Description
When we exec into a container with a private time namespace, it will get an error.
Steps to reproduce the issue
- Create a container with a private time namespace;
- Exec into this container;
- We will always get an error.
Describe the results you received and expected
@lifubang ➜ ~/ubuntu $ sudo ./runc.amd64 run -d test
@lifubang ➜ ~/ubuntu $ sudo ./runc.amd64 exec test true
FATA[0000] nsexec-0[10598]: failed to update /proc/10599/timens_offsets: Permission denied
FATA[0000] nsexec-1[10599]: failed to sync with parent: read(SYNC_TIMEOFFSETS_ACK): Success
ERRO[0000] exec failed: unable to start container process: error executing setns process: exit status 1
What version of runc are you using?
runc version 1.2.5
commit: v1.2.5-0-g59923ef1
spec: 1.2.0
go: go1.22.12
libseccomp: 2.5.5
Host OS information
No response
Host kernel information
No response
Description
When we exec into a container with a private time namespace, it will get an error.
Steps to reproduce the issue
Describe the results you received and expected
@lifubang ➜ ~/ubuntu $ sudo ./runc.amd64 run -d test
@lifubang ➜ ~/ubuntu $ sudo ./runc.amd64 exec test true
FATA[0000] nsexec-0[10598]: failed to update /proc/10599/timens_offsets: Permission denied
FATA[0000] nsexec-1[10599]: failed to sync with parent: read(SYNC_TIMEOFFSETS_ACK): Success
ERRO[0000] exec failed: unable to start container process: error executing setns process: exit status 1
What version of runc are you using?
runc version 1.2.5
commit: v1.2.5-0-g59923ef1
spec: 1.2.0
go: go1.22.12
libseccomp: 2.5.5
Host OS information
No response
Host kernel information
No response