NOTE : This issue is same as moby/moby#42055 but not a "dupe" of the Moby issue, because Moby (still) does not use containerd's overlayfs snapshotter
Description
Kernel 5.11 added official support for rootless: torvalds/linux@459c7c5
But it does not work with rootless containerd yet.
Steps to reproduce the issue:
The issue is easy reproducible with containerd-rootless-setuptool.sh included in nerdctl .
The issue is not specific to nerdctl of course.
$ containerd-rootless-setuptool.sh install
$ nerdctl --snapshotter=overlayfs run --rm ubuntu sh -ec "apt-get update && apt-get install -y sl"
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [109 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal InRelease [265 kB]
Get:3 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [165 kB]
Get:4 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:5 http://archive.ubuntu.com/ubuntu focal-backports InRelease [101 kB]
Get:6 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [670 kB]
Get:7 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [177 kB]
Get:8 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages [1275 kB]
Get:9 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [13.3 kB]
Get:10 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [621 kB]
Get:11 http://archive.ubuntu.com/ubuntu focal/restricted amd64 Packages [33.4 kB]
Get:12 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [11.3 MB]
Get:13 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [932 kB]
Get:14 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [1029 kB]
Get:15 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [198 kB]
Get:16 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [21.1 kB]
Get:17 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [4301 B]
Fetched 17.1 MB in 7s (2545 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
sl
0 upgraded, 1 newly installed, 0 to remove and 6 not upgraded.
Need to get 12.7 kB of archives.
After this operation, 60.4 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal/universe amd64 sl amd64 5.02-1 [12.7 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 12.7 kB in 1s (11.7 kB/s)
Selecting previously unselected package sl.
(Reading database ... 4121 files and directories currently installed.)
Preparing to unpack .../archives/sl_5.02-1_amd64.deb ...
Unpacking sl (5.02-1) ...
dpkg: error processing archive /var/cache/apt/archives/sl_5.02-1_amd64.deb (--unpack):
unable to install new version of './usr/share/doc/sl': Invalid cross-device link
Errors were encountered while processing:
/var/cache/apt/archives/sl_5.02-1_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
Describe the results you received:
apt should work
Describe the results you expected:
...
dpkg: error processing archive /var/cache/apt/archives/sl_5.02-1_amd64.deb (--unpack):
unable to install new version of './usr/share/doc/sl': Invalid cross-device link
...
Output of containerd --version:
containerd github.com/containerd/containerd v1.5.0-beta.1-24-g096e99fe7 096e99fe7e3febdc96df26f743d45d18b8087b6d
Any other relevant information:
The issue is only reproducible on mainline kernel 5.11: https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.11/amd64/
The issue does not happen on Canonical's kernel 5.8 (5.8.0-43-generic #49-Ubuntu), which supports rootless overlayfs by patching the kernel: https://kernel.ubuntu.com/git/ubuntu/ubuntu-groovy.git/commit/fs/overlayfs?h=Ubuntu-5.8.0-43.49&id=32e59dd0ef5746a61198c1a18d2ab57c83d28599
Rootful mode is unaffected.
NOTE : This issue is same as moby/moby#42055 but not a "dupe" of the Moby issue, because Moby (still) does not use containerd's overlayfs snapshotter
Description
Kernel 5.11 added official support for rootless: torvalds/linux@459c7c5
But it does not work with rootless containerd yet.
Steps to reproduce the issue:
The issue is easy reproducible with
containerd-rootless-setuptool.shincluded in nerdctl .The issue is not specific to nerdctl of course.
Describe the results you received:
apt should work
Describe the results you expected:
Output of
containerd --version:Any other relevant information:
The issue is only reproducible on mainline kernel 5.11: https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.11/amd64/
The issue does not happen on Canonical's kernel 5.8 (
5.8.0-43-generic #49-Ubuntu), which supports rootless overlayfs by patching the kernel: https://kernel.ubuntu.com/git/ubuntu/ubuntu-groovy.git/commit/fs/overlayfs?h=Ubuntu-5.8.0-43.49&id=32e59dd0ef5746a61198c1a18d2ab57c83d28599Rootful mode is unaffected.