Re: [atomic-devel] 2wk atomic release candidate: 20171003

On 10/05/2017 05:14 PM, Josh Berkus wrote: > Dusty, all: > > So I did an upgrade-and-rollback test today, and the results are kind of > alarming: I can't rollback. > > Basically, on a minnowboard, with the current release, if you upgrade, > you are forced to pave and re-install the system to

Re: [atomic-devel] 2wk atomic release candidate: 20171003

Dusty, all: So I did an upgrade-and-rollback test today, and the results are kind of alarming: I can't rollback. Basically, on a minnowboard, with the current release, if you upgrade, you are forced to pave and re-install the system to restore it to operation. I'm not in the office tommorrow

Re: [atomic-devel] what are the plans for devconf?

On 10/05/2017 03:58 AM, Tomas Tomecek wrote: > Hey guys, > > since DevConf CfP is now open, what talks are you planning to do? > > For our team (containerization) we are planning to finish proposals this > sprint, which I hope we'll manage to do next week. > > Specifically, I'm interested to

[atomic-devel] Announcing CRI-O 1.0.0-rc3

We are happy to announce the release of CRI-O v1.0.0-rc3 . A big thanks to our maintainers and contributors from Red Hat, Intel, SUSE, Hyper, IBM and others. Highlights of the release: 1. Support for limiting

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/05/2017 01:55 PM, Frank Ch. Eigler wrote: Hi, Dan - On Thu, Oct 05, 2017 at 01:49:48PM -0400, Daniel Walsh wrote: [...] But really for something like this, it would be better to just run it --privileged. There is [no] security confinement present in what you are doing. Yup. I thought

Re: [atomic-devel] tools and systemtap containers are available in Fedora

Woops, sorry Dan, my bad. That was a relic from earlier, when I tried sys_admin. Looks like --security-opt label:disable is enough to get it going. # docker run --security-opt label:disable --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/kernel/debug -v /usr/src/kernels:/usr/src/kernels -v

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/05/2017 01:47 PM, Frank Ch. Eigler wrote: Hi, Dan - Could you show the docker line that atomic run is executing? % atomic run --spc candidate-registry.fedoraproject.org/f26/systemtap /usr/share/systemtap/examples/io/iotop.stp docker run --cap-add SYS_MODULE -v

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/05/2017 01:38 PM, Jeremy Eder wrote: I don't see any avc when it fails while label:disable is set. I ran semodule -DB and retried. I now see dontaudit stuff but still no interesting denials. I'm not sure if you were talking to me or Frank with the atomic command line... I pulled the

Re: [atomic-devel] tools and systemtap containers are available in Fedora

I don't see any avc when it fails while label:disable is set. I ran semodule -DB and retried. I now see dontaudit stuff but still no interesting denials. I'm not sure if you were talking to me or Frank with the atomic command line... I pulled the label out docker inspect on the systemtap image

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/05/2017 01:18 PM, Jeremy Eder wrote: setenforce 0 works...security-opt label:disable does not. On Thu, Oct 5, 2017 at 1:06 PM, Daniel Walsh > wrote: On 10/05/2017 01:00 PM, Frank Ch. Eigler wrote: wcohen forwarded:

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/05/2017 01:11 PM, Frank Ch. Eigler wrote: Hi, Dan - [...] Rather then putting the system into permissive mode, you should run a privileged container "atomic run --spc " fails similarly on f26, despite its underlying "docker run --cap-add SYS_MODULE ..." parts. or at least disable

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/05/2017 10:33 AM, Jeremy Eder wrote: > Forgot to add Will Cohen (discussed stap errors with him briefly).  Also my > replies won't make it to the dev list since I am not subscribed (just fyi I > guess). > > On Thu, Oct 5, 2017 at 9:10 AM, Jeremy Eder

Re: [atomic-devel] tools and systemtap containers are available in Fedora

Jeremy, thanks a lot for trying this out! > my god tmux is in here?? yes! That's the reason I added it :D > ​systemtap (aww, no readme?) There should be this [1] help file (in roff format) placed in the container. I didn't run into the issue you are experencing. I think it could be related

Re: [atomic-devel] tools and systemtap containers are available in Fedora

Forgot to add Will Cohen (discussed stap errors with him briefly). Also my replies won't make it to the dev list since I am not subscribed (just fyi I guess). On Thu, Oct 5, 2017 at 9:10 AM, Jeremy Eder wrote: > First of all, that readme is awesome. > > spot checking the

Re: [atomic-devel] Fedora Atomic Host Two Week Release Announcement

On 10/04/2017 10:47 PM, nore...@fedoraproject.org wrote: > > A new Fedora Atomic Host update is available via an OSTree commit: > > Commit: 541abd650d1ffb3929e2ba8114436a0b04ee41da76a691af669dd037589a1421 > Version: 26.141 > > > Existing systems can be upgraded in place via e.g. `atomic host

[atomic-devel] docs hackfest...next steps?

Hey, so we had a docs hackfest at Flock, which was great. I was very inspired. Honestly I am terrible about writing docs, and there's many days I feel like we'd be in a lot better place if we were better about this. So the result of the hackfest was:

Re: [atomic-devel] tools and systemtap containers are available in Fedora

First of all, that readme is awesome. spot checking the tools container...seems to all "just work" when I run it with atomic run ... blktrace works ethtool works (-K -i -c -S specifically) netstat works pstack works perf top,record,report works iotop works slabtop works lstopo works htop works

Re: [atomic-devel] Discussion: How to keep image files in sync across repos

On Wed, Oct 4, 2017 at 1:54 PM, Giuseppe Scrivano wrote: > for the system containers in principle there might be more differences, > like in the config.json.template file. Agreed. If we can split these differences up into components it should become easier to generate the

Re: [atomic-devel] tools and systemtap containers are available in Fedora

Not sure if the question is for me -- I literally have no idea how to do that. Let me know how I can help, Tomas On Thu, Oct 5, 2017 at 5:04 AM, Dusty Mabe wrote: > > > On 09/18/2017 10:48 AM, Tomas Tomecek wrote: > > Hello, > > > > we managed to move tools container