Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64608

Detection "running inside container" fails with cgroup namespace "private" for docker daemon

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • docker-workflow-plugin
    • jenkins version 2.263.1
      docker-workflow version 1.25
      docker 20.10.2
      arch linux with kernel 5.4.86-1-lts (/proc/cmdline contains systemd.unified_cgroup_hierarchy=1 cgroup_no_v1=all)
      cgroups v2 enabled
      cgroups v1 disabled

      With cgroups v2 running on the host there is a change to the behavior of the docker daemon regarding cgroups:

      The default cgroup namespace mode (docker run --cgroupns) is "private" on v2, "host" on v1. (cf. https://github.com/docker/docker.github.io/blob/master/config/containers/runmetrics.md#running-docker-on-cgroup-v2).

      Without any changes to the docker configuration the coding in src/main/java/org/jenkinsci/plugins/docker/workflow/client/ControlGroup.java of the docker-workflow-plugin fails, since /proc/self/cgroup does no longer contain the host-cgroup for the container.

      A workaround is to set the option default-cgroupns-mode to "host" for the docker daemon.

      Another way of detecting the containerization is needed.

            jglick Jesse Glick
            joergschray Jörg
            Votes:
            4 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: