On Tue, Sep 7, 2021 at 11:07 PM Kevin Fenzi <kevin@xxxxxxxxx> wrote:
Some of you may be aware of:
https://pagure.io/fedora-infrastructure/issue/10145
TLDR: some new syscalls in f35+ make docker in our OSBS cluster fail
some new syscalls. This means we have had no new f35/rawhide based OSBS
containers built.
Note that the base and minimal base are built a different way in
rawhide/branched composes, so we have those, we just don't have any OSBS
builds. Also it's not affecting flatpak's (yet) because those are built
against f34 currently.
Internally, Red Hat has a docker package that disables seccomp for
docker build. Docker has no option for this without patching.
OpenShift 3.11 (and also thus OSBS) default to seccomp off, but they
can't do that at build time currently.
So, I would like to:
* Make sure it's ok for us to use that internal docker build.
(If it's not I guess we get to hack up that seccomp disable patch
ourselves).
* Apply it on our OSBS nodes.
Our aarch64 nodes are fedora 33, and I don't think they are affected by
this, but I am not sure (if someone seeing this could make sure one way
or another that would be great, I will also ask in the bug).
I'm pretty sure when I first investigated this the aarch64 builds were
building successfully so that should be fine.
Anyhow, can I get +1's to update docker and adjust it's startup unit to
run builds with no seccomp to work around this issue?
+1 from me
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure