On ti, 24 marras 2020, Florian Weimer wrote:
* Fabio Valentini:
Are there plans to fix the glibc faccessat2 issues with older
systemd-nspawn and docker?
It would be a shame if fedora 34 containers wouldn't be able to run
correctly in most circumstances.
I've brought the discussion to what I think are the appropriate forums:
<https://lore.kernel.org/linux-api/87lfer2c0b.fsf@xxxxxxxxxxxxxxxxxxxxxxxxx/>
<https://groups.google.com/a/opencontainers.org/g/dev/c/8Phfq3VBxtw>
I've also posted a glibc upstream patch to show what it would look like:
<https://sourceware.org/pipermail/libc-alpha/2020-November/119955.html>
Personally, I find it difficult to support such an approach technically,
and I would like to see some reassurance from kernel developers that
this is okay.
Feedback so far is in the opposite direction, though.
Thanks, Florian.
For those who need this working now rather when Docker is fixed (as
promised by Aleksa in the linux-api@ thread), I ended up taking
libseccomp 2.5 from Debian Sid and making a PPA with it for Ubuntu
20.04. It seems to help now, so if others have the same need, installing
libseccomp2 from the
https://launchpad.net/~abbra/+archive/ubuntu/freeipa-libseccomp should
help -- you also need to add 'faccessat2' to the Docker profile.
Example use in FreeIPA is https://pagure.io/freeipa/c/1bf0d628281f33693a1f6c6e156b0c258eee929e?branch=master
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
