If libkrun-sev is installed, but /dev/sev doesn't exist, rootless krun fails #1300
Comments
|
@nalind I think regular $ podman run --rm -it --runtime krun fedora sh
Error: OCI runtime error: krun: failed to open `libkrun.so.1` and `libkrun-sev.so.1` for krun_configI think following patch should do the trick diff --git a/src/libcrun/handlers/krun.c b/src/libcrun/handlers/krun.c
index 0342a33..fd68979 100644
--- a/src/libcrun/handlers/krun.c
+++ b/src/libcrun/handlers/krun.c
@@ -168,7 +168,7 @@ libkrun_configure_container (void *cookie, enum handler_configure_phase phase,
libcrun_context_t *context, libcrun_container_t *container,
const char *rootfs, libcrun_error_t *err)
{
- int ret, rootfsfd;
+ int ret, rootfsfd, exists;
size_t i;
struct krun_config *kconf = (struct krun_config *) cookie;
struct device_s kvm_device = { "/dev/kvm", "c", 10, 232, 0666, 0, 0 };
@@ -229,6 +229,9 @@ libkrun_configure_container (void *cookie, enum handler_configure_phase phase,
{
if (strcmp (def->linux->devices[i]->path, "/dev/sev") == 0)
create_sev = false;
+ exists = crun_path_exists ("/dev/sev", err);
+ if (exists < 0)
+ create_sev = false;
}
}
|
That is not a problem that I encountered. You might need to use |
If libkrun-sev is installed, but there is no
/dev/sev, rootless krun will attempt to bind mount a/dev/sevthat doesn't exist into containers, even for containers which aren't using SEV.Running something like
podman run --rm -it --runtime krun fedora uname -rin such a situation will produce aError: krun: failed configuring mounts for handler at phase: HANDLER_CONFIGURE_AFTER_MOUNTS: No such file or directory: OCI runtime attempted to invoke a command that was not foundmessage.The text was updated successfully, but these errors were encountered: