[pkg-go] Bug#988445: libpod: Please drop (build-)dependency against golang-github-seccomp-containers-golang-dev
Source: libpod Version: 3.0.1+dfsg1-2 Severity: normal Hello, golang-github-seccomp-containers-golang-dev is now deprecated in favor of container-common podman still (build-)dependency against golang-github-seccomp-containers-golang-dev Could you drop that (build-)dependency? Kind regards, Laurent Bigonville -- System Information: Debian Release: 11.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy ___ Pkg-go-maintainers mailing list Pkg-go-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers
[pkg-go] Bug#988441: golang-github-seccomp-libseccomp-golang: Please update to a newer version
Source: golang-github-seccomp-libseccomp-golang Version: 0.9.1-2 Severity: wishlist Hello, The current version of golang-github-seccomp-libseccomp-golang in debian is from May 2019. There are no new tagged version ATM, but there was some developement since then. I guess a git snapshot should be made to include these changes Kind regards, Laurent Bigonville -- System Information: Debian Release: 11.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy ___ Pkg-go-maintainers mailing list Pkg-go-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers
[pkg-go] Bug#987207: podman not running out-of-the-box as root
Hello,
So the problem here is, again, linked to the fact that I'm using a test
SELinux policy that doesn't contain all the needed contexts, so yeah
it's a mix of configuration issue and the fact that podman is not
ignoring these errors if SELinux is in permissive. I'll ping upstream again.
So the remaining problem here is iptables command not being installed
(and the seccomp.json file missing to a lower extend)
Le 21/04/21 à 10:21, Laurent Bigonville a écrit :
Hello,
I just did a minimal test VM and... it indeed works...
I'll investigate why on my machine it's not working.
But, on the test VM, podman still fails because "iptables" is not
installed, only "nft" is intalled by default now. So there is still a
problem here.
Le 21/04/21 à 05:02, Reinhard Tartler a écrit :
Control: tag -1 moreinfo
Hi Laurent,
I've downloaded the Bullseye Alpha 3 debian installer and installed
using kvm to have a super clean new system. Unfortunately, I was
unable to reproduce the issue that you described below. (I did find
some issues with rootless podman outside of a gnome-session, but
that's a different story).
The symptoms sound a lot like described in this upstream bug:
https://github.com/containers/podman/issues/5721
<https://github.com/containers/podman/issues/5721>
Can you please compare your notes with that upstream bug? Can you
confirm that the 'overlay' kernel module is loaded? (in my test, it
was loaded automatically). If you still think this is an issue in the
Debian package, please let me know. I may require your assistance
with reproducing this issue.
-rt
On Mon, Apr 19, 2021 at 11:54 AM Laurent Bigonville <mailto:bi...@debian.org>> wrote:
Package: podman
Version: 3.0.1+dfsg1-1
Severity: serious
Hello,
After installing podman, I cannot run it as root out of the box as it
fails with:
ERRO[] [graphdriver] prior storage driver overlay failed:
kernel does not support overlay fs: 'overlay' is not supported
over extfs at "/var/lib/containers/storage/overlay": backing file
system is unsupported for this graph driver
Error: kernel does not support overlay fs: 'overlay' is not
supported over extfs at "/var/lib/containers/storage/overlay":
backing file system is unsupported for this graph driver
Looking at fedora it seems that they have a containers-common package
that ships a default storage.conf file:
https://src.fedoraproject.org/rpms/containers-common/blob/rawhide/f/storage.conf
<https://src.fedoraproject.org/rpms/containers-common/blob/rawhide/f/storage.conf>
I see that the debian package is shipping a file in
/usr/share/containers/storage.conf (in the containers-storage
package),
but that file is apparently not read (strace only shows that the
file in
/etc/containers is read) and anyway unlike in fedora:
1) the driver is not set to overlay
2) the file is installed only if the containers-storage package is
installed, which is not done by default.
3) that file is not read anyway, strace only shows that
/etc/containers/storage.conf is read and not
/usr/share/containers/storage.conf, so the file is apparently useless
Shouldn't debian do the same thing than fedora so everything
works OOTB?
As a side note, I can see they are shipping also other files as well,
like the seccomp.json file, using strace, it seems that podman
tries to
read them:
[pid 14835] newfstatat(AT_FDCWD, "/etc/containers/seccomp.json",
0xcee6b8, 0) = -1 ENOENT (Aucun fichier ou dossier de ce type)
[pid 14835] newfstatat(AT_FDCWD,
"/usr/share/containers/seccomp.json", 0xcee788, 0) = -1
ENOENT (Aucun fichier ou dossier de ce type)
Shouldn't that file be shipped by default too?
Kind regards,
Laurent Bigonville
-- System Information:
Debian Release: 11.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Versions of packages podman depends on:
ii conmon 2.0.25+ds1-1
ii containernetworking-plugins 0.9.0-1+b3
ii golang-github-containers-common 0.35.4+ds1-1
ii init-system-helpers 1.60
ii libc6 2.31-11
ii libdevmapper1.02.1 2:1.02.175-2.1
ii libgpgme11 1.14.0-1+b2
ii libseccomp2 2.5.1-1
ii runc 1.0.0~rc93+ds1-3
[pkg-go] Bug#987207: podman not running out-of-the-box as root
Hello,
I just did a minimal test VM and... it indeed works...
I'll investigate why on my machine it's not working.
But, on the test VM, podman still fails because "iptables" is not
installed, only "nft" is intalled by default now. So there is still a
problem here.
Le 21/04/21 à 05:02, Reinhard Tartler a écrit :
Control: tag -1 moreinfo
Hi Laurent,
I've downloaded the Bullseye Alpha 3 debian installer and installed
using kvm to have a super clean new system. Unfortunately, I was
unable to reproduce the issue that you described below. (I did find
some issues with rootless podman outside of a gnome-session, but
that's a different story).
The symptoms sound a lot like described in this upstream bug:
https://github.com/containers/podman/issues/5721
<https://github.com/containers/podman/issues/5721>
Can you please compare your notes with that upstream bug? Can you
confirm that the 'overlay' kernel module is loaded? (in my test, it
was loaded automatically). If you still think this is an issue in the
Debian package, please let me know. I may require your assistance with
reproducing this issue.
-rt
On Mon, Apr 19, 2021 at 11:54 AM Laurent Bigonville <mailto:bi...@debian.org>> wrote:
Package: podman
Version: 3.0.1+dfsg1-1
Severity: serious
Hello,
After installing podman, I cannot run it as root out of the box as it
fails with:
ERRO[] [graphdriver] prior storage driver overlay failed:
kernel does not support overlay fs: 'overlay' is not supported
over extfs at "/var/lib/containers/storage/overlay": backing file
system is unsupported for this graph driver
Error: kernel does not support overlay fs: 'overlay' is not
supported over extfs at "/var/lib/containers/storage/overlay":
backing file system is unsupported for this graph driver
Looking at fedora it seems that they have a containers-common package
that ships a default storage.conf file:
https://src.fedoraproject.org/rpms/containers-common/blob/rawhide/f/storage.conf
<https://src.fedoraproject.org/rpms/containers-common/blob/rawhide/f/storage.conf>
I see that the debian package is shipping a file in
/usr/share/containers/storage.conf (in the containers-storage
package),
but that file is apparently not read (strace only shows that the
file in
/etc/containers is read) and anyway unlike in fedora:
1) the driver is not set to overlay
2) the file is installed only if the containers-storage package is
installed, which is not done by default.
3) that file is not read anyway, strace only shows that
/etc/containers/storage.conf is read and not
/usr/share/containers/storage.conf, so the file is apparently useless
Shouldn't debian do the same thing than fedora so everything works
OOTB?
As a side note, I can see they are shipping also other files as well,
like the seccomp.json file, using strace, it seems that podman
tries to
read them:
[pid 14835] newfstatat(AT_FDCWD, "/etc/containers/seccomp.json",
0xcee6b8, 0) = -1 ENOENT (Aucun fichier ou dossier de ce type)
[pid 14835] newfstatat(AT_FDCWD,
"/usr/share/containers/seccomp.json", 0xcee788, 0) = -1 ENOENT
(Aucun fichier ou dossier de ce type)
Shouldn't that file be shipped by default too?
