Re: Freeze Break Request: OSBS docker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+1 from me.


From: Kevin Fenzi <kevin@xxxxxxxxx>
Sent: Wednesday, September 8, 2021 1:06 AM
To: infrastructure@xxxxxxxxxxxxxxxxxxxxxxx <infrastructure@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: Freeze Break Request: OSBS docker
 
Some of you may be aware of:
https://pagure.io/fedora-infrastructure/issue/10145

TLDR: some new syscalls in f35+ make docker in our OSBS cluster fail
some new syscalls. This means we have had no new f35/rawhide based OSBS
containers built.

Note that the base and minimal base are built a different way in
rawhide/branched composes, so we have those, we just don't have any OSBS
builds. Also it's not affecting flatpak's (yet) because those are built
against f34 currently.

Internally, Red Hat has a docker package that disables seccomp for
docker build. Docker has no option for this without patching.
OpenShift 3.11 (and also thus OSBS) default to seccomp off, but they
can't do that at build time currently.

So, I would like to:

* Make sure it's ok for us to use that internal docker build.
(If it's not I guess we get to hack up that seccomp disable patch
ourselves).
* Apply it on our OSBS nodes.

Our aarch64 nodes are fedora 33, and I don't think they are affected by
this, but I am not sure (if someone seeing this could make sure one way
or another that would be great, I will also ask in the bug).

Anyhow, can I get +1's to update docker and adjust it's startup unit to
run builds with no seccomp to work around this issue?

kevin
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux