On Fri, Feb 17, 2023 at 10:30 AM Chen, Qi <[email protected]> wrote: > > Hi Bruce, > > I've sent out V2. > I also noticed there's a cri-o upgrade in master-next, so I cherry-picked it > onto my branch and tested 'k8s + cri-o + flannel' for qemux86-64. Things are > working.
I've grabbed parts of the original series and the v2 patches and staged them onto master-next. I also have my container-host bbclass and configuration work on master-next. My tests passed, but it would be good to get your results with it as well .. as I may have missed part of your series. If I did miss something, resend it against master-next and I'll add them to the queue. Bruce > > Regards, > Qi > > -----Original Message----- > From: Bruce Ashfield <[email protected]> > Sent: Friday, February 17, 2023 10:27 PM > To: Chen, Qi <[email protected]> > Cc: [email protected] > Subject: Re: [meta-virtualization][PATCH 2/5] cri-o: use PACKAGECONFIG to > handle selinux > > On Fri, Feb 17, 2023 at 9:24 AM Chen, Qi <[email protected]> wrote: > > > > OK, I see. Let's just drop this patch so that libselinux is still a > > dependency and the layer check is still there. > > I'll send out V2 of the README change to match the current situation. > > It would be nice to have the ability to disable the selinux support, for > those that don't need it. > > So triggering everything off the distro feature is fine, if you want to do > that with the v2. No need to modify the crio.conf for now, as we don't have > selinux policies to fully test it regardless. > > Bruce > > > > > Regards, > > Qi > > > > -----Original Message----- > > From: Bruce Ashfield <[email protected]> > > Sent: Friday, February 17, 2023 10:11 PM > > To: Chen, Qi <[email protected]> > > Cc: [email protected] > > Subject: Re: [meta-virtualization][PATCH 2/5] cri-o: use PACKAGECONFIG > > to handle selinux > > > > On Fri, Feb 17, 2023 at 8:56 AM Chen, Qi <[email protected]> wrote: > > > > > > I disable it by default to align with oe-core/meta-openembedded practice, > > > although some of the recipes there are using DISTRO_FEATURES to determine > > > the default value. > > > Also, selinux is set to 'false' by default in crio.conf, both in the old > > > crio.conf and the new one. > > > > > > > There's no such policy in meta-virt. > > > > My point is that libselinux was previously a DEPENDS. Which means that it > > would always be available to be discovered/probed by the cri-o build. Which > > means that it is (at least theoretically) enabled by default when cri-o is > > used. > > > > By making this a packageconfig, and then not enabling it by default, means > > that we are changing the default behaviour. Which we won't do unless > > something is broken. > > > > > Do you think the default value should be set according to > > > DISTRO_FEATURES? Or we should just make selinux enabled by default? > > > > > > > Doing it by distro feature check is acceptable, and in theory, we should > > take it a step further and do a sed operation to change the crio.conf at > > the same time. > > > > Bruce > > > > > Regards, > > > Qi > > > > > > -----Original Message----- > > > From: Bruce Ashfield <[email protected]> > > > Sent: Friday, February 17, 2023 9:48 PM > > > To: Chen, Qi <[email protected]> > > > Cc: [email protected] > > > Subject: Re: [meta-virtualization][PATCH 2/5] cri-o: use > > > PACKAGECONFIG to handle selinux > > > > > > This still needs to be enabled by default in the packageconfig, unless > > > you can show that the existing builds were not detecting libselinux and > > > using it. > > > > > > Bruce > > > > > > On Fri, Feb 17, 2023 at 12:32 AM Chen Qi <[email protected]> wrote: > > > > > > > > For cri-o, libselinux is optional, this can be seen from its Makefile. > > > > So let's make selinux optional by using PACKAGECONFIG. > > > > In this way, meta-selinux dependency could be removed. > > > > > > > > Signed-off-by: Chen Qi <[email protected]> > > > > --- > > > > recipes-containers/cri-o/cri-o_git.bb | 4 ++-- > > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/recipes-containers/cri-o/cri-o_git.bb > > > > b/recipes-containers/cri-o/cri-o_git.bb > > > > index 66d1116..7af698f 100644 > > > > --- a/recipes-containers/cri-o/cri-o_git.bb > > > > +++ b/recipes-containers/cri-o/cri-o_git.bb > > > > @@ -39,14 +39,14 @@ DEPENDS = " \ > > > > ostree \ > > > > libdevmapper \ > > > > libseccomp \ > > > > - libselinux \ > > > > " > > > > RDEPENDS:${PN} = " \ > > > > cni \ > > > > libdevmapper \ > > > > " > > > > > > > > -SKIP_RECIPE[cri-o] ?= "${@bb.utils.contains('BBFILE_COLLECTIONS', > > > > 'selinux', '', 'Depends on libselinux from meta-selinux which is not > > > > included', d)}" > > > > +PACKAGECONFIG ?= "" > > > > +PACKAGECONFIG[selinux] = ",,libselinux" > > > > > > > > PACKAGES =+ "${PN}-config" > > > > > > > > -- > > > > 2.37.1 > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > - Thou shalt not follow the NULL pointer, for chaos and madness > > > await thee at its end > > > - "Use the force Harry" - Gandalf, Star Trek II > > > > > > > > -- > > - Thou shalt not follow the NULL pointer, for chaos and madness await > > thee at its end > > - "Use the force Harry" - Gandalf, Star Trek II > > > > -- > - Thou shalt not follow the NULL pointer, for chaos and madness await thee at > its end > - "Use the force Harry" - Gandalf, Star Trek II -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7879): https://lists.yoctoproject.org/g/meta-virtualization/message/7879 Mute This Topic: https://lists.yoctoproject.org/mt/97023221/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/leave/6693005/21656/1014668956/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
