Re: [atomic-devel] We are looking at using OSTree as a backend for sharing file systems into an OCID Container runtime

On Fri, Oct 14, 2016, at 02:37 PM, Daniel J Walsh wrote: > If we block the creation of the devices when exploding a OCI Image > Bundle, we end up with something that is different then what is > downloaded and this could potentially cause problems with mtree checking > of the image on disk versus

Re: [atomic-devel] How to apply non-atomic tuned profiles to atomic host

On Wed, Oct 12, 2016 at 10:29 AM, Colin Walters wrote: > > On Tue, Oct 11, 2016, at 02:45 PM, Jeremy Eder wrote: > > Because layered products (not just OpenShift) do not want to be coupled to > the RHEL release schedule to update their profiles. They want to own their >

Re: [atomic-devel] How to apply non-atomic tuned profiles to atomic host

On Fri, Oct 14, 2016 at 7:40 AM, Jeremy Eder wrote: > On Wed, Oct 12, 2016 at 10:29 AM, Colin Walters > wrote: > >> >> On Tue, Oct 11, 2016, at 02:45 PM, Jeremy Eder wrote: >> >> Because layered products (not just OpenShift) do not want to be coupled >> to

[atomic-devel] bubblewrap 0.1.3 (fixes CVE-2016-8659)

A new release of bubblewrap is available: https://github.com/projectatomic/bubblewrap/releases/tag/v0.1.3 Which fixes a local privilege escalation. Specifically relevant to Project Atomic, this applies only to CentOS7/RHEL7 systems which have bubblewrap installed as privileged code. Notably,

[atomic-devel] We are looking at using OSTree as a backend for sharing file systems into an OCID Container runtime

We are seeing the same problem that William Temple had this summer, where OSTree refuses to store an image with devices on it. We understand that devices should not be in image, but sadly Ubuntu image has them and therefore thousands of other images do as well. If we block the creation of the

Re: [atomic-devel] bubblewrap 0.1.3 (fixes CVE-2016-8659)

On Fri, Oct 14, 2016, at 12:53 PM, Colin Walters wrote: > A new release of bubblewrap is available: > > https://github.com/projectatomic/bubblewrap/releases/tag/v0.1.3 ... > So, expect updates to land in: > > - EPEL7 https://bodhi.fedoraproject.org/updates/bubblewrap-0.1.3-2.el7 > -