On Tue, Sep 07, 2021 at 03:06:45PM -0700, Kevin Fenzi wrote: > Some of you may be aware of: > https://pagure.io/fedora-infrastructure/issue/10145 > > TLDR: some new syscalls in f35+ make docker in our OSBS cluster fail > some new syscalls. This means we have had no new f35/rawhide based OSBS > containers built. > > Note that the base and minimal base are built a different way in > rawhide/branched composes, so we have those, we just don't have any OSBS > builds. Also it's not affecting flatpak's (yet) because those are built > against f34 currently. > > Internally, Red Hat has a docker package that disables seccomp for > docker build. Docker has no option for this without patching. > OpenShift 3.11 (and also thus OSBS) default to seccomp off, but they > can't do that at build time currently. > > So, I would like to: > > * Make sure it's ok for us to use that internal docker build. > (If it's not I guess we get to hack up that seccomp disable patch > ourselves). > * Apply it on our OSBS nodes. > > Our aarch64 nodes are fedora 33, and I don't think they are affected by > this, but I am not sure (if someone seeing this could make sure one way > or another that would be great, I will also ask in the bug). > > Anyhow, can I get +1's to update docker and adjust it's startup unit to > run builds with no seccomp to work around this issue? +1 for me P.Yves
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
