sysbox: mount through procfd: no such file or directory: unknown

All of a sudden a few days ago I started receiving this error:

OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: rootfs_linux.go:76: mounting \"proc\" to rootfs at \"/proc\" caused: mount through procfd: no such file or directory: unknown

The important part I believe being “mount through procfd”.

I did some digging and it seems like it’s something introduced to runc recently: https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f

In fact, that’s the most recent commit to runc as of right now. It’s related to a high severity CVE: https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r

Which was just released a few days ago, right before I started experiencing the issue: https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95

Though, I’m not sure how I got the update so quickly. In any case, I don’t have much more information on this right now, but I thought I’d get a discussion started. I’ll be working to try to get some reproduction steps. Here’s some information about my current setup. I’m currently on Ubuntu 21.04:

$ uname -a
Linux desktop-linux 5.11.0-17-generic #18-Ubuntu SMP Thu May 6 20:10:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

$ apt-cache show docker.io | grep Version
Version: 20.10.2-0ubuntu2

$ apt-cache show sysbox | grep Version
Version: 0.2.1-0.ubuntu-focal

In case you’re wondering, I was on Ubuntu 20.04 until recently which is why I’m able to have installed sysbox via apt when installing via apt on 21.04 isn’t (yet?) supported.

Let me know if there’s any information I can provide in the mean time.

Other relevant links: https://www.mail-archive.com/debian-release@lists.debian.org/msg137289.html

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 1
Comments: 20 (15 by maintainers)

Commits related to this issue

Temporarily install docker via static binary to fix issue We're going to install docker this way at least until the "mount through procfd" issue is fixed. More information can be found here: https://... — committed to ScottG489/conjob by ScottG489 3 years ago
Use an older version of container.io package in build image This will hopefully fix the issue with running docker inside sysbox-runc containers. See this GitHub issue for more details and background... — committed to ScottG489/conjob by ScottG489 3 years ago
Upgrade to latest sysbox version This should fix the issues with running docker inside sysbox-runc containers. See this GitHub issue for more details and background: https://github.com/nestybox/sysb... — committed to ScottG489/conjob by ScottG489 3 years ago

Most upvoted comments

Hi @ScottG489,

It might be a good idea to keep an eye out for when a docker version with runc version 1.0.0-rc95 or later is released.

Makes sense. Let’s see if we can repro that mount through procfd error at that time.

When using the docker.io package, the runc version is actually reported as runc version spec: 1.0.2-dev, and I have no idea what that is

That’s the version number for the OCI spec (i.e., the spec that governs the interface between the container manager (e.g., containerd or CRI-O) and runc). It’s different from the runc version (which should be 1.0.0-rc* these days).

Thanks again for reporting this.

ctalledo on May 26, 2021

Thanks for looking into this, @ctalledo. Let me know if I can help with anything.

ScottG489 on May 24, 2021