Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-11 Thread nicolas . mailhot
De: "Mark Wielaard" >On Wed, 2017-10-11 at 20:36 +0200, nicolas.mail...@laposte.net wrote: >> De: "Frank Ch. Eigler"  > >> > nicolas.mailhot wrote: >> > >> > > [...] >> > > extracting debug info from >> > > /builddir/build/BUILDROOT/golang-github-performancecopilot-speed- >> > >

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-11 Thread Mark Wielaard
On Wed, 2017-10-11 at 20:36 +0200, nicolas.mail...@laposte.net wrote: > De: "Frank Ch. Eigler"  > > > nicolas.mailhot wrote: > > > > > [...] > > > extracting debug info from > > > /builddir/build/BUILDROOT/golang-github-performancecopilot-speed- > > > 2.0.0-1.el7.llt.x86_64/usr/bin/mmvdump > > >

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-11 Thread nicolas . mailhot
De: "Frank Ch. Eigler" |nicolas.mailhot wrote: | |> [...] |> extracting debug info from |> /builddir/build/BUILDROOT/golang-github-performancecopilot-speed-2.0.0-1.el7.llt.x86_64/usr/bin/mmvdump |> *** ERROR: No build ID note found in |>

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-11 Thread Frank Ch. Eigler
nicolas.mailhot wrote: > [...] > extracting debug info from > /builddir/build/BUILDROOT/golang-github-performancecopilot-speed-2.0.0-1.el7.llt.x86_64/usr/bin/mmvdump > *** ERROR: No build ID note found in >

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-11 Thread nicolas . mailhot
Hi, BTW since we are talking about debug and future tech, what is the correct way (as of rawhide and EPEL 7) to handle extracting debug info from /builddir/build/BUILDROOT/golang-github-performancecopilot-speed-2.0.0-1.el7.llt.x86_64/usr/bin/mmvdump *** ERROR: No build ID note found in

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-06 Thread Daniel Walsh
On 10/06/2017 10:14 AM, Mark Wielaard wrote: On Mon, 2017-09-18 at 16:48 +0200, Tomas Tomecek wrote: we managed to move tools container from Fedora Dockerfiles github repo to Fedora infra [1]. As a side effects, we put systemtap in a dedicated container. We would very much appreciate your

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-06 Thread Tomas Tomecek
Thank you for figuring this out! I fixed in dist-git: https://src.fedoraproject.org/container/systemtap/c/a8a59cacb440aacc150fad8a94d264d53a341baf?branch=master Can't build in OSBS, seems like the service is having issues. Tomas On Thu, Oct 5, 2017 at 7:50 PM, Jeremy Eder

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Daniel Walsh
On 10/05/2017 01:55 PM, Frank Ch. Eigler wrote: Hi, Dan - On Thu, Oct 05, 2017 at 01:49:48PM -0400, Daniel Walsh wrote: [...] But really for something like this, it would be better to just run it --privileged. There is [no] security confinement present in what you are doing. Yup. I thought

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Frank Ch. Eigler
Hi, Dan - On Thu, Oct 05, 2017 at 01:49:48PM -0400, Daniel Walsh wrote: > [...] > But really for something like this, it would be better to just run > it --privileged. There is [no] security confinement present in what > you are doing. Yup. I thought "atomic run --spc" would imply "docker run

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Daniel Walsh
On 10/05/2017 01:47 PM, Frank Ch. Eigler wrote: Hi, Dan - Could you show the docker line that atomic run is executing? % atomic run --spc candidate-registry.fedoraproject.org/f26/systemtap /usr/share/systemtap/examples/io/iotop.stp docker run --cap-add SYS_MODULE -v

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Frank Ch. Eigler
Hi, Dan - > Could you show the docker line that atomic run is executing? % atomic run --spc candidate-registry.fedoraproject.org/f26/systemtap /usr/share/systemtap/examples/io/iotop.stp docker run --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/kernel/debug -v

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Daniel Walsh
On 10/05/2017 01:38 PM, Jeremy Eder wrote: I don't see any avc when it fails while label:disable is set. I ran semodule -DB and retried. I now see dontaudit stuff but still no interesting denials. I'm not sure if you were talking to me or Frank with the atomic command line... I pulled the

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Daniel Walsh
On 10/05/2017 01:18 PM, Jeremy Eder wrote: setenforce 0 works...security-opt label:disable does not. On Thu, Oct 5, 2017 at 1:06 PM, Daniel Walsh > wrote: On 10/05/2017 01:00 PM, Frank Ch. Eigler wrote: wcohen forwarded:

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Daniel Walsh
On 10/05/2017 01:11 PM, Frank Ch. Eigler wrote: Hi, Dan - [...] Rather then putting the system into permissive mode, you should run a privileged container "atomic run --spc " fails similarly on f26, despite its underlying "docker run --cap-add SYS_MODULE ..." parts. or at least disable

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Frank Ch. Eigler
Hi, Dan - > [...] > Rather then putting the system into permissive mode, you should run > a privileged container "atomic run --spc " fails similarly on f26, despite its underlying "docker run --cap-add SYS_MODULE ..." parts. > or at least disable SELinux protections. > > docker run -ti

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Daniel Walsh
On 10/05/2017 01:00 PM, Frank Ch. Eigler wrote: wcohen forwarded: [...] [root@dhcp23-91 ~]# atomic run --spc candidate-registry.fedoraproject.org/f26/systemtap docker run --cap-add SYS_MODULE -v

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Frank Ch. Eigler
wcohen forwarded: > [...] >> [root@dhcp23-91 ~]# atomic run --spc >> candidate-registry.fedoraproject.org/f26/systemtap >> >> docker run --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/kernel/debug >> -v

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread William Cohen
On 10/05/2017 10:33 AM, Jeremy Eder wrote: > Forgot to add Will Cohen (discussed stap errors with him briefly).  Also my > replies won't make it to the dev list since I am not subscribed (just fyi I > guess). > > On Thu, Oct 5, 2017 at 9:10 AM, Jeremy Eder

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Tomas Tomecek
Not sure if the question is for me -- I literally have no idea how to do that. Let me know how I can help, Tomas On Thu, Oct 5, 2017 at 5:04 AM, Dusty Mabe wrote: > > > On 09/18/2017 10:48 AM, Tomas Tomecek wrote: > > Hello, > > > > we managed to move tools container

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-04 Thread Dusty Mabe
On 09/18/2017 10:48 AM, Tomas Tomecek wrote: > Hello, > > we managed to move tools container from Fedora Dockerfiles github repo to > Fedora infra [1]. As a side effects, we put systemtap in a dedicated > container. > > We would very much appreciate your feedback here: so if you have some