Skip to content

[kernel 5.11 + overlay2 + rootless] : apt-get fails with Invalid cross-device link #42055

Closed
#42068
Closed
[kernel 5.11 + overlay2 + rootless] : apt-get fails with Invalid cross-device link#42055
#42068
Labels
area/rootlessRootless Modearea/storage/overlaykind/enhancementEnhancements are not bugs or new features but can improve usability or performance.
@AkihiroSuda

Description

@AkihiroSuda
AkihiroSuda
opened on Feb 22, 2021

Workaround: use fuse-overlayfs

Workaround until #42068 gets shipped as 20.10.6 (#42168)

curl -o $HOME/bin/fuse-overlayfs -fsSL https://github.com/containers/fuse-overlayfs/releases/download/v1.4.0/fuse-overlayfs-$(uname -m)

chmod +x $HOME/bin/fuse-overlayfs

echo '{"storage-driver": "fuse-overlayfs"}' > ~/.config/docker/daemon.json

systemctl --user restart docker

Description

Kernel 5.11 added official support for rootless: torvalds/linux@459c7c5

But it does not work with rootless Docker yet.

Steps to reproduce the issue:

$ dockerd-rootless-setuptool.sh install
$ export DOCKER_HOST=unix://${XDG_RUNTIME_DIR}/docker.sock
$ docker run --rm ubuntu sh -ec "apt-get update && apt-get install -y sl"
Get:1 http://archive.ubuntu.com/ubuntu focal InRelease [265 kB]
Get:2 http://security.ubuntu.com/ubuntu focal-security InRelease [109 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:4 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [670 kB]
Get:5 http://archive.ubuntu.com/ubuntu focal-backports InRelease [101 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [11.3 MB]
Get:7 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [621 kB]
Get:8 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [165 kB]
Get:9 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [13.3 kB]
Get:10 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages [1275 kB]
Get:11 http://archive.ubuntu.com/ubuntu focal/restricted amd64 Packages [33.4 kB]
Get:12 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [177 kB]
Get:13 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [198 kB]
Get:14 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [932 kB]
Get:15 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [1029 kB]
Get:16 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages [21.1 kB]
Get:17 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [4301 B]
Fetched 17.1 MB in 6s (3046 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  sl
0 upgraded, 1 newly installed, 0 to remove and 6 not upgraded.
Need to get 12.7 kB of archives.
After this operation, 60.4 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal/universe amd64 sl amd64 5.02-1 [12.7 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 12.7 kB in 1s (14.9 kB/s)
Selecting previously unselected package sl.
(Reading database ... 4121 files and directories currently installed.)
Preparing to unpack .../archives/sl_5.02-1_amd64.deb ...
Unpacking sl (5.02-1) ...
dpkg: error processing archive /var/cache/apt/archives/sl_5.02-1_amd64.deb (--unpack):
 unable to install new version of './usr/share/doc/sl': Invalid cross-device link
Errors were encountered while processing:
 /var/cache/apt/archives/sl_5.02-1_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Describe the results you received:
apt-get failed:

...
dpkg: error processing archive /var/cache/apt/archives/sl_5.02-1_amd64.deb (--unpack):
 unable to install new version of './usr/share/doc/sl': Invalid cross-device link
...

Describe the results you expected:

It should succeed.

Additional information you deem important (e.g. issue happens only occasionally):

The issue is only reproducible on mainline kernel 5.11: https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.11/amd64/

The issue does not happen on Canonical's kernel 5.8 (5.8.0-43-generic #49-Ubuntu), which supports rootless overlayfs by patching the kernel: https://kernel.ubuntu.com/git/ubuntu/ubuntu-groovy.git/commit/fs/overlayfs?h=Ubuntu-5.8.0-43.49&id=32e59dd0ef5746a61198c1a18d2ab57c83d28599

Rootful mode is unaffected.

Output of docker version:

Client:
 Version:           20.10.0-dev
 API version:       1.41
 Go version:        go1.13.15
 Git commit:        70a00157f
 Built:             Mon Feb 22 05:46:24 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          dev
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       bc6f4cc703
  Built:            Mon Feb 22 05:45:16 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.5.0-beta.1-24-g096e99fe7
  GitCommit:        096e99fe7e3febdc96df26f743d45d18b8087b6d
 runc:
  Version:          1.0.0-rc93+dev
  GitCommit:        f245a1d1edbf545549e5a16106cf1aec356a3c7d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Output of docker info:

Client:
 Context:    default
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 2
 Server Version: dev
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 096e99fe7e3febdc96df26f743d45d18b8087b6d
 runc version: f245a1d1edbf545549e5a16106cf1aec356a3c7d
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
  rootless
  cgroupns
 Kernel Version: 5.11.0-051100-generic
 Operating System: Ubuntu 20.10
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 15.6GiB
 Name: suda-ws01
 ID: CWVR:KJQU:3CNT:IJF7:FMME:22Y7:GKFW:AFKJ:IVLQ:JOVW:3KZY:S25M
 Docker Root Dir: /home/suda/.local/share/docker
 Debug Mode: false
 Username: akihirosuda
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No kernel memory limit support
WARNING: No oom kill disable support

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/rootlessRootless Modearea/storage/overlaykind/enhancementEnhancements are not bugs or new features but can improve usability or performance.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions