Good morning community
I am trying to run a simple hello-world application to test the newly integrated functionality of CRaC in Springboot 3.2.0
When starting the container in vanilla Docker I had to run it with the flag --privileged otherwise some errors arise (even though CRIU has root privileges within the container). I am trying now to make it work within a Kubernetes job so that I can take the snapshot of the application, store it in an AWS EFS and then use the snapshot to restore in few ms the application execution on Fargate.
We are forbidden to run the containers in our EKS instance in privileged mode as there are some Kyverno policies which prevent us from doing that. This leads to a failure when CRIU tries to do the checkpoint.
These are the errors I can read from the dump logs by CRIU
(00.004537) Error (criu/vdso.c:304): vdso: Can't open 185/maps on procfs: Permission denied
(00.004564) Error (criu/vdso.c:498): vdso: Failed to mmap compatible vdso with helper process
(00.004571) Error (criu/vdso.c:620): vdso: Failed to fill compat vdso symtable
(00.004573) Error (criu/kerndat.c:1607): kerndat_vdso_fill_symtable failed when initializing kerndat.
Is there a way to make CRIU working without running the container in privileged mode?
- Version: 3.17.1-crac
- Linux 5.10.192-183.736.amzn2.x86_64 Do
- azul/zulu-openjdk:17.0.9-17.46-jdk-crac