Summary
urunc does not implement the exec subcommand required by the OCI Runtime Specification.
When orchestrators call urunc exec on a running container, urunc returns:
Impact
Any tool relying on exec for sidecar coordination or container introspection breaks silently.
This was discovered while investigating Argo Workflows integration (#573), where the absence
of exec causes workflow pods to hang indefinitely after the unikernel exits.
Expected behavior
urunc exec <container-id> -- <cmd> should execute a process in the container's context per
the OCI Runtime Spec.
Since unikernels don't support process injection, running the command as a host-side process
in the container's namespaces (similar to Kata Containers) seems a reasonable approach.
related to -#573
Summary
uruncdoes not implement theexecsubcommand required by the OCI Runtime Specification.When orchestrators call
urunc execon a running container, urunc returns:Impact
Any tool relying on
execfor sidecar coordination or container introspection breaks silently.This was discovered while investigating Argo Workflows integration (#573), where the absence
of
execcauses workflow pods to hang indefinitely after the unikernel exits.Expected behavior
urunc exec <container-id> -- <cmd>should execute a process in the container's context perthe OCI Runtime Spec.
Since unikernels don't support process injection, running the command as a host-side process
in the container's namespaces (similar to Kata Containers) seems a reasonable approach.
related to -#573