If you install libkrun-sev onto a system without /dev/sem support, crun-krun blows up.

[rhatdan]

$ podman run --privileged --runtime=krun alpine echo hi
Error: krun: failed configuring mounts for handler at phase: HANDLER_CONFIGURE_AFTER_MOUNTS: No such file or directory: OCI runtime attempted to invoke a command that was not found

$sudo dnf -y remove libkrun-sev
Dependencies resolved.
...
Complete!

$ podman run --privileged --runtime=krun alpine echo hi
hi

[slp]

The problem comes from here:

crun/src/libcrun/handlers/krun.c

Line 248 in 41bce83

ret = libcrun_create_dev (container, devfd, -1, &sev_device, is_user_ns, true, err);

If the library is installed, the krun handler will try to open /dev/sev to create the bindmount, or fail otherwise. The problem is, at that stage, we can't check the existence of /.krun-sev.json as we do in libkrun_exec(), but perhaps we could capture the error and, instead of failing, silently disable the sev handler (by setting kconf->handle_sev = NULL)?

[rhatdan]

@giuseppe @flouthoc WDYT?