Azur recently upgraded kubenetes to 1.33 , we ahve to upgrade sysbox to 0.7.0.
Initial issue observed after upgrade sysbox:
Containers failed to start with the following error:
Error: reading ID mappings from "/proc/0/uid_map": no such file or directory
According to
https://github.com/nestybox/sysbox/blob/master/docs/user-guide/security.md?utm_source=chatgpt.com#user-namespace-id-mapping
this error seems related to user ID mapping.
Sysbox relies on this mechanism to map container user IDs (e.g., root inside the container) to non-root users on the host for isolation.
This requires access to /proc/.../uid_map, which defines the UID mapping between container and host.
In addition, we are also seeing errors such as:
mounting "sysfs" ... operation not permitted which further indicates that certain low-level operations required by this runtime model (Docker-in-Docker via Sysbox) are restricted by new AKS.
Azur recently upgraded kubenetes to 1.33 , we ahve to upgrade sysbox to 0.7.0.
Initial issue observed after upgrade sysbox:
Containers failed to start with the following error:
Error: reading ID mappings from "/proc/0/uid_map": no such file or directory
According to
https://github.com/nestybox/sysbox/blob/master/docs/user-guide/security.md?utm_source=chatgpt.com#user-namespace-id-mapping
this error seems related to user ID mapping.
Sysbox relies on this mechanism to map container user IDs (e.g., root inside the container) to non-root users on the host for isolation.
This requires access to /proc/.../uid_map, which defines the UID mapping between container and host.
In addition, we are also seeing errors such as:
mounting "sysfs" ... operation not permitted which further indicates that certain low-level operations required by this runtime model (Docker-in-Docker via Sysbox) are restricted by new AKS.