Re: [atomic-devel] tools and systemtap containers are available in Fedora

De: "Mark Wielaard" >On Wed, 2017-10-11 at 20:36 +0200, nicolas.mail...@laposte.net wrote: >> De: "Frank Ch. Eigler"  > >> > nicolas.mailhot wrote: >> > >> > > [...] >> > > extracting debug info from >> > > /builddir/build/BUILDROOT/golang-github-performancecopilot-speed- >> > > 2.0.0-1.el7.ll

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On Wed, 2017-10-11 at 20:36 +0200, nicolas.mail...@laposte.net wrote: > De: "Frank Ch. Eigler"  > > > nicolas.mailhot wrote: > > > > > [...] > > > extracting debug info from > > > /builddir/build/BUILDROOT/golang-github-performancecopilot-speed- > > > 2.0.0-1.el7.llt.x86_64/usr/bin/mmvdump > > >

Re: [atomic-devel] tools and systemtap containers are available in Fedora

De: "Frank Ch. Eigler" |nicolas.mailhot wrote: | |> [...] |> extracting debug info from |> /builddir/build/BUILDROOT/golang-github-performancecopilot-speed-2.0.0-1.el7.llt.x86_64/usr/bin/mmvdump |> *** ERROR: No build ID note found in |> /builddir/build/BUILDROOT/golang-github-performancecopil

Re: [atomic-devel] tools and systemtap containers are available in Fedora

nicolas.mailhot wrote: > [...] > extracting debug info from > /builddir/build/BUILDROOT/golang-github-performancecopilot-speed-2.0.0-1.el7.llt.x86_64/usr/bin/mmvdump > *** ERROR: No build ID note found in > /builddir/build/BUILDROOT/golang-github-performancecopilot-speed-2.0.0-1.el7.llt.x86_64/us

Re: tools and systemtap containers are available in Fedora

Hi Tomas, On Fri, 2017-10-06 at 20:09 +0200, Tomas Tomecek wrote: > Mark, thanks for feedback! > > I'll be honest that I left gcc and gdb in there by accident. As Dan > said, we are trying to reduce size of that container so it's easier > to use. Who decides what's in it? > This was an internal

Re: [atomic-devel] tools and systemtap containers are available in Fedora

Hi, BTW since we are talking about debug and future tech, what is the correct way (as of rawhide and EPEL 7) to handle extracting debug info from /builddir/build/BUILDROOT/golang-github-performancecopilot-speed-2.0.0-1.el7.llt.x86_64/usr/bin/mmvdump *** ERROR: No build ID note found in /build

Re: tools and systemtap containers are available in Fedora

Mark, thanks for feedback! I'll be honest that I left gcc and gdb in there by accident. As Dan said, we are trying to reduce size of that container so it's easier to use. Who decides what's in it? This was an internal collaboration with multiple people -- in the end, everyone can express themselve

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/06/2017 10:14 AM, Mark Wielaard wrote: On Mon, 2017-09-18 at 16:48 +0200, Tomas Tomecek wrote: we managed to move tools container from Fedora Dockerfiles github repo to Fedora infra [1]. As a side effects, we put systemtap in a dedicated container. We would very much appreciate your feedb

Re: tools and systemtap containers are available in Fedora

On Mon, 2017-09-18 at 16:48 +0200, Tomas Tomecek wrote: > we managed to move tools container from Fedora Dockerfiles github > repo to Fedora infra [1]. As a side effects, we put systemtap in a > dedicated container. > > We would very much appreciate your feedback here What determines what goes in

Re: [atomic-devel] tools and systemtap containers are available in Fedora

Thank you for figuring this out! I fixed in dist-git: https://src.fedoraproject.org/container/systemtap/c/a8a59cacb440aacc150fad8a94d264d53a341baf?branch=master Can't build in OSBS, seems like the service is having issues. Tomas On Thu, Oct 5, 2017 at 7:50 PM, Jeremy Eder wrote: > Woops, sor

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/05/2017 01:55 PM, Frank Ch. Eigler wrote: Hi, Dan - On Thu, Oct 05, 2017 at 01:49:48PM -0400, Daniel Walsh wrote: [...] But really for something like this, it would be better to just run it --privileged. There is [no] security confinement present in what you are doing. Yup. I thought "

Re: [atomic-devel] tools and systemtap containers are available in Fedora

Hi, Dan - On Thu, Oct 05, 2017 at 01:49:48PM -0400, Daniel Walsh wrote: > [...] > But really for something like this, it would be better to just run > it --privileged. There is [no] security confinement present in what > you are doing. Yup. I thought "atomic run --spc" would imply "docker run -

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/05/2017 01:47 PM, Frank Ch. Eigler wrote: Hi, Dan - Could you show the docker line that atomic run is executing? % atomic run --spc candidate-registry.fedoraproject.org/f26/systemtap /usr/share/systemtap/examples/io/iotop.stp docker run --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/ke

Re: [atomic-devel] tools and systemtap containers are available in Fedora

Hi, Dan - > Could you show the docker line that atomic run is executing? % atomic run --spc candidate-registry.fedoraproject.org/f26/systemtap /usr/share/systemtap/examples/io/iotop.stp docker run --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/kernel/debug -v /usr/src/kernels:/usr/src/kernel

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/05/2017 01:38 PM, Jeremy Eder wrote: I don't see any avc when it fails while label:disable is set. I ran semodule -DB and retried. I now see dontaudit stuff but still no interesting denials. I'm not sure if you were talking to me or Frank with the atomic command line... I pulled the

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/05/2017 01:18 PM, Jeremy Eder wrote: setenforce 0 works...security-opt label:disable does not. On Thu, Oct 5, 2017 at 1:06 PM, Daniel Walsh > wrote: On 10/05/2017 01:00 PM, Frank Ch. Eigler wrote: wcohen forwarded: [...]

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/05/2017 01:11 PM, Frank Ch. Eigler wrote: Hi, Dan - [...] Rather then putting the system into permissive mode, you should run a privileged container "atomic run --spc " fails similarly on f26, despite its underlying "docker run --cap-add SYS_MODULE ..." parts. or at least disable S

Re: [atomic-devel] tools and systemtap containers are available in Fedora

Hi, Dan - > [...] > Rather then putting the system into permissive mode, you should run > a privileged container "atomic run --spc " fails similarly on f26, despite its underlying "docker run --cap-add SYS_MODULE ..." parts. > or at least disable SELinux protections. > > docker run -ti --se

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/05/2017 01:00 PM, Frank Ch. Eigler wrote: wcohen forwarded: [...] [root@dhcp23-91 ~]# atomic run --spc candidate-registry.fedoraproject.org/f26/systemtap docker run --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/kernel

Re: [atomic-devel] tools and systemtap containers are available in Fedora

wcohen forwarded: > [...] >> [root@dhcp23-91 ~]# atomic run --spc >> candidate-registry.fedoraproject.org/f26/systemtap >> >> docker run --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/kernel/debug >> -v /usr/src/kernels:/usr/src

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 10/05/2017 10:33 AM, Jeremy Eder wrote: > Forgot to add Will Cohen (discussed stap errors with him briefly).  Also my > replies won't make it to the dev list since I am not subscribed (just fyi I > guess). > > On Thu, Oct 5, 2017 at 9:10 AM, Jeremy Eder > wrote: > >

Re: [atomic-devel] tools and systemtap containers are available in Fedora

Not sure if the question is for me -- I literally have no idea how to do that. Let me know how I can help, Tomas On Thu, Oct 5, 2017 at 5:04 AM, Dusty Mabe wrote: > > > On 09/18/2017 10:48 AM, Tomas Tomecek wrote: > > Hello, > > > > we managed to move tools container from Fedora Dockerfiles

Re: [atomic-devel] tools and systemtap containers are available in Fedora

On 09/18/2017 10:48 AM, Tomas Tomecek wrote: > Hello, > > we managed to move tools container from Fedora Dockerfiles github repo to > Fedora infra [1]. As a side effects, we put systemtap in a dedicated > container. > > We would very much appreciate your feedback here: so if you have some tim

tools and systemtap containers are available in Fedora

Hello, we managed to move tools container from Fedora Dockerfiles github repo to Fedora infra [1]. As a side effects, we put systemtap in a dedicated container. We would very much appreciate your feedback here: so if you have some time to take a look at these containers and try them out, it would