Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-47458

crun >= 1.18 breaks critical openshift virt feature

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • None
    • 4.18.0
    • Node / CRI-O
    • None
    • Approved
    • False
    • Hide

      None

      Show
      None
    • Release Note Not Required
    • In Progress

      This is a clone of issue OCPBUGS-46531. The following is the description of the original issue:

      Description of problem:

      openshift virt allows hotplugging block volumes into it's pods, which relies on the fact that changing the cgroup corresponding to the pid of the container suffices.
      
      crun is test driving some changes it integrated recently;
      it's configuring two cgroups, `*.scope` and sub cgroup called `container`
      while before, the parent existed as sort of a no op
      (wasn't configured, so, all devices were allowed, for example)
      This results in the volume hotplug breaking since applying the device filter to the sub cgroup is not enough anymore

      Version-Release number of selected component (if applicable):

      4.18.0 RC2

      How reproducible:

      100%    

      Steps to Reproduce:

          1. Block volume hotplug to VM
          2.
          3.
          

      Actual results:

          Failure

      Expected results:

          Success

      Additional info:

      https://kubevirt.io/user-guide/storage/hotplug_volumes/

            [OCPBUGS-47458] crun >= 1.18 breaks critical openshift virt feature

            Errata Tool added a comment -

            Since the problem described in this issue should be resolved in a recent advisory, it has been closed.

            For information on the advisory (Important: OpenShift Container Platform 4.18.1 bug fix and security update), and where to find the updated files, follow the link below.

            If the solution does not work for you, open a new bug report.
            https://access.redhat.com/errata/RHSA-2024:6122

            Errata Tool added a comment - Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (Important: OpenShift Container Platform 4.18.1 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2024:6122

            Aditi Sahay added a comment -

            Thank you Peter. As per pehunt@redhat.com comment and also I have verified it on latest 4.18 build. Issue has been fixed. So marking it as Verified.

            Aditi Sahay added a comment - Thank you Peter. As per pehunt@redhat.com comment and also I have verified it on latest 4.18 build. Issue has been fixed. So marking it as Verified.

            Hello pehunt@redhat.com . Regarding the above Bug . Do I need to check it on 4.18 RC2 ? Because on 4.18 RC2 , container file exists under .scope but in the latest 4.18 build the issue has been resolved. Means 4.18 RC2 does not contain the fix the latest 4.18 rc i.e 5 or 4 contains the fix.

            Aditi Sahay added a comment - Hello pehunt@redhat.com . Regarding the above Bug . Do I need to check it on 4.18 RC2 ? Because on 4.18 RC2 , container file exists under .scope but in the latest 4.18 build the issue has been resolved. Means 4.18 RC2 does not contain the fix the latest 4.18 rc i.e 5 or 4 contains the fix.

            Backport PR is on hold, because the main PR was reverted: https://github.com/openshift/machine-config-operator/pull/4770

            Jenia Peimer added a comment - Backport PR is on hold, because the main PR was reverted: https://github.com/openshift/machine-config-operator/pull/4770

              pehunt@redhat.com Peter Hunt
              openshift-crt-jira-prow OpenShift Prow Bot
              Aditi Sahay Aditi Sahay
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: