@ijc recently found that runc couldn't mount volumes inside snapshot view, if the destination path does not exist in the image. That's why we always create new snapshot for application container now containerd/cri#221.

However, one thing I don't understand is that we are always using snapshot view for our sandbox container, which is using a pause image (built from scratch, only contains a pause binary). And it actually works will until we upgrade containerd to v1.0.0-beta.0.

process_linux.go:348: container init caused \"rootfs_linux.go:57: mounting \\\"proc\\\" to rootfs \\\"/run/containerd/io.containerd.runtime.v1.linux/k8s.io/b2bdb4818eb4717f457f31f2082f3480bbfb2a5567c27c0c0236f8429fb8c312/rootfs\\\" at \\\"/proc\\\" caused \\\"mkdir /run/containerd/io.containerd.runtime.v1.linux/k8s.io/b2bdb4818eb4717f457f31f2082f3480bbfb2a5567c27c0c0236f8429fb8c312/rootfs/proc: read-only file system\\\"\"": unknown

• https://travis-ci.org/kubernetes-incubator/cri-containerd/jobs/273504171
• https://travis-ci.org/kubernetes-incubator/cri-containerd/jobs/273504679

I could change sandbox to create new snapshot, or remove the default mounts for sandbox container. However, I'd really like to understand why this happens since v1.0.0-beta.0? Is this a regression? What change causes this?