From: Mimi Zohar <zohar@linux.ibm.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>,
Petr Vorel <petr.vorel@gmail.com>,
Vitaly Chikunov <vt@altlinux.org>
Subject: [PATCH ima-evm-utils 1/2] switch to using crun for podman
Date: Mon, 25 Oct 2021 22:49:28 -0400 [thread overview]
Message-ID: <20211026024929.535519-1-zohar@linux.ibm.com> (raw)
Fix for:
"container_linux.go:367: starting container process caused: error
adding seccomp filter rule for syscall bdflush: permission denied":
OCI permission denied"
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
.travis.yml | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 9d56c963ee03..ba652ceb32bc 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -32,7 +32,7 @@ matrix:
# glibc (gcc/clang)
- os: linux
- env: DISTRO=opensuse/tumbleweed TSS=ibmtss CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/runc --network=host" COMPILE_SSL=openssl-3.0.0-beta1
+ env: DISTRO=opensuse/tumbleweed TSS=ibmtss CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host" COMPILE_SSL=openssl-3.0.0-beta1
compiler: clang
- os: linux
@@ -72,7 +72,8 @@ matrix:
compiler: gcc
before_install:
- # Tumbleweed requires podman and newest runc due docker incompatible with glibc 2.33 (faccessat2)
+ # Tumbleweed requires podman due docker incompatible with glibc 2.33
+ # (faccessat2) and crun (for clone3).
- CONTAINER="${CONTAINER:-docker}"
- >
if [ "$CONTAINER" = "podman" ]; then
@@ -81,11 +82,7 @@ before_install:
sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list"
wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key -O- | sudo apt-key add -
sudo apt update
- sudo apt -y install podman slirp4netns
-
- # runc
- sudo curl -L https://github.com/opencontainers/runc/releases/download/v1.0.0-rc93/runc.amd64 -o /usr/bin/runc
- sudo chmod +x /usr/bin/runc
+ sudo apt -y install podman slirp4netns crun
fi
- $CONTAINER info
--
2.27.0
next reply other threads:[~2021-10-26 2:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-26 2:49 Mimi Zohar [this message]
2021-10-26 2:49 ` [PATCH ima-evm-utils 2/2] upgrade to glibc-2.34 uses clone3 causing CI to fail Mimi Zohar
2021-10-26 14:30 ` Vitaly Chikunov
2021-10-26 22:07 ` Petr Vorel
2021-11-01 6:13 ` Dmitry V. Levin
2021-10-26 12:12 ` [PATCH ima-evm-utils 1/2] switch to using crun for podman Petr Vorel
2021-11-01 18:39 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211026024929.535519-1-zohar@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=petr.vorel@gmail.com \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).