Kind regards,
Laurent Bigonville
-- System Information:
Debian Release: 11.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Versions of packages podman depends on:
ii conmon 2.0.25+ds1-1
ii containernetworking-plugins 0.9.0-1+b3
ii golang-github-containers-common 0.35.4+ds1-1
ii init-system-helpers
1.60
ii libc6
2.31-11
ii libdevmapper1.02.1
2:1.02.175-2.1
ii libgpgme11
1.14.0-1+b2
ii libseccomp2
2.5.1-1
ii runc
1.0.0~rc93+ds1-3
Versions of packages podman recommends:
ii buildah 1.20.0+ds1-1
ii fuse-overlayfs 1.4.0-1
ii golang-github-containernetworking-plugin-dnsname 1.1.1+ds1-4+b4
ii slirp4netns 1.0.1-2
ii tini 0.19.0-1
ii uidmap 1:4.8.1-1
Versions of packages podman suggests:
ii containers-storage 1.24.8+dfsg1-1+b1
ii docker-compose 1.25.0-1
-- no debconf information
--
regards,
Reinhard
[pkg-go] Bug#987207: podman not running out-of-the-box as root
On Mon, 19 Apr 2021 17:50:52 +0200 Laurent Bigonville wrote: > > Looking at fedora it seems that they have a containers-common package > that ships a default storage.conf file: > > https://src.fedoraproject.org/rpms/containers-common/blob/rawhide/f/storage.conf Note that that file is not setting the "mount_program" by default as fedora/RH defaults to xfs. Debian is still using extfs by default, so that parameter is probably needed here ___ Pkg-go-maintainers mailing list Pkg-go-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers
[pkg-go] Bug#987207: podman not running out-of-the-box as root
Package: podman Version: 3.0.1+dfsg1-1 Severity: serious Hello, After installing podman, I cannot run it as root out of the box as it fails with: ERRO[] [graphdriver] prior storage driver overlay failed: kernel does not support overlay fs: 'overlay' is not supported over extfs at "/var/lib/containers/storage/overlay": backing file system is unsupported for this graph driver Error: kernel does not support overlay fs: 'overlay' is not supported over extfs at "/var/lib/containers/storage/overlay": backing file system is unsupported for this graph driver Looking at fedora it seems that they have a containers-common package that ships a default storage.conf file: https://src.fedoraproject.org/rpms/containers-common/blob/rawhide/f/storage.conf I see that the debian package is shipping a file in /usr/share/containers/storage.conf (in the containers-storage package), but that file is apparently not read (strace only shows that the file in /etc/containers is read) and anyway unlike in fedora: 1) the driver is not set to overlay 2) the file is installed only if the containers-storage package is installed, which is not done by default. 3) that file is not read anyway, strace only shows that /etc/containers/storage.conf is read and not /usr/share/containers/storage.conf, so the file is apparently useless Shouldn't debian do the same thing than fedora so everything works OOTB? As a side note, I can see they are shipping also other files as well, like the seccomp.json file, using strace, it seems that podman tries to read them: [pid 14835] newfstatat(AT_FDCWD, "/etc/containers/seccomp.json", 0xcee6b8, 0) = -1 ENOENT (Aucun fichier ou dossier de ce type) [pid 14835] newfstatat(AT_FDCWD, "/usr/share/containers/seccomp.json", 0xcee788, 0) = -1 ENOENT (Aucun fichier ou dossier de ce type) Shouldn't that file be shipped by default too? Kind regards, Laurent Bigonville -- System Information: Debian Release: 11.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy Versions of packages podman depends on: ii conmon 2.0.25+ds1-1 ii containernetworking-plugins 0.9.0-1+b3 ii golang-github-containers-common 0.35.4+ds1-1 ii init-system-helpers 1.60 ii libc62.31-11 ii libdevmapper1.02.1 2:1.02.175-2.1 ii libgpgme11 1.14.0-1+b2 ii libseccomp2 2.5.1-1 ii runc 1.0.0~rc93+ds1-3 Versions of packages podman recommends: ii buildah 1.20.0+ds1-1 ii fuse-overlayfs1.4.0-1 ii golang-github-containernetworking-plugin-dnsname 1.1.1+ds1-4+b4 ii slirp4netns 1.0.1-2 ii tini 0.19.0-1 ii uidmap1:4.8.1-1 Versions of packages podman suggests: ii containers-storage 1.24.8+dfsg1-1+b1 ii docker-compose 1.25.0-1 -- no debconf information ___ Pkg-go-maintainers mailing list Pkg-go-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers
[pkg-go] Bug#984879: podman: Error: failed to mount shm tmpfs
Package: podman Version: 3.0.1+dfsg1-1 Severity: serious Hello, I'm trying to run a container using podman (podman run -ti debian /bin/bash) as root and as non-root and I get the same error in both cases: Error: failed to mount shm tmpfs "/var/lib/containers/storage/overlay-containers/aeb3feb433b8cc40e61afb534c04b5ace9afbc519a4b0030407e08c405989ec4/userdata/shm": invalid argument or Error: failed to mount shm tmpfs "/home/bigon/.local/share/containers/storage/overlay-containers/b96996612a424cddcb1d38f20071c974eb185d678a882d952b338cfa18e59abb/userdata/shm": invalid argument Not sure what's happening, I don't remember changing anything to the default configuration. An idea? Kind regards, Laurent Bigonville -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-4-amd64 (SMP w/8 CPU threads) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy Versions of packages podman depends on: ii conmon 2.0.25+ds1-1 ii containernetworking-plugins 0.9.0-1+b1 ii crun 0.17+dfsg-1 ii golang-github-containers-common 0.33.4+ds1-1 ii init-system-helpers 1.60 ii libc62.31-9 ii libdevmapper1.02.1 2:1.02.175-2.1 ii libgpgme11 1.14.0-1+b2 ii libseccomp2 2.5.1-1 ii runc 1.0.0~rc93+ds1-2 Versions of packages podman recommends: ii buildah 1.19.6+dfsg1-1 ii fuse-overlayfs1.4.0-1 ii golang-github-containernetworking-plugin-dnsname 1.1.1+ds1-4+b2 ii slirp4netns 1.0.1-1 ii tini 0.19.0-1 ii uidmap1:4.8.1-1 Versions of packages podman suggests: pn containers-storage ii docker-compose 1.25.0-1 -- no debconf information ___ Pkg-go-maintainers mailing list Pkg-go-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers
[pkg-go] Bug#922986: Invalid user/group name or numeric ID, ignoring: systemd-journal, postdrop
Package: prometheus-postfix-exporter Version: 0.1.2-2 Severity: serious Hi, Systemd is complaining about: Invalid user/group name or numeric ID, ignoring: systemd-journal,postdrop Apparently the separator is a white space, not a coma. Kind regards, Laurent Bigonville -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages prometheus-postfix-exporter depends on: ii libc62.28-7 pn postfix ii python 2.7.15-4 ii rsyslog [system-log-daemon] 8.40.0-1+b1 ii systemd-sysv 241-1 prometheus-postfix-exporter recommends no packages. prometheus-postfix-exporter suggests no packages. ___ Pkg-go-maintainers mailing list Pkg-go-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers
[pkg-go] Bug#901745: Please update golang-github-opencontainers-selinux snapshot
Source: golang-github-opencontainers-selinux Version: 1.0.0~rc1+git20170621.5.4a2974b-1 Severity: normal User: selinux-de...@lists.alioth.debian.org Usertags: selinux Hi, The snapshot of golang-github-opencontainers-selinux is a year old and it would be nice if it was updated as there are several fixes waiting in git. Kind regards, Laurent Bigonville -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy ___ Pkg-go-maintainers mailing list Pkg-go-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers
