gvisor: Catch log: "Container Sandbox: Unsupported syscall setsockopt" from Google Cloud Run
I don’t know if this is the correct site to publish this kind of issues as it is related to gVisor but on top of GKE.
Description
I try to use nginx-unit image ( https://hub.docker.com/r/nginx/unit ) on Google Cloud Run.
But, when running container, failed to call kill command.
In container process
This image run entrypoint.sh and has has four steps in shell.
- Run background process.
- Inject configuration into process.
- Stop backgroud process by
killcomand. - Run foreground process.
Currently, when running application container based vendor official image, kill command is not accepted, service is not availaved.
Cloud Run has output this log in running container:
Container Sandbox: Unsupported syscall setsockopt(0xb,0x6,0x9,0x3ee1608589cc,0x4,0x29910fc86500). It is very likely that you can safely ignore this message and that this is not the cause of any error you might be troubleshooting. Please, refer to https://gvisor.dev/c/linux/amd64/setsockopt for more information.
Reproduce steps
Build image from repository and run service from image. https://gitlab.com/attakei-sandbox/gvisor-issue-setsockopt
I saw logs from service in Iowa region (GCP). Please see exported csv-log from GCP.
Information from other environments
Local docker engine
Run normally.
$ docker version Client:
Version: 19.03.5-ce
API version: 1.40
Go version: go1.13.4
Git commit: 633a0ea838
Built: Fri Nov 15 03:19:09 2019
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 19.03.5-ce
API version: 1.40 (minimum version 1.12)
Go version: go1.13.4
Git commit: 633a0ea838
Built: Fri Nov 15 03:17:51 2019
OS/Arch: linux/amd64
Experimental: true
containerd:
Version: v1.3.2.m
GitCommit: d50db0a42053864a270f648048f9a8b4f24eced3.m
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
Local docker engine with runsc
Run normally.
$ runsc --version runsc version release-20200127.0-51-g02997af5abd6
spec: 1.0.1-dev
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 6
- Comments: 29 (6 by maintainers)
The lastest official Node version v12.17.0 triggers setsockopt warnings on Cloud Run, e.g.
Would it be possible to suppress these warning as cloud logging gets spammed?
@johnf1004 The documentation has details on how to run it via the command line:
gcloud beta run deploy --image IMAGE_URL --execution-environment gen2@johnf1004 use the gen2 execution environment: https://cloud.google.com/run/docs/about-execution-environments
Did anyone ever figure out how to suppress these warning messages?
I don’t know if I should create a new issue:
The documentation page does not exist. I suspect to be caused by the use of playwright.dev (python API) or maybe beautifulsoup
dependencies
getting the same message in the logs. Java Spring Application…
{ "textPayload": "Container Sandbox: Unsupported syscall setsockopt(0xc9,0x29,0x12,0x3dfefc9fd864,0x4,0x3). It is very likely that you can safely ignore this message and that this is not the cause of any error you might be troubleshooting. Please, refer to https://gvisor.dev/c/linux/amd64/setsockopt for more information.", "insertId": "5fbbb75400091587f1e993e7", "resource": { "type": "cloud_run_revision", "labels": { "revision_name": "helloworld-24fjz", "project_id": "xxx", "configuration_name": "helloworld", "location": "europe-west1", "service_name": "helloworld" } }, "timestamp": "2020-11-23T13:21:24.595316477Z", "severity": "DEBUG", "labels": { "instanceId": "xxx" }, "logName": "xxx", "receiveTimestamp": "2020-11-23T13:21:24.783347593Z" }We get “warnings” logged for Cloud Run containers running a JVM app with ktor / netty and google libraries for accessing BQ and GCS.
Is there an issue tracking:
Container Sandbox: Unsupported syscall setsockopt(0x13,0x0,0xb,0x3ed13c7f9974,0x4,0x2c1)?@RtypeStudios Can you post the full log line? You cut off the important part.
@AndreiIgna Your logs are about a different socket option (SOL_IP, IP_MTU_DISCOVER). That is tracked in #1643.
@ytnobody Your logs are about a different syscall entirely (membarrier). Please see the compatibility note in the log line that you posted. membarrier is being tracked in #267.
@nlacasse Has 4b9652d rolled out to Cloud Run yet?
Also getting similar message on Google Cloud Run for a container running a Java program wrapped in Quarkus framework. Happy to provide additional info if I know which one is of interest for this case. Just let me know
Some messages: