2020-12-26 17:14

crun on CentOS 8: Error: cannot set limits without cgroups: OCI runtime error

Error: cannot set limits without cgroups: OCI runtime error

So I tried using crun on CentOS 8 on a frankensystem with RPMs from Fedora 30 to get newer podman/conmon and crun

  1. Host is CentOS 8; cgroups V1
  2. podman is stock 1.0.5 and tried master branch
  3. conmon is 2.0.2-1 (rebuilt from src.rpm)
  4. crun is the Fedora 30 binary

Version: 1.6.3-dev RemoteAPI Version: 1 Go Version: go1.13.4 Git Commit: 8e5aad97dda150f8e871c1b394824496f4b849ea Built: Mon Nov 4 23:51:26 2019 OS/Arch: linux/amd64

I am getting

podman  run --rm -it --name tmp_101 centos:8                                                                      
container create failed: cannot set limits without cgroups

The cgroup_manager is "systemd".

# rpm -q conmon podman crun
podman from master branch containers/libpod


  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • weixin_39736913 weixin_39736913 4月前

    Are you running as root, or rootless?

    点赞 评论 复制链接分享
  • weixin_39685392 weixin_39685392 4月前

    As root and for reference runc is working.

    点赞 评论 复制链接分享
  • weixin_39685392 weixin_39685392 4月前
    DEBU[0001] running conmon: /usr/libexec/crio/conmon      args="[--api-version 1 -s -c 65484d2fe3d8e92d6525a18b20563d5ad3591c49c0afaa226dfe3be411e09525 -u 65484d2fe3d8e92d6525a18b20563d5ad3591c49c0afaa226dfe3be411e09525 -r /usr/bin/crun -b /var/lib/containers/storage/zfs-containers/65484d2fe3d8e92d6525a18b20563d5ad3591c49c0afaa226dfe3be411e09525/userdata -p /var/run/containers/storage/zfs-containers/65484d2fe3d8e92d6525a18b20563d5ad3591c49c0afaa226dfe3be411e09525/userdata/pidfile -l k8s-file:/var/lib/containers/storage/zfs-containers/65484d2fe3d8e92d6525a18b20563d5ad3591c49c0afaa226dfe3be411e09525/userdata/ctr.log --exit-dir /var/run/libpod/exits --socket-dir-path /var/run/libpod/socket --log-level debug --syslog -t --conmon-pidfile /var/run/containers/storage/zfs-containers/65484d2fe3d8e92d6525a18b20563d5ad3591c49c0afaa226dfe3be411e09525/userdata/conmon.pid --exit-command /opt/podman/podman --exit-command-arg --root --exit-command-arg /var/lib/containers/storage --exit-command-arg --runroot --exit-command-arg /var/run/containers/storage --exit-command-arg --log-level --exit-command-arg debug --exit-command-arg --cgroup-manager --exit-command-arg systemd --exit-command-arg --tmpdir --exit-command-arg /var/run/libpod --exit-command-arg --runtime --exit-command-arg /usr/bin/crun --exit-command-arg --storage-driver --exit-command-arg zfs --exit-command-arg --events-backend --exit-command-arg journald --exit-command-arg container --exit-command-arg cleanup --exit-command-arg --rm --exit-command-arg 65484d2fe3d8e92d6525a18b20563d5ad3591c49c0afaa226dfe3be411e09525]"
    INFO[0001] Running conmon under slice machine.slice and unitName libpod-conmon-65484d2fe3d8e92d6525a18b20563d5ad3591c49c0afaa226dfe3be411e09525.scope 
    DEBU[0001] Received: -1 
    点赞 评论 复制链接分享
  • weixin_39625975 weixin_39625975 4月前

    thanks for the report, crun was not really ever tested on CentOS 8.

    Fortunately the fixes are trivial, and I've opened a PR for it: https://github.com/containers/crun/pull/161

    To facilitate testing it, I've attached a compiled binary for Centos 8: crun.gz

    点赞 评论 复制链接分享
  • weixin_39685392 weixin_39685392 4月前

    Confirmed that it works on CentOS 8.0 now for root containers.

    For rootless containers the too-old slirp4netns won't work. So if this is going into RHEL 8.2(?)/CentOS 8 Stream you might need to update slirp4netns.

    rpm -q slirp4netns
    Error: error checking slirp4netns binary /bin/slirp4netns: "slirp4netns \"/bin/slirp4netns:
    invalid option -- '-'\\nUsage: /bin/slirp4netns [-c] [-e FD] [-r FD] PID TAPNAME\\n\": exit status 1": slirp4netns "/bin/slirp4netns: invalid option -- 
    '-'\nUsage: /bin/slirp4netns [-c] [-e FD] [-r FD] PID TAPNAME\n": exit status 1
    点赞 评论 复制链接分享