On Tue, Sep 7, 2021 at 11:07 PM Kevin Fenzi <ke...@scrye.com> wrote: > Some of you may be aware of: > https://pagure.io/fedora-infrastructure/issue/10145 > > TLDR: some new syscalls in f35+ make docker in our OSBS cluster fail > some new syscalls. This means we have had no new f35/rawhide based OSBS > containers built. > > Note that the base and minimal base are built a different way in > rawhide/branched composes, so we have those, we just don't have any OSBS > builds. Also it's not affecting flatpak's (yet) because those are built > against f34 currently. > > Internally, Red Hat has a docker package that disables seccomp for > docker build. Docker has no option for this without patching. > OpenShift 3.11 (and also thus OSBS) default to seccomp off, but they > can't do that at build time currently. > > So, I would like to: > > * Make sure it's ok for us to use that internal docker build. > (If it's not I guess we get to hack up that seccomp disable patch > ourselves). > * Apply it on our OSBS nodes. > > Our aarch64 nodes are fedora 33, and I don't think they are affected by > this, but I am not sure (if someone seeing this could make sure one way > or another that would be great, I will also ask in the bug). >
I'm pretty sure when I first investigated this the aarch64 builds were building successfully so that should be fine. > > Anyhow, can I get +1's to update docker and adjust it's startup unit to > run builds with no seccomp to work around this issue? > +1 from me
_______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
