On 10/05/2017 01:47 PM, Frank Ch. Eigler wrote:
Hi, Dan -
Could you show the docker line that atomic run is executing?
% atomic run --spc candidate-registry.fedoraproject.org/f26/systemtap /usr/share/systemtap/examples/io/iotop.stp
docker run --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/kernel/debug -v /usr/src/kernels:/usr/src/kernels -v /usr/lib/modules/:/usr/lib/modules/ -v /usr/lib/debug:/usr/lib/debug -t -i --name systemtap-spc candidate-registry.fedoraproject.org/f26/systemtap /usr/share/systemtap/examples/io/iotop.stp
... which fails. But a hand-run % docker run, with "--security-opt
label:disable" added in the front works for me.
The LABEL would be the preferred way.
Sure, just someone(tm) needs to find the Dockerfile in git. I
couldn't find it from a dozen minutes reading
https://fedoraproject.org/wiki/Changes/Layered_Docker_Image_Build_Service
and pals.
- FChE
But really for something like this, it would be better to just run it
--privileged. There is on security confinement present in what you are
doing.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
