Ran docker-autotest on podman-1.2.0-2.git3bd528e.fc29; no regressions or problems seen.
Tested with podman; lgtm
LGTM
Minor issues (#2473 and #2530); otherwise LGTM
@dustymabe too many to list. All are fixed in master, 1.1.1 coming soon.
I'm gonna have to vote for 1.1.1.
Sorry for not catching these earlier. I have test setups optimized for testing RPMs; nothing that will (without lots of manual effort) build from sources.
Installs cleanly. Ran test suite against mildly-tweaked podman-1.0, passes expected tests. LGTM.
Two regressions, neither is a blocker. LGTM.
Two regressions, neither is a blocker. LGTM.
AVC was due to a fedora 28 problem on fresh installs. After resolving, podman now passes expected set of tests.
LGTM. Passes expected subsets of docker-autotest suite as root and nonroot.
After full dnf upgrade and reboot, I now get:
# podman run alpine date
Error relocating /lib/ld-musl-x86_64.so.1: RELRO protection failed: Permission denied
Error relocating /bin/date: RELRO protection failed: Permission denied
# echo $?
127
...and, this time I get AVCs:
type=AVC msg=audit(1545067349.224:320): avc: denied { read write } for pid=2156 comm="date" path="/dev/null" dev="tmpfs" ino=27403 scontext=system_u:system_r:container_t:s0:c804,c891 tcontext=system_u:object_r:container_file_t:s0:c804,c891 tclass=chr_file permissive=0
type=AVC msg=audit(1545067349.224:321): avc: denied { read } for pid=2156 comm="date" path="/lib/ld-musl-x86_64.so.1" dev="vda1" ino=525411 scontext=system_u:system_r:container_t:s0:c804,c891 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
type=AVC msg=audit(1545067349.224:322): avc: denied { read } for pid=2156 comm="date" path="/bin/busybox" dev="vda1" ino=525253 scontext=system_u:system_r:container_t:s0:c804,c891 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
(last time, no AVCs). Surprisingly, it works as nonroot:
$ podman run alpine date
Mon Dec 17 17:25:25 UTC 2018
container-selinux-2.76-1.git87fae85.fc28.noarch
run
doesn't work at all:
# podman run alpine date
# echo $?
139
Debug log shows nothing useful.
Issues with nonroot, but otherwise LGTM
Addresses the AVC when running systemd-notify under podman, ref: libpod #746
Still some unresolved issues; one new iptables-related weirdness, will investigate further on Monday. Otherwise LGTM.
Tested root & rootless; LGTM
Ran through docker-autotest; LGTM