stable

container-selinux-2.163.0-2.fc33

FEDORA-2021-862d1936a6 created by dwalsh 2 years ago for Fedora 33

Update container-selinux to fix kernel issue with rootless podman

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2021-862d1936a6

This update has been submitted for testing by dwalsh.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon cevich commented 2 years ago

@dwalsh what is this suppose to address?

Using podman CI's hack/get_ci_vm.sh, manually updating the VM with all latest packages (including kernel), installing this update, then running the podman int podman fedora-33 root host tests, I'm still seeing this all over the place:

[BeforeEach] Podman exec
  /var/tmp/go/src/github.com/containers/podman/test/e2e/exec_test.go:21
[It] podman exec --privileged with user
  /var/tmp/go/src/github.com/containers/podman/test/e2e/exec_test.go:311
Running: /var/tmp/go/src/github.com/containers/podman/bin/podman --storage-opt vfs.imagestore=/tmp/podman/imagecachedir --root /tmp/podman_test992079153/crio --runroot /tmp/podman_test992079153/crio-run --runtime crun --conmon /usr/bin/conmon --cni-config-dir /etc/cni/net.d --cgroup-manager systemd --tmpdir /tmp/podman_test992079153 --events-backend file --storage-driver vfs run --privileged --user=bin --rm quay.io/libpod/alpine:latest sh -c grep ^CapBnd /proc/self/status | cut -f 2
Error: open /dev/dma_heap: permission denied

FWIW: The vast majority (maybe all) of test failures involve the podman --privileged argument.

User Icon cevich provided feedback 2 years ago
karma

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

2 years ago
User Icon dwalsh commented 2 years ago

That is an selinux-policy issue nothing to do with this package. But anyways this package was broken and a new version should be showing up.

The dma_heap, problem should be fixed by updating to the latest selinux-policy package.

User Icon cevich commented & provided feedback 2 years ago
karma

nothing to do with this package

Okay, you would know best. I'll flip karma positive then, since I didn't notice anything else but the dma_heap problem.

The dma_heap, problem should be fixed by updating to the latest selinux-policy package.

So I guess we're still waiting for the selinux-policy update then? The testing I ran was on a fully updated VM (as of a few hours ago).

User Icon dwalsh commented 2 years ago

This update has been unpushed.

User Icon dwalsh commented 2 years ago

Chris if you try out selinux-policy-3.14.6-39.fc33 and update karma it should get pushed, but it looks like it will be released this weekend.

User Icon cevich commented 2 years ago

Ref: https://bodhi.fedoraproject.org/updates/FEDORA-2021-3b341e9e71

Testing with this, and that on a fully updated F33 VM.

User Icon cevich commented & provided feedback 2 years ago
karma

Confirmed, all issues fixed with these two updates, only flakes remain.

This update has been submitted for testing by dwalsh.

2 years ago

This update has been pushed to testing.

2 years ago

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by dwalsh.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
unspecified
Karma
1
Signed
Content Type
RPM
Test Gating
Builds
1
container-selinux-2.163.0-2.fc33
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
container-selinux-2.163.0-2.fc33

Automated Test Results

Copyright © 2007-2023 Red Hat, Inc. and others.

Running bodhi-server 7.2.2 on bodhi-web-115-9vk65.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy