When running nested containers, some devices might not be populated inside the host container. This leads to runc not setting proper `DeviceAllow` options for the container scope which leads to inability to use some devices inside the container. (like /dev/null)
In my specific scenario this led to issues running docker containers on top of system running as LXC container:
When running nested containers, some devices might not be populated inside the host container. This leads to runc not setting proper `DeviceAllow` options for the container scope which leads to inability to use some devices inside the container. (like /dev/null)
In my specific scenario this led to issues running docker containers on top of system running as LXC container:
https:/ /github. com/opencontain ers/runc/ discussions/ 3795
Some more details and fix in runc can be seen here:
https:/ /github. com/opencontain ers/runc/ pull/3620
This was fixed in runc 1.1.5 that was released yesterday.
My specific system observing this issue is:
# lsb_release -rd
Description: Ubuntu 22.04.2 LTS
Release: 22.04
Although I believe any system using runc 1.1.4 package is affected. My runc version:
# apt-cache policy runc 22.04.1 22.04.1 22.04.1 500 archive. ubuntu. com/ubuntu jammy-updates/main amd64 Packages dpkg/status archive. ubuntu. com/ubuntu jammy/main amd64 Packages
runc:
Installed: 1.1.4-0ubuntu1~
Candidate: 1.1.4-0ubuntu1~
Version table:
*** 1.1.4-0ubuntu1~
500 http://
100 /var/lib/
1.1.0-0ubuntu1 500
500 http://