[BUG] compatible issue with containerd 2.2 #1446
Description
What happened:
csi-driver and mountpod cannot run when containerd version is greater than 2.2
related change: containerd/containerd#11578
Warning Failed 9m kubelet Error: failed to create containerd container: mount callback failed on /var/lib/containerd/tmpmounts/containerd-mount880900145: openat etc/passwd: path escapes from parent
Warning Failed 9m kubelet Error: failed to create containerd container: mount callback failed on /var/lib/containerd/tmpmounts/containerd-mount1288998732: openat etc/passwd: path escapes from parent
Warning Failed 8m45s kubelet Error: failed to create containerd container: mount callback failed on /var/lib/containerd/tmpmounts/containerd-mount3244384791: openat etc/passwd: path escapes from parent
Warning Failed 8m33s kubelet Error: failed to create containerd container: mount callback failed on /var/lib/containerd/tmpmounts/containerd-mount2656875566: openat etc/passwd: path escapes from parent
containerd log
Nov 27 16:47:27 chaos-k8s-001 containerd[12790]: time="2025-11-27T16:47:27.223423742+08:00" level=error msg="CreateContainer within sandbox \"cacdff2325a6b2cf2c37ab36693b96b2b28f66a6cc2e4c0b51f76496d0f306bc\" for name:\"juicefs-plugin\" failed" error="rpc error: code = Unknown desc = failed to create containerd container: mount callback failed on /var/lib/containerd/tmpmounts/containerd-mount3834053456: openat etc/passwd: path escapes from parent"
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?
Environment:
- JuiceFS CSI Driver version (which image tag did your CSI Driver use):
v0.30.3 - Kubernetes version (e.g.
kubectl version):1.34, container v2.2 - Object storage (cloud provider and region):
- Metadata engine info (version, cloud provider managed or self maintained):
- Network connectivity (JuiceFS to metadata engine, JuiceFS to object storage):
- Others: