After digging a bit deeper i found a bit more details. I run bare runc
container as described here. When i exec inside the container i get
# runc exec mycontainerid ps
panic: cannot statfs cgroup root
goroutine 1 [running, locked to thread]:
github.com/opencontainers/runc/libcontainer/cgroups.IsCgroup2UnifiedMode.func1()
/go/src/github.com/opencontainers/runc/libcontainer/cgroups/utils.go:45 +0xa8
sync.(*Once).Do(0x55652cbb20, 0x5565000328)
/usr/local/go/src/sync/once.go:44 +0xc4
github.com/opencontainers/runc/libcontainer/cgroups.IsCgroup2UnifiedMode(0x20)
/go/src/github.com/opencontainers/runc/libcontainer/cgroups/utils.go:42 +0x38
github.com/opencontainers/runc/libcontainer.Cgroupfs(0x40000c4240, 0x400000e560, 0x150)
/go/src/github.com/opencontainers/runc/libcontainer/factory_linux.go:92 +0x20
github.com/opencontainers/runc/libcontainer.New(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5564e12e5d, 0x40000b56d8)
/go/src/github.com/opencontainers/runc/libcontainer/factory_linux.go:176 +0x16c
main.glob..func6(0x40000c8840, 0x5564fdaa00, 0x40000b56d8)
/go/src/github.com/opencontainers/runc/init.go:42 +0x2c
github.com/opencontainers/runc/vendor/github.com/urfave/cli.HandleAction(0x5564f83620, 0x5565000958, 0x40000c8840, 0x400005a300, 0x0)
/go/src/github.com/opencontainers/runc/vendor/github.com/urfave/cli/app.go:490 +0xd0
github.com/opencontainers/runc/vendor/github.com/urfave/cli.Command.Run(0x5564e12afc, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5564e27d77, 0x51, 0x0, ...)
/go/src/github.com/opencontainers/runc/vendor/github.com/urfave/cli/command.go:210 +0x70c
github.com/opencontainers/runc/vendor/github.com/urfave/cli.(*App).Run(0x4000102340, 0x4000088020, 0x2, 0x2, 0x0, 0x0)
/go/src/github.com/opencontainers/runc/vendor/github.com/urfave/cli/app.go:255 +0x4f4
main.main()
/go/src/github.com/opencontainers/runc/main.go:145 +0x948
ERRO[0000] exec failed: container_linux.go:349: starting container process caused "read init-p: connection reset by peer"
exec failed: container_linux.go:349: starting container process caused "read init-p: connection reset by peer"
Which fails on execution of stafs for /sys/fs/cgroup
as per code. I also see following statfs call in strace
statfs("/sys/fs/cgroup", {f_type=TMPFS_MAGIC, f_bsize=4096, f_blocks=3574287, f_bfree=3574287, f_bavail=3574287, f_files=3574287, f_ffree=3574270, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RDONLY|ST_NOSUID|ST_NODEV|ST_NOEXEC}) = 0
These source files can be helpful:
https://github.com/opencontainers/runc/blob/master/libcontainer/nsenter/nsexec.c
https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/utils.go
This is what i have for now.