Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

/var/lib/vc/sbs/${sid} dir residual #2921

Closed
keloyang opened this issue Sep 1, 2020 · 0 comments · Fixed by #2922
Closed

/var/lib/vc/sbs/${sid} dir residual #2921

keloyang opened this issue Sep 1, 2020 · 0 comments · Fixed by #2922
Labels
bug Incorrect behaviour needs-review Needs to be assessed by the team.

Comments

@keloyang
Copy link
Contributor

keloyang commented Sep 1, 2020
edited
Loading

we can reporduce like the following.

  1. kubectl create -f untrusted.yaml create a untrusted pod which is bound to the node of centos1 in k8s
  2. sleep 10 sleep 10 seconds
  3. delete the pod
  4. ssh centos1 ls login into centos with ssh ,and list the dir for /var/lib/vc/sbs/

execute the commands above everytime, the directory of /var/lib/vc/sbs/ will have a new directory which's name is the ${sandbox-id}, e.g. d3e0482b22b9e25cd3268608b12ab8c1eb666960c4fa9a6a72a3e4d0b1606551

[root@centos0 manifest]# kubectl create -f untrusted.yaml; sleep 10; kubectl delete -f untrusted.yaml;ssh centos1 ls /var/lib/vc/sbs/ 
pod/untrusted created
pod "untrusted" deleted
d3e0482b22b9e25cd3268608b12ab8c1eb666960c4fa9a6a72a3e4d0b1606551
[root@centos0 manifest]# kubectl create -f untrusted.yaml; sleep 10; kubectl delete -f untrusted.yaml;ssh centos1 ls /var/lib/vc/sbs/
pod/untrusted created
pod "untrusted" deleted
d3e0482b22b9e25cd3268608b12ab8c1eb666960c4fa9a6a72a3e4d0b1606551
eda6fa3179b2320655b89a5b538362a491e4ec0c0fa75b2eb7f930b1d9bf2b49
[root@centos0 manifest]# kubectl create -f untrusted.yaml; sleep 10; kubectl delete -f untrusted.yaml;ssh centos1 ls /var/lib/vc/sbs/
pod/untrusted created
pod "untrusted" deleted
27c1334f7e5a32fb115173dd9d2c9bad7d8826f63bdc0a97aa0798b8b123da3c
d3e0482b22b9e25cd3268608b12ab8c1eb666960c4fa9a6a72a3e4d0b1606551
eda6fa3179b2320655b89a5b538362a491e4ec0c0fa75b2eb7f930b1d9bf2b49

[root@centos0 manifest]# cat untrusted.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: untrusted
  namespace: default
  annotations:
    io.kubernetes.cri.untrusted-workload: "true"
  labels:
    env: test
spec:
  containers:
  - name: untrusted
    image: busybox
    command:
    - "sleep"
    - "100000"
    imagePullPolicy: IfNotPresent
  nodeName: centos1

It can be reprodued by docker also,

[root@centos1 ~]# ls  /var/lib/vc/sbs/                                               
[root@centos1 ~]# docker run --rm -ti --runtime untrusted-runtime 018c9d7b792b echo; ls  /var/lib/vc/sbs/

15760f7e07c98e4f4ed9d7aba4076de14475dd71a61be9919b24037c810b37aa
[root@centos1 ~]# docker run --rm -ti --runtime untrusted-runtime 018c9d7b792b echo; ls  /var/lib/vc/sbs/

15760f7e07c98e4f4ed9d7aba4076de14475dd71a61be9919b24037c810b37aa  cd86011f6c0b779a2e3f40b49fa06463757ac1413ba70007e14462b7d0782e24
[root@centos1 ~]# docker run --rm -ti --runtime untrusted-runtime 018c9d7b792b echo; ls  /var/lib/vc/sbs/

15760f7e07c98e4f4ed9d7aba4076de14475dd71a61be9919b24037c810b37aa  93fb2abfbe151c8f12e3b2b7f24321479b2425af80acb93f2f4c2263fb679621  cd86011f6c0b779a2e3f40b49fa06463757ac1413ba70007e14462b7d0782e24
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Incorrect behaviour needs-review Needs to be assessed by the team.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

runtime: Fix /var/lib/vc/sbs/${sid} dir residual keloyang/runtime
1 participant
@keloyang