+1 from me.
From: Kevin Fenzi <kevin@xxxxxxxxx>
Sent: Wednesday, September 8, 2021 1:06 AM To: infrastructure@xxxxxxxxxxxxxxxxxxxxxxx <infrastructure@xxxxxxxxxxxxxxxxxxxxxxx> Subject: Freeze Break Request: OSBS docker Some of you may be aware of:
https://pagure.io/fedora-infrastructure/issue/10145 TLDR: some new syscalls in f35+ make docker in our OSBS cluster fail some new syscalls. This means we have had no new f35/rawhide based OSBS containers built. Note that the base and minimal base are built a different way in rawhide/branched composes, so we have those, we just don't have any OSBS builds. Also it's not affecting flatpak's (yet) because those are built against f34 currently. Internally, Red Hat has a docker package that disables seccomp for docker build. Docker has no option for this without patching. OpenShift 3.11 (and also thus OSBS) default to seccomp off, but they can't do that at build time currently. So, I would like to: * Make sure it's ok for us to use that internal docker build. (If it's not I guess we get to hack up that seccomp disable patch ourselves). * Apply it on our OSBS nodes. Our aarch64 nodes are fedora 33, and I don't think they are affected by this, but I am not sure (if someone seeing this could make sure one way or another that would be great, I will also ask in the bug). Anyhow, can I get +1's to update docker and adjust it's startup unit to run builds with no seccomp to work around this issue? kevin |
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure