Right, afaict this is caused by https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378 . Marking the process as undumpable requires that the caller has CAP_SYS_PTRACE in the target process user namespace. If not, then any file-opening operations on /proc/<pid>/<file> (e.g. readlink()) will be denied. This is exactly what getPipeFds() is trying to do. This leads to the error you see above. There's another PR floating around that will complicate things even when CAP_SYS_PTRACE is available (https://github.com/opencontainers/runc/pull/1274). But I need to take a closer look.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1655906 Title: Please upgrade docker.io to latest 1.12.6 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/containerd/+bug/1655906/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs