Skip to content
This repository was archived by the owner on May 12, 2021. It is now read-only.
This repository was archived by the owner on May 12, 2021. It is now read-only.

/var/lib/vc/sbs/${sid} dir residual #2921

Closed
#2922
Closed
/var/lib/vc/sbs/${sid} dir residual#2921
#2922
Labels
bugIncorrect behaviourneeds-reviewNeeds to be assessed by the team.
@keloyang

Description

@keloyang
keloyang
opened on Sep 1, 2020

we can reporduce like the following.

  1. kubectl create -f untrusted.yaml create a untrusted pod which is bound to the node of centos1 in k8s
  2. sleep 10 sleep 10 seconds
  3. delete the pod
  4. ssh centos1 ls login into centos with ssh ,and list the dir for /var/lib/vc/sbs/

execute the commands above everytime, the directory of /var/lib/vc/sbs/ will have a new directory which's name is the ${sandbox-id}, e.g. d3e0482b22b9e25cd3268608b12ab8c1eb666960c4fa9a6a72a3e4d0b1606551

[root@centos0 manifest]# kubectl create -f untrusted.yaml; sleep 10; kubectl delete -f untrusted.yaml;ssh centos1 ls /var/lib/vc/sbs/ 
pod/untrusted created
pod "untrusted" deleted
d3e0482b22b9e25cd3268608b12ab8c1eb666960c4fa9a6a72a3e4d0b1606551
[root@centos0 manifest]# kubectl create -f untrusted.yaml; sleep 10; kubectl delete -f untrusted.yaml;ssh centos1 ls /var/lib/vc/sbs/
pod/untrusted created
pod "untrusted" deleted
d3e0482b22b9e25cd3268608b12ab8c1eb666960c4fa9a6a72a3e4d0b1606551
eda6fa3179b2320655b89a5b538362a491e4ec0c0fa75b2eb7f930b1d9bf2b49
[root@centos0 manifest]# kubectl create -f untrusted.yaml; sleep 10; kubectl delete -f untrusted.yaml;ssh centos1 ls /var/lib/vc/sbs/
pod/untrusted created
pod "untrusted" deleted
27c1334f7e5a32fb115173dd9d2c9bad7d8826f63bdc0a97aa0798b8b123da3c
d3e0482b22b9e25cd3268608b12ab8c1eb666960c4fa9a6a72a3e4d0b1606551
eda6fa3179b2320655b89a5b538362a491e4ec0c0fa75b2eb7f930b1d9bf2b49

[root@centos0 manifest]# cat untrusted.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: untrusted
  namespace: default
  annotations:
    io.kubernetes.cri.untrusted-workload: "true"
  labels:
    env: test
spec:
  containers:
  - name: untrusted
    image: busybox
    command:
    - "sleep"
    - "100000"
    imagePullPolicy: IfNotPresent
  nodeName: centos1

It can be reprodued by docker also,

[root@centos1 ~]# ls  /var/lib/vc/sbs/                                               
[root@centos1 ~]# docker run --rm -ti --runtime untrusted-runtime 018c9d7b792b echo; ls  /var/lib/vc/sbs/

15760f7e07c98e4f4ed9d7aba4076de14475dd71a61be9919b24037c810b37aa
[root@centos1 ~]# docker run --rm -ti --runtime untrusted-runtime 018c9d7b792b echo; ls  /var/lib/vc/sbs/

15760f7e07c98e4f4ed9d7aba4076de14475dd71a61be9919b24037c810b37aa  cd86011f6c0b779a2e3f40b49fa06463757ac1413ba70007e14462b7d0782e24
[root@centos1 ~]# docker run --rm -ti --runtime untrusted-runtime 018c9d7b792b echo; ls  /var/lib/vc/sbs/

15760f7e07c98e4f4ed9d7aba4076de14475dd71a61be9919b24037c810b37aa  93fb2abfbe151c8f12e3b2b7f24321479b2425af80acb93f2f4c2263fb679621  cd86011f6c0b779a2e3f40b49fa06463757ac1413ba70007e14462b7d0782e24

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugIncorrect behaviourneeds-reviewNeeds to be assessed by the team.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions