ecs-init breaks with Docker 19.03.5 #294
Description
Summary
ecs-init fails with newer versions of Docker due to conflicts between mounting /sbin and using --init.
Description
When attempting to use ecs-init with a newer version of Docker like 19.03.5, the agent container will fail to run with a message similar to this one:
Error response from daemon: OCI runtime create failed: container_linux.go:296: starting container process caused "exec: "/sbin/init": stat /sbin/init: no such file or directory": unknown.
When ecs-init starts the agent container, it both mounts /sbin:/sbin and specifies the --init option. --init works by mounting a process on the host (something like /usr/bin/docker-init) to a location inside the container and using that to execute the container entrypoint. In moby/moby#37665, the injected tini binary was moved from /dev/init to /sbin/init. The agent's mount of /sbin hides the mount of /sbin/init, causing the container to be unable to start.
There are a few options for making this work:
- (preferred) Update ecs-init to either eliminate or relocate the
/sbinmount to a different path - Remove the use of
--initand bundle the init binary (tini) into the agent container - Remove the use of
--init, mount tini to a different location in the container, and specify it as the entrypoint - Contribute a patch to Docker to allow the init binary mount location to be specified as part of
HostConfig, and then update ecs-init to use that
Expected Behavior
ecs-init to work with newer versions of Docker
Observed Behavior
ecs-init fails to run the agent