| Message ID | 20211026024929.535519-1-zohar@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [ima-evm-utils,1/2] switch to using crun for podman | expand |
Hi Mimi, > Fix for: > "container_linux.go:367: starting container process caused: error > adding seccomp filter rule for syscall bdflush: permission denied": > OCI permission denied" I was surprised crun is updated but runc not, but LGTM. It'd be nice if somebody test it with public travis (I no longer have access). Reviewed-by: Petr Vorel <petr.vorel@gmail.com> IMHO from a long term perspective it'd be nice to create GitHub Actions profile (but that's not related to this patchset). Kind regards, Petr
Hi Petr, On Tue, 2021-10-26 at 14:12 +0200, Petr Vorel wrote: > Hi Mimi, > > > Fix for: > > > "container_linux.go:367: starting container process caused: error > > adding seccomp filter rule for syscall bdflush: permission denied": > > OCI permission denied" > > I was surprised crun is updated but runc not, but LGTM. > It'd be nice if somebody test it with public travis (I no longer have access). Stefan tested on the public travis, which resulted in updating Alpine, Fedora, and Alt to use podman and crun. Other than the alt:sisyphus image prompt, the tests all pass. I assume this is intermittent. Please select an image: ▸ docker.io/library/alt:sisyphus quay.io/alt:sisyphus > > Reviewed-by: Petr Vorel <petr.vorel@gmail.com> thanks! Mimi > > IMHO from a long term perspective it'd be nice to create GitHub Actions profile > (but that's not related to this patchset).
diff --git a/.travis.yml b/.travis.yml index 9d56c963ee03..ba652ceb32bc 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,7 +32,7 @@ matrix: # glibc (gcc/clang) - os: linux - env: DISTRO=opensuse/tumbleweed TSS=ibmtss CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/runc --network=host" COMPILE_SSL=openssl-3.0.0-beta1 + env: DISTRO=opensuse/tumbleweed TSS=ibmtss CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host" COMPILE_SSL=openssl-3.0.0-beta1 compiler: clang - os: linux @@ -72,7 +72,8 @@ matrix: compiler: gcc before_install: - # Tumbleweed requires podman and newest runc due docker incompatible with glibc 2.33 (faccessat2) + # Tumbleweed requires podman due docker incompatible with glibc 2.33 + # (faccessat2) and crun (for clone3). - CONTAINER="${CONTAINER:-docker}" - > if [ "$CONTAINER" = "podman" ]; then @@ -81,11 +82,7 @@ before_install: sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key -O- | sudo apt-key add - sudo apt update - sudo apt -y install podman slirp4netns - - # runc - sudo curl -L https://github.com/opencontainers/runc/releases/download/v1.0.0-rc93/runc.amd64 -o /usr/bin/runc - sudo chmod +x /usr/bin/runc + sudo apt -y install podman slirp4netns crun fi - $CONTAINER info
Fix for: "container_linux.go:367: starting container process caused: error adding seccomp filter rule for syscall bdflush: permission denied": OCI permission denied" Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- .travis.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-)