3

を使用してコンテナ内でタスクを実行するdocker execと、新しく生成されたプロセスがcontainerd-shim、このコンテナの他のプロセスに関連付けられます。これは予期された動作です。しかし、新しく生成されたプロセスがこのプロセスにどのように接続されるのか、詳しくはわかりません。

編集:いくつかの調査の後、プロセスが実際にruncによって生成され、それを使用しprctl(PR_SET_CHILD_SUBREAPER, 1);てruncを終了でき、プロセスがruncに接続されていることがわかりました。それでも、それはプロセスが私のシェルからこの runc プロセスに接続されている方法に「転送」される方法を説明していませんcontainerd-shim

たとえば、プロセスを生成するとsudo strace docker exec 104f931f77ee sleep 99、次の ps ツリーが作成されます (わかりやすくするために簡略化しています)。

systemd,1
  ├─agetty,365 -o -p -- \\u --noclear tty1 linux
  ├─containerd,364
  │   ├─containerd-shim,1858 -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/104f931f77eeb745451a47644e4997440a674697cef9a1a567b4edede960c68e -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
  │   │   ├─bash,1875
  │   │   ├─sleep,4769 10000000
  │   │   ├─sleep,15504 99
  │   │   └─{containerd-shim},1859, 1860, ...
  │   └─{containerd},373, 374, ...
  ├─dockerd,366 -H fd:// --containerd=/run/containerd/containerd.sock
  │   └─{dockerd},381, 382 ... 406
  │
  └─sshd,371 -D
      └─sshd,565   
          └─sshd,582    
              └─zsh,583
                  └─sudo,15479 strace docker exec 104f931f77ee sleep 99
                      └─strace,15480 docker exec 104f931f77ee sleep 99
                          └─docker,15483 exec 104f931f77ee sleep 99
                              └─{docker},15485 to 15494

によるとstrace、コンテナがこのプロセスにアタッチされているときにシステムコールが実行されcontainerd-shimないため、これは直接の原因ではありません。containerd-shim(スポーン時ではなく、コンテナが死亡したときにのみ起こされるため)

 futex(0x9d8828, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21192, si_uid=0, si_status=0, si_utime=1, si_stime=0} ---
futex(0x9f3500, FUTEX_WAKE_PRIVATE, 1)  = 1
rt_sigreturn({mask=~[HUP INT QUIT ILL TRAP ABRT BUS FPE KILL USR1 SEGV PIPE TERM STKFLT CHLD STOP PROF SYS RTMIN RT_1]}) = 202
futex(0x9d8828, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21653, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
futex(0x9f3500, FUTEX_WAKE_PRIVATE, 1)  = 1
rt_sigreturn({mask=~[HUP INT QUIT ILL TRAP ABRT BUS FPE KILL USR1 SEGV PIPE TERM STKFLT CHLD STOP PROF SYS RTMIN RT_1]}) = 202
futex(0x9d8828, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)

(編集を参照)これは特に奇妙です:

プロセスをシェルの子として開始することはできません。その後、別のプロセスが親になるように「再親化」します。

したがって、子プロセスを明示的に開始する親プロセスを使用する必要があります。

また、この strace によると、産卵プロセスとcontainerd-shim

sudo strace docker exec 104f931f77ee sleep 99
execve("/usr/bin/docker", ["docker", "exec", "104f931f77ee", "sleep", "99"], 0x7ffe39a39f60 /* 13 vars */) = 0
brk(NULL)                               = 0x5650f557d000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=32790, ...}) = 0
mmap(NULL, 32790, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f3324830000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@l\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=146968, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332482e000
mmap(NULL, 132288, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f332480d000
mmap(0x7f3324813000, 61440, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f3324813000
mmap(0x7f3324822000, 24576, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x7f3324822000
mmap(0x7f3324828000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x7f3324828000
mmap(0x7f332482a000, 13504, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f332482a000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\21\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14592, ...}) = 0
mmap(NULL, 16656, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3324808000
mmap(0x7f3324809000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f3324809000
mmap(0x7f332480a000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f332480a000
mmap(0x7f332480b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f332480b000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260A\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1824496, ...}) = 0
mmap(NULL, 1837056, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3324647000
mprotect(0x7f3324669000, 1658880, PROT_NONE) = 0
mmap(0x7f3324669000, 1343488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7f3324669000
mmap(0x7f33247b1000, 311296, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16a000) = 0x7f33247b1000
mmap(0x7f33247fe000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b6000) = 0x7f33247fe000
mmap(0x7f3324804000, 14336, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3324804000
close(3)                                = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3324644000
arch_prctl(ARCH_SET_FS, 0x7f3324644740) = 0
mprotect(0x7f33247fe000, 16384, PROT_READ) = 0
mprotect(0x7f332480b000, 4096, PROT_READ) = 0
mprotect(0x7f3324828000, 4096, PROT_READ) = 0
mprotect(0x5650f338d000, 27123712, PROT_READ) = 0
mprotect(0x7f3324860000, 4096, PROT_READ) = 0
munmap(0x7f3324830000, 32790)           = 0
set_tid_address(0x7f3324644a10)         = 15483
set_robust_list(0x7f3324644a20, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f33248136b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f3324813740, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
brk(NULL)                               = 0x5650f557d000
brk(0x5650f559e000)                     = 0x5650f559e000
sched_getaffinity(0, 8192, [0, 1, 2, 3, 4, 5]) = 64
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3324604000
mmap(0xc000000000, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc000000000
mmap(0xc000000000, 67108864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xc000000000
mmap(NULL, 33554432, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3322604000
mmap(NULL, 2164736, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33223f3000
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33223e3000
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33223d3000
rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0
sigaltstack(NULL, {ss_sp=NULL, ss_flags=SS_DISABLE, ss_size=0}) = 0
sigaltstack({ss_sp=0xc000002000, ss_flags=0, ss_size=32768}, NULL) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
gettid()                                = 15483
rt_sigaction(SIGHUP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGHUP, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGINT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGINT, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGQUIT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGQUIT, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGILL, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGILL, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGTRAP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTRAP, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGABRT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGABRT, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGBUS, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGFPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGFPE, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGUSR1, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR1, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGSEGV, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGUSR2, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR2, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGPIPE, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], 
[...]
sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3321bd2000
mprotect(0x7f3321bd3000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f33223d1fb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f33223d29d0, tls=0x7f33223d2700, child_tidptr=0x7f33223d29d0) = 15485
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f33213d1000
mprotect(0x7f33213d2000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f3321bd0fb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3321bd19d0, tls=0x7f3321bd1700, child_tidptr=0x7f3321bd19d0) = 15486
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f33203cf000
mprotect(0x7f33203d0000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f3320bcefb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3320bcf9d0, tls=0x7f3320bcf700, child_tidptr=0x7f3320bcf9d0) = 15488
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f33137ff000
mprotect(0x7f3313800000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f3313ffefb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3313fff9d0, tls=0x7f3313fff700, child_tidptr=0x7f3313fff9d0) = 15489
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
mmap(NULL, 1439992, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332026f000
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332022f000
readlinkat(AT_FDCWD, "/proc/self/exe", "/usr/bin/docker", 128) = 15
fcntl(0, F_GETFL)                       = 0x402 (flags O_RDWR|O_APPEND)
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
fcntl(1, F_GETFL)                       = 0x402 (flags O_RDWR|O_APPEND)
fcntl(2, F_GETFL)                       = 0x402 (flags O_RDWR|O_APPEND)
getpid()                                = 15483
newfstatat(AT_FDCWD, "/proc", {st_mode=S_IFDIR|0555, st_size=0, ...}, 0) = 0
openat(AT_FDCWD, "/proc/stat", O_RDONLY|O_CLOEXEC) = 3
epoll_create1(EPOLL_CLOEXEC)            = 4
epoll_ctl(4, EPOLL_CTL_ADD, 3, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=539230440, u64=139857559290088}}) = 0
fcntl(3, F_GETFL)                       = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 0
read(3, "cpu  2248 0 4821 3583425 1021 0 "..., 4096) = 1387
read(3, "", 2709)                       = 0
epoll_ctl(4, EPOLL_CTL_DEL, 3, 0xc00021120c) = 0
close(3)                                = 0
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33201ef000
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
getrandom("\x5c\x6c\x6d\xbf\xd9\x2a\xf8\x4d", 8, 0) = 8
newfstatat(AT_FDCWD, "/usr/lib/libykcs11.so", 0xc000050788, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/libykcs11.so.1", 0xc000050858, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib64/libykcs11.so", 0xc000050928, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib64/libykcs11.so.1", 0xc0000509f8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libykcs11.so", 0xc000050ac8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/lib/libykcs11.so", 0xc000050b98, 0) = -1 ENOENT (No such file or directory)
capget({version=0 /* _LINUX_CAPABILITY_VERSION_??? */, pid=0}, NULL) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cap_last_cap", O_RDONLY|O_CLOEXEC) = 3
epoll_ctl(4, EPOLL_CTL_ADD, 3, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=539230440, u64=139857559290088}}) = 0
fcntl(3, F_GETFL)                       = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 0
read(3, "37\n", 11)                     = 3
epoll_ctl(4, EPOLL_CTL_DEL, 3, 0xc000211d24) = 0
close(3)                                = 0
newfstatat(AT_FDCWD, "/usr/local/sbin/unpigz", 0xc0000512e8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/bin/unpigz", 0xc0000513b8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/sbin/unpigz", 0xc000051488, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/bin/unpigz", {st_mode=S_IFREG|0755, st_size=116944, ...}, 0) = 0
getpid()                                = 15483
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
uname({sysname="Linux", nodename="debiankvm", ...}) = 0
getuid()                                = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=510, ...}) = 0
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 510
read(3, "", 4096)                       = 0
close(3)                                = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=32790, ...}) = 0
mmap(NULL, 32790, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f3324830000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0003\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=55792, ...}) = 0
mmap(NULL, 83768, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f33201da000
mprotect(0x7f33201dd000, 40960, PROT_NONE) = 0
mmap(0x7f33201dd000, 28672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f33201dd000
mmap(0x7f33201e4000, 8192, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f33201e4000
mmap(0x7f33201e7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f33201e7000
mmap(0x7f33201e9000, 22328, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f33201e9000
close(3)                                = 0
mprotect(0x7f33201e7000, 4096, PROT_READ) = 0
munmap(0x7f3324830000, 32790)           = 0
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR)                   = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1394, ...}) = 0
read(3, "root:x:0:0:root:/root:/bin/zsh\nd"..., 4096) = 1394
close(3)                                = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3311ffc000
mprotect(0x7f3311ffd000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f33127fbfb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f33127fc9d0, tls=0x7f33127fc700, child_tidptr=0x7f33127fc9d0) = 15492
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a7d48, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a7d48, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
epoll_pwait(4, [], 128, 0, NULL, 8)     = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332018a000
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04ee8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable)
epoll_pwait(4, [], 128, 0, NULL, 128)   = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c4c8, FUTEX_WAKE_PRIVATE, 1) = 1
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332017a000
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04ee8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
newfstatat(AT_FDCWD, "/root/.docker/config.json", 0xc0004d9bd8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/root/.dockercfg", 0xc0004d9ca8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/sbin/pass", 0xc0004d9d78, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/bin/pass", 0xc0004d9e48, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/sbin/pass", 0xc0004d9f18, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/bin/pass", 0xc000018038, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/sbin/pass", 0xc000018108, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/bin/pass", 0xc0000181d8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/sbin/docker-credential-secretservice", 0xc0000182a8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/bin/docker-credential-secretservice", 0xc000018378, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/sbin/docker-credential-secretservice", 0xc000018448, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/bin/docker-credential-secretservice", 0xc000018518, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/sbin/docker-credential-secretservice", 0xc0000185e8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/bin/docker-credential-secretservice", 0xc0000186b8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/root/.kube/config", 0xc000018788, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/root/.kube/config", 0xc000018858, 0) = -1 ENOENT (No such file or directory)
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e08b80, FUTEX_WAIT_PRIVATE, 0, {tv_sec=31, tv_nsec=999222248}^C) = ? ERESTART_RESTARTBLOCK (Interrupted by signal)
strace: Process 15483 detached

では、コンテナをcontainerd-shim親として作成するにはどうすればよいでしょうか。


注: 問題は、コンテナがこのアーキテクチャを必要とする理由ではありません (コンテナを生成したプロセスが中断することなく終了できることはわかっています: コンテナはシェルから切り離された状態で実行を継続できます)。しかし、これを技術的にどのように行うことができるか。

4

1 に答える 1