To test this build on a Fedora IoT system, run:
ARCH=$(uname -m)
rpm-ostree override replace https://kojipkgs.fedoraproject.org//packages/greenboot/0.15.5/2.fc40/${ARCH}/greenboot-0.15.5-2.fc40.${ARCH}.rpm https://kojipkgs.fedoraproject.org//packages/greenboot/0.15.5/2.fc40/${ARCH}/greenboot-default-health-checks-0.15.5-2.fc40.${ARCH}.rpm
systemctl reboot
Fixed my container build failure
Did an rpm-ostree override replace
with this build in an FCOS VM and performed some sanity testing.
Verified that the /var/lib/containers
fix was present, too.
Still looks like https://github.com/containers/libpod/issues/1752 isn't fixed in this build:
# rpm -q podman
podman-0.10.1.3-4.gitdb08685.fc29.x86_64
# podman run --rm -it docker.io/alpine ping -c 3 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: seq=0 ttl=47 time=11.410 ms
64 bytes from 1.1.1.1: seq=1 ttl=47 time=11.281 ms
64 bytes from 1.1.1.1: seq=2 ttl=47 time=11.331 ms
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 11.281/11.340/11.410 ms
# systemctl reboot
...
# rpm -q podman
podman-0.11.1-1.gita4adfe5.fc29.x86_64
# podman run --rm -it docker.io/alpine ping -c 3 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
Fixes containers/libpod#1575 which was biting me with 0.9.3.1
This appears to break rpm-ostree install
functionality on F29 Atomic Host. Specifically, the writing out of the bootloader as the final piece of the install operation.
# rpm-ostree status
State: idle
AutomaticUpdates: disabled
Deployments:
● ostree://fedora-atomic:fedora/29/x86_64/testing/atomic-host
Version: 29.20181003.0 (2018-10-03 14:59:08)
Commit: 5dbe63cb0db058eedba63e645df08ff4c0b0b4a8bf20e1862e4921b5232cd5d1
GPGSignature: Valid signature by 5A03B4DD8254ECA02FDA1637A20AA56B429476B4
# rpm-ostree install wget
Checking out tree 5dbe63c... done
Enabled rpm-md repositories: updates-testing updates fedora
rpm-md repo 'updates-testing' (cached); generated: 2018-10-01 21:51:38
rpm-md repo 'updates' (cached); generated: 2018-02-20 19:18:14
rpm-md repo 'fedora' (cached); generated: 2018-10-02 09:59:20
Importing metadata [=============] 100%
Resolving dependencies... done
Checking out packages (1/1) [=============] 100%
Running pre scripts... 0 done
Running post scripts... 7 done
Writing rpmdb... done
Writing OSTree commit... done
Freed: 16.5 MB (pkgcache branches: 0)
Added:
wget-1.19.5-5.fc29.x86_64
Run "systemctl reboot" to start a reboot
# ostree admin finalize-staged
error: Bootloader write config: grub2-mkconfig: Child process exited with code 1
See https://github.com/projectatomic/rpm-ostree/issues/1598 for more info
Doh...BZ#1595316 was for F28 and was already closed as NOTABUG. But BZ#1595300 is against F27 for the same error...that's the BZ that should be attached to the update.
I had to generate a custom F27 Atomic Host compose to include this update in order to verify it works, but it does fix BZ#1595316 for me. Thanks!
I'm unable to run any containers using docker run
. See https://bugzilla.redhat.com/show_bug.cgi?id=1595300
# docker run --rm -it registry.fedoraproject.org/fedora:28 echo 'hello'
standard_init_linux.go:178: exec user process caused "permission denied"
# journalctl -b | grep 'avc: denied'
Jun 26 14:32:40 micah-f27ah-vm0626ba.localdomain audit[1253]: AVC avc: denied { entrypoint } for pid=1253 comm="runc:[2:INIT]" path="/usr/bin/echo" dev="dm-0" ino=16780467 scontext=system_u:system_r:container_t:s0:c491,c888 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
# ls -lZ /var/lib/docker
total 0
drwx------. 2 root root system_u:object_r:unlabeled_t:s0 6 Jun 26 14:32 containers
drwx------. 3 root root system_u:object_r:unlabeled_t:s0 22 Jun 26 14:08 image
drwxr-x---. 3 root root system_u:object_r:unlabeled_t:s0 19 Jun 26 14:08 network
drwx------. 4 root root system_u:object_r:unlabeled_t:s0 112 Jun 26 14:32 overlay2
drwx------. 4 root root system_u:object_r:unlabeled_t:s0 32 Jun 26 14:08 plugins
drwx------. 2 root root system_u:object_r:unlabeled_t:s0 6 Jun 26 14:08 swarm
drwx------. 2 root root system_u:object_r:unlabeled_t:s0 6 Jun 26 14:17 tmp
drwx------. 2 root root system_u:object_r:unlabeled_t:s0 6 Jun 26 14:08 trust
drwx------. 2 root root system_u:object_r:unlabeled_t:s0 25 Jun 26 14:08 volumes
Successfully ran the sanity atomic-host-tests against a custom tree with this build included.
Fixes the linked BZ for me, too.
Fixes https://gitlab.com/fedora/bootc/tracker/-/issues/54