mirror of
https://github.com/k3s-io/k3s.git
synced 2024-06-07 19:41:36 +00:00
rootless: allow kernel.dmesg_restrict=1
When `/dev/kmsg` is unreadable due to sysctl value `kernel.dmesg_restrict=1`, bind-mount `/dev/null` into `/dev/kmsg` Fix issue 3011 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
parent
6e8284e3d4
commit
e672c988e4
@ -37,6 +37,18 @@ func setupMounts(stateDir string) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if devKmsg, err := os.Open("/dev/kmsg"); err == nil {
|
||||||
|
devKmsg.Close()
|
||||||
|
} else {
|
||||||
|
// kubelet requires /dev/kmsg to be readable
|
||||||
|
// https://github.com/rootless-containers/usernetes/issues/204
|
||||||
|
// https://github.com/rootless-containers/usernetes/pull/214
|
||||||
|
logrus.Debugf("`kernel.dmesg_restrict` seems to be set, bind-mounting /dev/null into /dev/kmsg")
|
||||||
|
if err := unix.Mount("/dev/null", "/dev/kmsg", "none", unix.MS_BIND, ""); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -85,10 +85,6 @@ func validateSysctl() error {
|
|||||||
// However, the current k3s implementation has a bug that requires net.ipv4.ip_forward=1
|
// However, the current k3s implementation has a bug that requires net.ipv4.ip_forward=1
|
||||||
// https://github.com/rancher/k3s/issues/2420#issuecomment-715051120
|
// https://github.com/rancher/k3s/issues/2420#issuecomment-715051120
|
||||||
"net.ipv4.ip_forward": "1",
|
"net.ipv4.ip_forward": "1",
|
||||||
|
|
||||||
// Currently, kernel.dmesg_restrict needs to be 0 to allow OOM-related messages
|
|
||||||
// https://github.com/rootless-containers/usernetes/issues/204
|
|
||||||
"kernel.dmesg_restrict": "0",
|
|
||||||
}
|
}
|
||||||
for key, expectedValue := range expected {
|
for key, expectedValue := range expected {
|
||||||
if actualValue, err := readSysctl(key); err == nil {
|
if actualValue, err := readSysctl(key); err == nil {
|
||||||
|
Loading…
Reference in New Issue
Block a user