Skip to content

Unable to run x11docker with latest(3.9.0) kata container? #543

New issue
New issue
Open
Open
Unable to run x11docker with latest(3.9.0) kata container?#543
@gssxd

Description

@gssxd
gssxd
opened on Oct 12, 2024

hi,
It seems that latest kata container just not work well with x11docker. Anyone has any suggestion?

$ x11docker --version
7.6.0

$ kata-runtime --version
kata-runtime : 3.9.0
commit : cdaaf708a18da8e5f7e2b9824fa3e43b524893a5
OCI specs: 1.1.0+dev

$ docker run --rm -it --runtime io.containerd.kata.v2 ubuntu:22.04 uname -a
Linux 68f8737ef374 6.1.62 #1 SMP Mon Sep 9 09:44:34 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

$ x11docker --debug --runtime io.containerd.kata.v2 --desktop x11docker/xfce
DEBUGNOTE[15:48:57,055]: Detected cgroup v2
DEBUGNOTE[15:48:57,128]: check_host(): ps can watch root processes: yes
DEBUGNOTE[15:48:57,159]: host user: sinsegye 1000:1000 /home/sinsegye
x11docker WARNING: User sinsegye is member of group docker.
That allows unprivileged processes on host to gain root privileges.

DEBUGNOTE[15:48:57,179]: check_host(): Guess if running on console: no
DEBUGNOTE[15:48:57,375]: storeinfo(): cache=/home/sinsegye/.cache/x11docker/193365954814-xfce
DEBUGNOTE[15:48:57,384]: storeinfo(): stdout=/home/sinsegye/.cache/x11docker/193365954814-xfce/share/stdout
DEBUGNOTE[15:48:57,393]: storeinfo(): stderr=/home/sinsegye/.cache/x11docker/193365954814-xfce/share/stderr
DEBUGNOTE[15:48:57,426]: waitforlogentry(): tailstdout: Waiting for logentry "x11docker=ready" in store.info
DEBUGNOTE[15:48:57,428]: waitforlogentry(): tailstderr: Waiting for logentry "x11docker=ready" in store.info
DEBUGNOTE[15:48:57,450]: storeinfo(): containeruser=sinsegye
DEBUGNOTE[15:48:57,459]: container user: sinsegye 1000:1000 /home/sinsegye
DEBUGNOTE[15:48:57,602]: Default runtime: runc
x11docker note: Option --runtime: x11docker does not know runtime: 'io.containerd.kata.v2'
Will try to use it anyway.
If that fails, you can try options --snap or --no-setup.

DEBUGNOTE[15:48:57,620]: Backend: docker, Backendbin: /usr/bin/docker, Rootless: no
DEBUGNOTE[15:48:57,648]: storepid(): Stored pid '32242' of 'watchpidlist': 32242 pts/0 00:00:00 bash
DEBUGNOTE[15:48:57,663]: storepid(): Stored pid '32252' of 'watchmessagefifo': 32252 pts/0 00:00:00 bash
x11docker note: Option --xc for X in container enabled automatically.

DEBUGNOTE[15:48:57,864]: Dependency check for --xephyr: 0
DEBUGNOTE[15:48:57,872]: Dependencies of --xephyr already checked: 0
DEBUGNOTE[15:48:57,877]: Dependencies of --xephyr already checked: 0
DEBUGNOTE[15:48:57,883]: Dependencies of --xephyr already checked: 0
DEBUGNOTE[15:48:57,888]: Dependencies of --xephyr already checked: 0
DEBUGNOTE[15:48:57,894]: Dependencies of --xephyr already checked: 0
x11docker note: Using X server option --xephyr

DEBUGNOTE[15:48:57,899]: storeinfo(): xserver=--xephyr
x11docker WARNING: Option --xc: Sharing host network stack
with container of x11docker/xserver to support 'ssh -X'.

DEBUGNOTE[15:48:57,967]: X container command (rootless no):
docker run --pull=never
--detach
--name x11docker_X107_xserver_193365954814
--mount type=bind,source=/home/sinsegye/.cache/x11docker/193365954814-xfce/share,target=/home/sinsegye/.cache/x11docker/193365954814-xfce/share
--mount type=bind,source=/home/sinsegye/.cache/x11docker/193365954814-xfce/etcpasswd.xcontainer,target=/etc/passwd,readonly
--mount type=bind,source=/home/sinsegye/.cache/x11docker/193365954814-xfce/etcgroup.xcontainer,target=/etc/group,readonly
--mount type=bind,source=/home/sinsegye/.cache/x11docker/193365954814-xfce/xcontainerrc,target=/xcontainerrc,readonly
--rm
--security-opt label=type:container_runtime_t
--network=host
--ipc=shareable
--runtime io.containerd.kata.v2
--cap-drop ALL
--security-opt=no-new-privileges
--user 1000:1000
--mount type=bind,source=/home/sinsegye/.cache/x11docker/193365954814-xfce/tmp,target=/tmp
--mount type=bind,source=/home/sinsegye/.cache/x11docker/193365954814-xfce/Xauthority.server,target=/home/sinsegye/.cache/x11docker/193365954814-xfce/Xauthority.server
--mount type=bind,source=/home/sinsegye/.cache/x11docker/modelines,target=/home/sinsegye/.cache/x11docker/modelines,readonly
--env DISPLAY=localhost:10.0
--env XAUTHORITY=/home/sinsegye/.cache/x11docker/193365954814-xfce/Xauthority.host.localhost-10-0
--mount type=bind,source=/home/sinsegye/.cache/x11docker/193365954814-xfce/Xauthority.host.localhost-10-0,target=/home/sinsegye/.cache/x11docker/193365954814-xfce/Xauthority.host.localhost-10-0
--env LD_PRELOAD=/lib/x86_64-linux-gnu/libdl.so.2:/home/sinsegye/.cache/x11docker/193365954814-xfce/share/XlibNoSHM.so
--device /dev/vga_arbiter:/dev/vga_arbiter
--group-add 44
--group-add 109
x11docker/xserver bash /xcontainerrc
DEBUGNOTE[15:48:58,034]: storeinfo(): Xcontainerid=5e5aea372cc225df705e03b4e4cd124538fb77c5120836851b54799b602ca274
DEBUGNOTE[15:48:59,257]: storeinfo(): Xcontainerip=x11docker_X107_xserver_193365954814
DEBUGNOTE[15:48:59,314]: watchpidlist(): Setting pid 32488 on watchlist: Xcontainerpid1
DEBUGNOTE[15:48:59,336]: storepid(): Stored pid '32488' of 'Xcontainerpid1': 32488 ? 00:00:00 qemu-system-x86
DEBUGNOTE[15:48:59,349]: waitforlogentry(): start_xcontainer(): Waiting for logentry "X server container is ready" in xinit.log
DEBUGNOTE[15:48:59,360]: watchpidlist(): Watching pids:
32488 ? 00:00:00 qemu-system-x86
DEBUGNOTE[15:48:59,869]: waitforlogentry(): start_xcontainer(): Found log entry "X server container is ready" in xinit.log.
DEBUGNOTE[15:48:59,875]: storeinfo(): DISPLAY=:107
DEBUGNOTE[15:48:59,884]: storeinfo(): XAUTHORITY=/home/sinsegye/.cache/x11docker/193365954814-xfce/share/Xauthority.client
DEBUGNOTE[15:48:59,894]: storeinfo(): XSOCKET=/tmp/.X11-unix/X107
DEBUGNOTE[15:48:59,903]: storeinfo(): XDG_RUNTIME_DIR=/run/user/1000
DEBUGNOTE[15:48:59,916]: storeinfo(): Xenv=DISPLAY=:107 XAUTHORITY=/home/sinsegye/.cache/x11docker/193365954814-xfce/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X107 XDG_RUNTIME_DIR=/run/user/1000
x11docker note: Option --network=none is set to disable network access.
If you need network and internet access, set option -I, --network [=NET].

DEBUGNOTE[15:49:00,264]: X server command:
/usr/bin/Xephyr :107
-retro
+extension RANDR
+extension RENDER
+extension GLX
+extension XVideo
+extension DOUBLE-BUFFER
+extension SECURITY
+extension DAMAGE
+extension X-Resource
-extension XINERAMA -xinerama
+extension MIT-SHM
+extension Composite +extension COMPOSITE
-extension XTEST -tst
-dpms
-s off
-auth /home/sinsegye/.cache/x11docker/193365954814-xfce/Xauthority.server
-nolisten tcp
-resizeable
-noxv
-screen 1824x1104
-iglx \

DEBUGNOTE[15:49:00,270]: storeinfo(): x11dockerpid=31261
DEBUGNOTE[15:49:00,304]: x11docker version: 7.6.0
Backend version: Docker version 27.3.1, build ce12230
Running rootless: no
OCI Runtime: io.containerd.kata.v2
Host system: "Ubuntu 22.04.1 LTS"
Host architecture: amd64 (x86_64)
Command:
'/usr/local/bin/x11docker' '--debug' '--runtime' 'io.containerd.kata.v2' '--desktop' 'x11docker/xfce'
Parsed options:

() --debug --runtime 'io.containerd.kata.v2' --desktop -- 'x11docker/xfce'
x11docker was started by: sinsegye
As host user serves: sinsegye
Container user will be: sinsegye
Container user password: x11docker
Running in a terminal: yes
Running on console: no
Running over SSH: yes
Running sourced: no
bash $-: huBE
DEBUGNOTE[15:49:00,315]: storeinfo(): tini=/home/sinsegye/.cache/x11docker/193365954814-xfce/share/catatonit
DEBUGNOTE[15:49:00,389]: Image architecture: amd64
DEBUGNOTE[15:49:00,469]: Image CMD: /bin/sh"
"-c"
"start
DEBUGNOTE[15:49:00,526]: Image USER:
DEBUGNOTE[15:49:00,532]: storeinfo(): containeruser=sinsegye
DEBUGNOTE[15:49:00,585]: Image ENTRYPOINT:
DEBUGNOTE[15:49:00,631]: Image WORKDIR:
DEBUGNOTE[15:49:00,704]: storeinfo(): containername=x11docker_X107_x11docker-xfce_193365954814
DEBUGNOTE[15:49:00,815]: docker command (rootless no):
/usr/bin/docker run
--pull never
--rm
--detach
--tty
--name x11docker_X107_x11docker-xfce_193365954814
--user 1000:1000
--userns=host
--runtime='io.containerd.kata.v2'
--network none
--cap-drop ALL
--security-opt no-new-privileges
--security-opt label=type:container_runtime_t
--mount type=bind,source='/home/sinsegye/.cache/x11docker/193365954814-xfce/share/catatonit',target='/usr/local/bin/init',readonly
--tmpfs /run:exec
--tmpfs /run/lock
--tmpfs /tmp
--mount type=bind,source='/home/sinsegye/.cache/x11docker/193365954814-xfce/share',target='/x11docker'
--mount type=bind,source='/home/sinsegye/.cache/x11docker/193365954814-xfce/tmp/.X11-unix/X107',target='/tmp/.X11-unix/X107',readonly
--ipc=container:x11docker_X107_xserver_193365954814
--workdir '/tmp'
--entrypoint env
--env 'container=docker'
--env 'XAUTHORITY=/x11docker/Xauthority.client'
--env 'DISPLAY=:107'
--env 'USER=sinsegye'
-- x11docker/xfce /usr/local/bin/init -g -- /bin/sh - /x11docker/containerrc
DEBUGNOTE[15:49:01,078]: waitforlogentry(): start_container(): Waiting for logentry "xinitrc is ready" in xinit.log
DEBUGNOTE[15:49:01,085]: storepid(): Stored pid '33351' of 'containershell': 33351 pts/0 00:00:00 bash
DEBUGNOTE[15:49:09,030]: waitforlogentry(): tailstdout: Waiting since 11s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:09,047]: waitforlogentry(): tailstderr: Waiting since 11s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:10,042]: waitforlogentry(): tailstdout: Waiting since 12s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:10,058]: waitforlogentry(): tailstderr: Waiting since 12s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:11,054]: waitforlogentry(): tailstdout: Waiting since 13s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:11,069]: waitforlogentry(): tailstderr: Waiting since 13s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:12,065]: waitforlogentry(): tailstdout: Waiting since 14s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:12,081]: waitforlogentry(): tailstderr: Waiting since 14s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:13,702]: waitforlogentry(): start_container(): Waiting since 11s for log entry "xinitrc is ready" in xinit.log
DEBUGNOTE[15:49:14,077]: waitforlogentry(): tailstdout: Waiting since 15s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:14,092]: waitforlogentry(): tailstderr: Waiting since 15s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:14,716]: waitforlogentry(): start_container(): Waiting since 12s for log entry "xinitrc is ready" in xinit.log
DEBUGNOTE[15:49:15,730]: waitforlogentry(): start_container(): Waiting since 13s for log entry "xinitrc is ready" in xinit.log
