
"type": "network"
},
{
"type": "pid"
},
{
"type": "user"
}
],
"devices": [
{
"path": "/dev/null",
"type": "c",
"major": 1,
"minor": 3,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/zero",
"type": "c",
"major": 1,
"minor": 5,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/full",
"type": "c",
"major": 1,
"minor": 7,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/urandom",
"type": "c",
"major": 1,
"minor": 9,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/random",
"type": "c",
"major": 1,
"minor": 8,
"fileMode": 438,
"uid": 0,
"gid": 0
}
],
"seccomp": {
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": null,
"syscalls": [
{
"name": "accept",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "accept4",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "access",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "alarm",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "arch_prctl",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "bind",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "brk",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "capget",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "capset",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "chdir",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "chmod",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "chown",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "chown32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "chroot",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "clock_getres",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "clock_gettime",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "clock_nanosleep",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "clone",
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 0,
"value": 2080505856,
"valueTwo": 0,
"op": "SCMP_CMP_MASKED_EQ"
}
]
},
{
"name": "close",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "connect",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "creat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "dup",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "dup2",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "dup3",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "epoll_create",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "epoll_create1",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "epoll_ctl",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "epoll_ctl_old",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "epoll_pwait",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "epoll_wait",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "epoll_wait_old",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "eventfd",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "eventfd2",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "execve",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "execveat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "exit",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "exit_group",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "faccessat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fadvise64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fadvise64_64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fallocate",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fanotify_init",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fanotify_mark",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fchdir",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fchmod",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fchmodat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fchown",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fchown32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fchownat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fcntl",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fcntl64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fdatasync",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fgetxattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "flistxattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "flock",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fork",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fremovexattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fsetxattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fstat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fstat64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fstatat64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fstatfs",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fstatfs64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "fsync",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "ftruncate",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "ftruncate64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "futex",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "futimesat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getcpu",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getcwd",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getdents",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getdents64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getegid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getegid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "geteuid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "geteuid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getgid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getgid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getgroups",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getgroups32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getitimer",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getpeername",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getpgid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getpgrp",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getpid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getppid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getpriority",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getrandom",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getresgid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getresgid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getresuid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getresuid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getrlimit",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "get_robust_list",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getrusage",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getsid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getsockname",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getsockopt",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "get_thread_area",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "gettid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "gettimeofday",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getuid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getuid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "getxattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "inotify_add_watch",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "inotify_init",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "inotify_init1",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "inotify_rm_watch",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "io_cancel",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "ioctl",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "io_destroy",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "io_getevents",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "ioprio_get",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "ioprio_set",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "io_setup",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "io_submit",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "kill",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "lchown",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "lchown32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "lgetxattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "link",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "linkat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "listen",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "listxattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "llistxattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "_llseek",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "lremovexattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "lseek",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "lsetxattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "lstat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "lstat64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "madvise",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "memfd_create",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mincore",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mkdir",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mkdirat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mknod",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mknodat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mlock",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mlockall",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mmap",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mmap2",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mprotect",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mq_getsetattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mq_notify",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mq_open",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mq_timedreceive",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mq_timedsend",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mq_unlink",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "mremap",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "msgctl",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "msgget",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "msgrcv",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "msgsnd",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "msync",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "munlock",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "munlockall",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "munmap",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "nanosleep",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "newfstatat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "_newselect",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "open",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "openat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "pause",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "pipe",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "pipe2",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "poll",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "ppoll",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "prctl",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "pread64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "preadv",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "prlimit64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "pselect6",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "pwrite64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "pwritev",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "read",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "readahead",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "readlink",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "readlinkat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "readv",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "recvfrom",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "recvmmsg",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "recvmsg",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "remap_file_pages",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "removexattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "rename",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "renameat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "renameat2",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "rmdir",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "rt_sigaction",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "rt_sigpending",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "rt_sigprocmask",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "rt_sigqueueinfo",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "rt_sigreturn",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "rt_sigsuspend",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "rt_sigtimedwait",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "rt_tgsigqueueinfo",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sched_getaffinity",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sched_getattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sched_getparam",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sched_get_priority_max",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sched_get_priority_min",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sched_getscheduler",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sched_rr_get_interval",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sched_setaffinity",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sched_setattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sched_setparam",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sched_setscheduler",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sched_yield",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "seccomp",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "select",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "semctl",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "semget",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "semop",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "semtimedop",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sendfile",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sendfile64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sendmmsg",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sendmsg",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sendto",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setdomainname",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setfsgid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setfsgid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setfsuid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setfsuid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setgid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setgid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setgroups",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setgroups32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sethostname",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setitimer",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setpgid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setpriority",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setregid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setregid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setresgid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setresgid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setresuid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setresuid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setreuid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setreuid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setrlimit",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "set_robust_list",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setsid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setsockopt",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "set_thread_area",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "set_tid_address",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setuid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setuid32",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "setxattr",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "shmat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "shmctl",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "shmdt",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "shmget",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "shutdown",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sigaltstack",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "signalfd",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "signalfd4",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sigreturn",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "socket",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "socketpair",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "splice",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "stat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "stat64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "statfs",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "statfs64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "symlink",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "symlinkat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sync",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sync_file_range",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "syncfs",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "sysinfo",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "syslog",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "tee",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "tgkill",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "time",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "timer_create",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "timer_delete",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "timerfd_create",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "timerfd_gettime",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "timerfd_settime",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "timer_getoverrun",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "timer_gettime",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "timer_settime",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "times",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "tkill",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "truncate",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "truncate64",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "ugetrlimit",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "umask",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "uname",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "unlink",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "unlinkat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "utime",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "utimensat",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "utimes",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "vfork",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "vhangup",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "vmsplice",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "wait4",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "waitid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "waitpid",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "write",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "writev",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "modify_ldt",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "breakpoint",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "cacheflush",
"action": "SCMP_ACT_ALLOW"
},
{
"name": "set_tls",
"action": "SCMP_ACT_ALLOW"
}
]
}
}
}
and my container ip:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.19.0.2 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::e030:98ff:fef6:3e2c prefixlen 64 scopeid 0x20
ether e2:30:98:f6:3e:2c txqueuelen 1000 (Ethernet)
RX packets 48 bytes 6717 (6.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9 bytes 722 (722.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The text was updated successfully, but these errors were encountered: