[release/2.1] cri: Fix image volumes with user namespaces#12894
Merged
AkihiroSuda merged 1 commit intocontainerd:release/2.1from Mar 9, 2026
Merged
Conversation
rata
changed the title
rata
force-pushed
the
rata/release-2.1-fix-image-volume-userns
branch
2 times, most recently
from
38d3232 to
8b82be7
Compare
rata
force-pushed
the
rata/release-2.1-fix-image-volume-userns
branch
from
6396799 to
8b82be7
Compare
rata
force-pushed
the
rata/release-2.1-fix-image-volume-userns
branch
from
8b82be7 to
99f37e3
Compare
Member
|
Doesn't seem like your PR would have caused these failures; do we have another PR in this branch that is succeeding without the changes to the [edit] answered my own question; yes, all other PRs in release/2.1 are failing on this test as well :-} |
Contributor
Author
Member
Member
|
@rata you can re-base and remove the CI patches and we should get clean CI now! |
rata
force-pushed
the
rata/release-2.1-fix-image-volume-userns
branch
from
3892efb to
350845f
Compare
This backport had conflicts in `internal/cri/server/container_image_mount.go`. The code that calls `c.getImageVolumeSnapshotOpts() and `s.Prepare()` was moved inside an if in release 2.2 and main, so the conflict resolution was quite simple (just move it out of the if). Also, in 2.1 WithIDMapImageVolumeMount() in main_test.go doesn't take an argument for sub_path (this was added in 2.2). But this test was not using a subpath (just ""), so I just removed that param. Signed-off-by: qiuxue <[email protected]> (cherry picked from commit db9546b) Signed-off-by: Rodrigo Campos <[email protected]>
rata
force-pushed
the
rata/release-2.1-fix-image-volume-userns
branch
from
350845f to
8d53519
Compare
Contributor
Author
|
The failure in almalinux seems an external issue to containerd: I did amend (without changes) and pushed to kick again the CI, but I can't get rid of this failure. I'll try again later |
Contributor
Author
|
@estesp done, but registry.k8s.io is causing some intermitent failures on CI now :( |
estesp
approved these changes
Feb 17, 2026
AkihiroSuda
approved these changes
Mar 9, 2026
github-project-automation
Bot
moved this from Needs Triage
to Review In Progress
in Pull Request Review
github-project-automation
Bot
moved this from Review In Progress
to Done
in Pull Request Review
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a backport of #12816 for release 2.1.
Release 2.1 also has this bug, when using a pod with an image volume source and userns:
With the backport, it works fine.
cc @estesp @AutuSnow
This backport had conflicts in
internal/cri/server/container_image_mount.go. The code that callsc.getImageVolumeSnapshotOpts() ands.Prepare()` was moved inside an if in release 2.2 and main, so the conflict resolution was quite simple (just move it out of the if).Also, in 2.1 WithIDMapImageVolumeMount() in main_test.go doesn't take an argument for sub_path (this was added in 2.2). But this test was not using a subpath (just ""), so I just removed that param.
(cherry picked from commit db9546b)