DEBUGNOTE[15:49:16,088]: waitforlogentry(): tailstdout: Waiting since 17s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:16,104]: waitforlogentry(): tailstderr: Waiting since 17s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:16,174]: traperror: Command at Line 11333 returned with error code 1:
env DOCKER_HOST= docker exec x11docker_X107_xserver_193365954814 env WAYLAND_DISPLAY= xinit /home/sinsegye/.cache/x11docker/193365954814-xfce/share/xinitrc -- /usr/bin/Xephyr :107 -retro +extension RANDR +extension RENDER +extension GLX +extension XVideo +extension DOUBLE-BUFFER +extension SECURITY +extension DAMAGE +extension X-Resource -extension XINERAMA -xinerama +extension MIT-SHM +extension Composite +extension COMPOSITE -extension XTEST -tst -dpms -s off -auth /home/sinsegye/.cache/x11docker/193365954814-xfce/Xauthority.server -nolisten tcp -resizeable -noxv -screen 1824x1104 -iglx
8485 - ::unpriv_xcbackend::start_xserver::main::main
DEBUGNOTE[15:49:16,180]: storeinfo(): error=64
DEBUGNOTE[15:49:16,189]: time to say goodbye (traperror)
DEBUGNOTE[15:49:16,197]: traperror: Command at Line 11333 returned with error code 1:
eval "env DOCKER_HOST= $Command"
8485 - ::unpriv_xcbackend::start_xserver::main::main
DEBUGNOTE[15:49:16,203]: storeinfo(): error=64
DEBUGNOTE[15:49:16,217]: time to say goodbye (traperror)
DEBUGNOTE[15:49:16,223]: traperror: Command at Line 8485 returned with error code 1:
return $?
11634 - ::start_xserver::main::main
DEBUGNOTE[15:49:16,229]: storeinfo(): error=64
DEBUGNOTE[15:49:16,243]: time to say goodbye (traperror)
DEBUGNOTE[15:49:16,250]: traperror: Command at Line 11634 returned with error code 1:
return "${Exitcode:-0}"
11637 - ::main::main
DEBUGNOTE[15:49:16,255]: storeinfo(): error=64
DEBUGNOTE[15:49:16,269]: time to say goodbye (traperror)
DEBUGNOTE[15:49:16,276]: time to say goodbye (main)
DEBUGNOTE[15:49:16,282]: Terminating x11docker.
DEBUGNOTE[15:49:16,288]: time to say goodbye (finish)
DEBUGNOTE[15:49:16,313]: finish(): Checking pid 33351 (containershell): 33351 pts/0 00:00:00 bash
DEBUGNOTE[15:49:16,328]: termpid(): Terminating 33351 (containershell): 33351 pts/0 00:00:00 bash
DEBUGNOTE[15:49:16,375]: time to say goodbye (watchpidlist)
DEBUGNOTE[15:49:16,452]: finish(): Checking pid 32488 (Xcontainerpid1): 32488 ? 00:00:01 qemu-system-x86
DEBUGNOTE[15:49:16,467]: termpid(): Terminating 32488 (Xcontainerpid1): 32488 ? 00:00:01 qemu-system-x86
DEBUGNOTE[15:49:16,985]: termpid(): Killing 32488 (Xcontainerpid1): 32488 ? 00:00:01 qemu-system-x86
x11docker note: Failed to terminate 32488 (Xcontainerpid1): root 32488 6.0 1.1 2685176 193656 ? Sl 15:48 0:01 /opt/kata/bin/qemu-system-x86_64 -name sandbox-5e5aea372cc225df705e03b4e4cd124538fb77c5120836851b54799b602ca274 -uuid c605ecf7-6fec-4f3d-8cef-b36d272608af -machine q35,accel=kvm,nvdimm=on -cpu host,pmu=off -qmp unix:fd=3,server=on,wait=off -m 2048M,slots=10,maxmem=16806M -device pci-bridge,bus=pcie.0,id=pci-bridge-0,chassis_nr=1,shpc=off,addr=2,io-reserve=4k,mem-reserve=1m,pref64-reserve=1m -device virtio-serial-pci,disable-modern=false,id=serial0 -device virtconsole,chardev=charconsole0,id=console0 -chardev socket,id=charconsole0,path=/run/vc/vm/5e5aea372cc225df705e03b4e4cd124538fb77c5120836851b54799b602ca274/console.sock,server=on,wait=off -device nvdimm,id=nv0,memdev=mem0,unarmed=on -object memory-backend-file,id=mem0,mem-path=/opt/kata/share/kata-containers/kata-ubuntu-latest.image,size=268435456,readonly=on -device virtio-scsi-pci,id=scsi0,disable-modern=false -object rng-random,id=rng0,filename=/dev/urandom -device virtio-rng-pci,rng=rng0 -device vhost-vsock-pci,disable-modern=false,vhostfd=4,id=vsock-425605890,guest-cid=425605890 -chardev socket,id=char-b73156ddfe6ab016,path=/run/vc/vm/5e5aea372cc225df705e03b4e4cd124538fb77c5120836851b54799b602ca274/vhost-fs.sock -device vhost-user-fs-pci,chardev=char-b73156ddfe6ab016,tag=kataShared,queue-size=1024 -rtc base=utc,driftfix=slew,clock=host -global kvm-pit.lost_tick_policy=discard -vga none -no-user-config -nodefaults -nographic --no-reboot -object memory-backend-file,id=dimm1,size=2048M,mem-path=/dev/shm,share=on -numa node,memdev=dimm1 -kernel /opt/kata/share/kata-containers/vmlinux-6.1.62-136 -append tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k cryptomgr.notests net.ifnames=0 pci=lastbus=0 root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro ro rootfstype=ext4 console=hvc0 console=hvc1 quiet systemd.show_status=false panic=1 nr_cpus=4 selinux=0 systemd.unit=kata-containers.target systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket scsi_mod.scan=none -pidfile /run/vc/vm/5e5aea372cc225df705e03b4e4cd124538fb77c5120836851b54799b602ca274/pid -smp 1,cores=1,threads=1,sockets=4,maxcpus=4

DEBUGNOTE[15:49:17,311]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:17,521]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:17,832]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:18,100]: waitforlogentry(): tailstdout: Waiting since 19s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:18,107]: waitforlogentry(): tailstdout: Stopped waiting for x11docker=ready in store.info due to terminating signal.
DEBUGNOTE[15:49:18,115]: waitforlogentry(): tailstderr: Waiting since 19s for log entry "x11docker=ready" in store.info
DEBUGNOTE[15:49:18,122]: waitforlogentry(): tailstderr: Stopped waiting for x11docker=ready in store.info due to terminating signal.
DEBUGNOTE[15:49:18,242]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:18,753]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:19,364]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:20,074]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:20,884]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:21,795]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:21,805]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:21,916]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:22,126]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:22,436]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:22,847]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:23,357]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:23,967]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:24,678]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:25,488]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:26,398]: finish(): Waiting for X container PID 1: 32488 to terminate.
DEBUGNOTE[15:49:26,409]: finish(): Waiting for X container PID 1: 32488 to terminate.
x11docker_X107_xserver_193365954814
DEBUGNOTE[15:49:26,567]: finish(): Checking pid 32252 (watchmessagefifo): 32252 pts/0 00:00:00 bash
DEBUGNOTE[15:49:26,591]: finish(): Checking pid 32242 (watchpidlist): (already gone)
DEBUGNOTE[15:49:26,635]: termpid(): Terminating 32252 (watchmessagefifo): 32252 pts/0 00:00:00 bash
DEBUGNOTE[15:49:26,754]: x11docker exit code: 64

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions