Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DNM] ci/cirrus: run rootless tests on CentOS 7 #4068

Closed
wants to merge 2 commits into from
Closed

[DNM] ci/cirrus: run rootless tests on CentOS 7 #4068

wants to merge 2 commits into from

Conversation

kolyshkin
Copy link
Contributor

Investigating #2473 (#2473 (comment))

@kolyshkin kolyshkin changed the title ci/cirrus: run rootless tests on CentOS 7 [DNM] ci/cirrus: run rootless tests on CentOS 7 Oct 11, 2023
@kolyshkin kolyshkin force-pushed the rootless-ce7 branch 2 times, most recently from 73bdd32 to 4c18d93 Compare October 12, 2023 01:36
@kolyshkin
Copy link
Contributor Author

As I suspected, the reason is SELinux.

type=PROCTITLE msg=audit(10/12/2023 01:04:59.696:1547) : proctitle=/home/runc/tests/integration/../../runc init

type=SYSCALL msg=audit(10/12/2023 01:04:59.696:1547) : arch=x86_64 syscall=write success=no exit=EACCES(Permission denied) a0=0x9 a1=0x55d702e5abb8 a2=0x0 a3=0x0 items=0 ppid=1193 pid=1204 auid=root uid=rootless gid=rootless euid=rootless suid=rootless fsuid=rootless egid=rootless sgid=rootless fsgid=rootless tty=(none) ses=62 comm=runc:[2:INIT] exe=/home/runc/runc subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(10/12/2023 01:04:59.696:1547) : avc: denied { create } for pid=1204 comm=runc:[2:INIT] scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=key permissive=0

Let's see if we can fix this.

@kolyshkin kolyshkin force-pushed the rootless-ce7 branch 2 times, most recently from 6266d36 to 74937cc Compare October 12, 2023 02:00
@kolyshkin
ci/cirrus: run rootless tests on CentOS 7
9eb6310 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin kolyshkin force-pushed the rootless-ce7 branch 2 times, most recently from 17d5035 to 8fccb2d Compare May 10, 2024 19:39
@kolyshkin
add selinux debug
2d8a55b 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin kolyshkin closed this May 14, 2024
@kolyshkin kolyshkin mentioned this pull request May 14, 2024
Merged
@kolyshkin
Copy link
Contributor Author

Even with the selinux fixups, it does not work. I guess some kernel patches that enables rootless cgroup is missing from the CentOS 7 kernel.

Opened #4279 instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@kolyshkin