FEDORA-2021-862d1936a6 created by dwalsh 2 months ago for Fedora 33
stable

Update container-selinux to fix kernel issue with rootless podman

How to install

sudo dnf upgrade --advisory=FEDORA-2021-862d1936a6

This update has been submitted for testing by dwalsh.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update has been pushed to testing.

2 months ago

@dwalsh what is this suppose to address?

Using podman CI's hack/get_ci_vm.sh, manually updating the VM with all latest packages (including kernel), installing this update, then running the podman int podman fedora-33 root host tests, I'm still seeing this all over the place:

[BeforeEach] Podman exec
  /var/tmp/go/src/github.com/containers/podman/test/e2e/exec_test.go:21
[It] podman exec --privileged with user
  /var/tmp/go/src/github.com/containers/podman/test/e2e/exec_test.go:311
Running: /var/tmp/go/src/github.com/containers/podman/bin/podman --storage-opt vfs.imagestore=/tmp/podman/imagecachedir --root /tmp/podman_test992079153/crio --runroot /tmp/podman_test992079153/crio-run --runtime crun --conmon /usr/bin/conmon --cni-config-dir /etc/cni/net.d --cgroup-manager systemd --tmpdir /tmp/podman_test992079153 --events-backend file --storage-driver vfs run --privileged --user=bin --rm quay.io/libpod/alpine:latest sh -c grep ^CapBnd /proc/self/status | cut -f 2
Error: open /dev/dma_heap: permission denied

FWIW: The vast majority (maybe all) of test failures involve the podman --privileged argument.

User Icon cevich provided feedback 2 months ago
karma

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

2 months ago

That is an selinux-policy issue nothing to do with this package. But anyways this package was broken and a new version should be showing up.

The dma_heap, problem should be fixed by updating to the latest selinux-policy package.

User Icon cevich commented & provided feedback 2 months ago
karma

nothing to do with this package

Okay, you would know best. I'll flip karma positive then, since I didn't notice anything else but the dma_heap problem.

The dma_heap, problem should be fixed by updating to the latest selinux-policy package.

So I guess we're still waiting for the selinux-policy update then? The testing I ran was on a fully updated VM (as of a few hours ago).

This update has been unpushed.

Chris if you try out selinux-policy-3.14.6-39.fc33 and update karma it should get pushed, but it looks like it will be released this weekend.

Ref: FEDORA-2021-3b341e9e71

Testing with this, and that on a fully updated F33 VM.

User Icon cevich commented & provided feedback 2 months ago
karma

Confirmed, all issues fixed with these two updates, only flakes remain.

This update has been submitted for testing by dwalsh.

2 months ago

This update has been pushed to testing.

2 months ago

This update can be pushed to stable now if the maintainer wishes

2 months ago

This update has been submitted for stable by dwalsh.

2 months ago

This update has been pushed to stable.

2 months ago

Please login to add feedback.

Metadata
Type
unspecified
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
2 months ago
in testing
2 months ago
in stable
2 months ago

Automated Test Results