container create failed: sd-bus call: Cannot set property CPUQuotaPeriodUSec, or unknown propert

[xuegege5290]

crun start container failed

kubectl describe pods -n default my-pod 
126:  Warning  Failed          5m4s (x12 over 7m16s)   kubelet            Error: container create failed: sd-bus call: Cannot set property CPUQuotaPeriodUSec, or unknown propert
y.: Read-only file system

but runc start success

func addCpuQuota(cm *dbusConnManager, properties *[]systemdDbus.Property, quota int64, period uint64) {
	if period != 0 {
		// systemd only supports CPUQuotaPeriodUSec since v242
		sdVer := systemdVersion(cm)
		if sdVer >= 242 {
			*properties = append(*properties,
				newProp("CPUQuotaPeriodUSec", period))
		} else {
			logrus.Debugf("systemd v%d is too old to support CPUQuotaPeriodSec "+
				" (setting will still be applied to cgroupfs)", sdVer)
		}
	}
	if quota != 0 || period != 0 {
		// corresponds to USEC_INFINITY in systemd
		cpuQuotaPerSecUSec := uint64(math.MaxUint64)
		if quota > 0 {
			if period == 0 {
				// assume the default
				period = defCPUQuotaPeriod
			}
			// systemd converts CPUQuotaPerSecUSec (microseconds per CPU second) to CPUQuota
			// (integer percentage of CPU) internally.  This means that if a fractional percent of
			// CPU is indicated by Resources.CpuQuota, we need to round up to the nearest
			// 10ms (1% of a second) such that child cgroups can set the cpu.cfs_quota_us they expect.
			cpuQuotaPerSecUSec = uint64(quota*1000000) / period
			if cpuQuotaPerSecUSec%10000 != 0 {
				cpuQuotaPerSecUSec = ((cpuQuotaPerSecUSec / 10000) + 1) * 10000
			}
		}
		*properties = append(*properties,
			newProp("CPUQuotaPerSecUSec", cpuQuotaPerSecUSec))
	}
}

[xuegege5290]

The error from crun :

  if (UNLIKELY (sd_err < 0))
    {
      if (reset_failed_unit (bus, scope) == 0)
        {
          sd_bus_error_free (&error);
          if (reply)
            sd_bus_message_unref (reply);

          error = SD_BUS_ERROR_NULL;
          reply = NULL;

          sd_err = sd_bus_call (bus, m, 0, &error, &reply);
        }
      if (sd_err < 0)
        {
          ret = crun_make_error (err, sd_bus_error_get_errno (&error), "sd-bus call: %s", error.message ?: error.name);
          goto exit;
        }
    }

[xuegege5290]

 crun --version
crun version 1.8.3
commit: 59f2beb7efb0d35611d5818fd0311883676f6f7e
rundir: /run/user/0/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL

[giuseppe]

please update your version of systemd, crun doesn't not have the same check in place as runc for the systemd version

[xuegege5290]

please update your version of systemd, crun doesn't not have the same check in place as runc for the systemd version

The confusing part for me is that runc has a prompt for the systemd version, but it still executes successfully. On the other hand, crun does not have a corresponding prompt for the systemd version. Can crun use similar logic as runc?

[tonyaw]

I met the same issue, how to solve it?

[xuegege5290]

I met the same issue, how to solve it?

Abandoning crun and embracing runc. Runc doesn't have this issue. Alternatively, upgrading systemd would require upgrading the operating system. However, I have chosen runc.

[giuseppe]

The confusing part for me is that runc has a prompt for the systemd version, but it still executes successfully. On the other hand, crun does not have a corresponding prompt for the systemd version. Can crun use similar logic as runc?

if anyone cares enough to send a patch, we can consider that.

I met the same issue, how to solve it?

systemd 242 was released 5 years ago. What system are you using?

[hdhoang]

In my case, we run debian10 mostly. Fortunately, buster-backports includes newer systemd so we can continue with crun.

ps. thanks for the excellent zombie reporting, we discovered a bad probe script from its output.