The Wayback Machine - https://web.archive.org/web/20200616055752/https://github.com/google/gvisor/issues/2290
Skip to content

/ gvisor

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement /dev/kmsg inside gVisor #2290

Open
Anjali05 opened this issue Mar 31, 2020 · 3 comments
Open

Implement /dev/kmsg inside gVisor #2290

Anjali05 opened this issue Mar 31, 2020 · 3 comments
Labels
area: compatibility area: filesystem good first issue status: help wanted type: enhancement

Comments

@Anjali05
Copy link

@Anjali05 Anjali05 commented Mar 31, 2020

I am trying to run ltp(https://github.com/linux-test-project), while it seems to run fine with runc in the docker privileged mode. I am getting error when I do the same with runsc.

image

Basically, ltp needs access to /dev/kmsg which I enabled in runc by running it with --privileged flag but the same is not working with runsc-kvm. I know runsc have stricter boundaries when it comes to giving access. I was wondering is there any way I can disable this in the build or by any other way?
@prattmic
Copy link
Member

@prattmic prattmic commented Mar 31, 2020

gVisor does not currently provide a /dev/kmsg file, it is something we'd have to implement (though perhaps it is possible to bind mount a fake file at that location? @fvoznika).

Anyways, it looks like you can pass -Q to ltp to disable kmsg logging: https://github.com/linux-test-project/ltp/blob/e566f9ac7816b38bf16ba3570806427385dbf98b/pan/ltp-pan.c#L214
@fvoznika
Copy link
Member

@fvoznika fvoznika commented Mar 31, 2020

Bind mount will not work because /dev/kmesg is a character file. Apart from that, exposing the host's /dev/kmsg to a sandboxed application has security implications and should be avoided. It's better to workaround it with -Q if possible and I'll change this bug to be a feature request to implement it in gVisor. 
@fvoznika fvoznika changed the title Access to /dev/kmsg Implement `/dev/kmsg` inside gVisor Mar 31, 2020
@fvoznika fvoznika changed the title Implement `/dev/kmsg` inside gVisor Implement /dev/kmsg inside gVisor Mar 31, 2020
@fvoznika
Copy link
Member

@fvoznika fvoznika commented Mar 31, 2020

Ah yes, you could mount a fake file in /dev/kmsg and see if it helps:

touch /tmp/fake-kmsg
docker run --rm --runtime=runsc -v /tmp/fake-kmsg:/dev/kmsg ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: compatibility area: filesystem good first issue status: help wanted type: enhancement
3 participants
@prattmic @fvoznika @Anjali05
You can’t perform that action at this time.