in container: sudo: setrlimit(RLIMIT_CORE): Operation not permitted #42
Comments
|
Handling of RLIMIT_CORE appears to be buggy in Linux containers. When sudo tries to restore the original coredump limit (which appears to be RLIM_INFINITY) as uid 0 it gets EPERM, which should not happen. Sudo 1.8.28 just silently ignored the failure, in 1.8.29 and above a warning is written to the standard error. I'll probably just go back to ignoring the failure but this is not actually a bug in sudo. |
|
This is fixed by 712afe0 |
|
Fixed in sudo 1.8.31p1, available now. |
|
Thanks so much!! |
|
BTW do you plan to add this also to 1.9.0? |
|
Yes, it was already committed to what will be the 1.9 tree |
|
Great, thank you for confirming |
|
FTR in the I've used this in https://github.com/vorburger/cloudshell. |
It is fixed in |
|
I am new to linux. sorry to tell, but how can this be possible in a new installed linux, up-to-date |
Newer versions of sudo output this message to stdout when run in a container: sudo: setrlimit(RLIMIT_CORE): Operation not permitted See sudo-project/sudo#42 for details. A simple workaround is to prevent sudo from disabling core dumps. This seems safe enough because if sudo is segfaulting then core files are the least of our worries.
Newer versions of sudo output this message to stderr when run in a container: sudo: setrlimit(RLIMIT_CORE): Operation not permitted See sudo-project/sudo#42 for details. A simple workaround is to prevent sudo from disabling core dumps. This seems safe enough because if sudo is segfaulting then core files are the least of our worries.
This avoids an issue with sudo: sudo-project/sudo#42
This upgrade requires more packages to be upgraded: ffmpeg 4.2.2 chrome 83.0.4103.116 firefox 77.0.1 pip 20.1.1 -> To skip pip warning supervisor 4.2.0 -> To fix failing "ImportError: cannot import name escape' from 'cgi'" change from apt to apt-get -> To remove warning "unstable cli interface" pending next stable release: TODO: upgrade sudo to 1.8.31p1 or 1.9 to fix sudo: setrlimit(RLIMIT_CORE): Operation not permitted sudo-project/sudo#42
|
I have just installed The only thing that work was was this user said above:
Creating a new |
* Avoid issue with sudo package see: sudo-project/sudo#42 Signed-off-by: LanderU <lander.usategui@gmail.com>
* Avoid issue with sudo package see: sudo-project/sudo#42 Signed-off-by: LanderU <lander.usategui@gmail.com>
trying to fix: sudo: setrlimit(RLIMIT_CORE): Operation not permitted --> sudo-project/sudo#42
Raising a hard limit without CAP_SYS_RESOURCE causes EPERM. This is not a bug in the containers in my opinion. The proper solution would probably be that sudo only sets the soft limit to 0 and leaves the hard limit untouched. This would also solve the even more annoying than the warning problem, where sudo in a rootless container permanently messes up the coredump hard limit for processes it launches without giving any indication it did so. |
This helps us reduce time to update dependencies on every CI build since the previous containers used to take about 1 minute. `sudo` had a bug due to which we were not able to create directories. See sudo-project/sudo#42. We used this directories to restore caches. Upgrading the focus dependencies via this commit naturally fixes that bug. Fixes zulip#17854
This helps us reduce time to update dependencies on every CI build since the previous containers used to take about 1 minute. `sudo` had a bug due to which we were not able to create directories. See sudo-project/sudo#42. We used these directories to restore caches. Upgrading the focus dependencies via this commit naturally fixes that bug. Fixes zulip#17854
This helps us reduce time to update dependencies on every CI build since the previous containers used to take about 1 minute. `sudo` had a bug due to which we were not able to create directories. See sudo-project/sudo#42. We used these directories to restore caches. Upgrading the focal dependencies via this commit naturally fixes that bug. Fixes zulip#17854
This helps us reduce time to update dependencies on every CI build since the previous containers used to take about 1 minute. `sudo` had a bug due to which we were not able to create directories. See sudo-project/sudo#42. We used these directories to restore caches. Upgrading the focal dependencies via this commit naturally fixes that bug. Fixes #17854
|
can we make these changes echo "Set disable_coredump false" >> /etc/sudo.conf without rebooting. just to avoid/disturb other people using the same machine? |
|
Yes, there is no need to reboot. The sudo.conf file is read every time sudo is run. |
|
I tried it and it worked. But it worked only once. After that if im trying to change nofile limit using c programm which uses settlimit look like doest work. Setting disable_core false means no core genration? Like core file generation on segmentatiom fault? |
|
@millert thank you for your help. Is it correct way to set nofile limit while running process ?? If yes it wont allow without set disble coredump to false. |
|
I'm on sudo v 1.9.9 and this still appears to be a problem? I keep being directed to this github thread as the solution to being unable to mount an NFS volume in portainer on a linux container 🤔 |
This should avoid problems on Linux in cases where sudo does not have CAP_SYS_RESOURCE which may be the case in an unprivileged container. GitHub issue #42
Apparently since version 1.8.29, sudo started outputting this warning in Linux rootless containers:
which is quite annoying. This is with sudo-1.9.0b1.
(There are quite a lot of reports of this.)
Can something be done to alleviate it?
The text was updated successfully, but these errors were encountered: