Re: [atomic-devel] [aos-devel] Announcing cri-o 0.1

On 03/21/2017 05:07 PM, Mrunal Patel wrote: > We are happy to announce the release of cri-o 0.1. We have been hard > at work and a lot of the features are in place. We're able to start a > kubernetes cluster and have basic pods up and running. A big thanks to > our maintainers and contributors fr

Re: [atomic-devel] Status of containerizing docker and https://github.com/projectatomic/atomic-system-containers

We have to have a version by Tuesday for RHEL. On 03/16/2017 01:03 PM, Mrunal Patel wrote: > If we can wait a bit, we should have a new 1.0.0.rc3 for runc soon. > > On Thu, Mar 16, 2017 at 8:51 AM, Daniel J Walsh <mailto:dwa...@redhat.com>> wrote: > > Mrunal which v

Re: [atomic-devel] Status of containerizing docker and https://github.com/projectatomic/atomic-system-containers

Mrunal which version of runc should we be shipping? On 03/16/2017 10:01 AM, Giuseppe Scrivano wrote: > Daniel J Walsh writes: > >>> Could we get an updated runC package? There is also another fix >>> that would be nice to have for the Flannel system container: &g

Re: [atomic-devel] Status of containerizing docker and https://github.com/projectatomic/atomic-system-containers

We have updated the runc package for RHEL https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=12783794 On 03/16/2017 09:16 AM, Daniel J Walsh wrote: > > On 03/16/2017 08:06 AM, Giuseppe Scrivano wrote: >> Colin Walters writes: >> >>> # atomic

Re: [atomic-devel] Status of containerizing docker and https://github.com/projectatomic/atomic-system-containers

On 03/16/2017 08:06 AM, Giuseppe Scrivano wrote: > Colin Walters writes: > >> # atomic host status >> State: idle >> Deployments: >> ● fedora-atomic:fedora-atomic/25/x86_64/docker-host >> Version: 25.80 (2017-03-13 23:35:50) >> Commit: >> 24d4499420ffb2cc49681020bbe5a

Re: [atomic-devel] SELinux permission problem with fedora 25 but not 24 when using emptyDir: {}

On 01/16/2017 04:34 PM, Dusty Mabe wrote: > > On 01/15/2017 04:08 PM, Dusty Mabe wrote: >> >> I'm seeing the same thing. Will have to investigate further to get to >> the bottom of it. >> > Hey Muayyad, > > So this is a problem with kubernetes in fedora. You have two options > as a workaround for

[atomic-devel] New Blog on how SELinux blocked Docker container escape.

http://rhelblog.redhat.com/2017/01/13/docker-0-day-stopped-cold-by-selinux/

Re: [atomic-devel] Container image's name inside scanner container

Definitely not to the docker socket. This would be a huge security issue and would hard code us to docker containers. I would prefer to drop a JSON file into the directory with content describing the container. On 01/13/2017 09:53 AM, Brent Baude wrote: > Dharmit, > > I believe the intended im

Re: [atomic-devel] docker-latest in Fedora

On 01/13/2017 08:38 AM, Antonio Murdaca wrote: > Hi, > > Seems like no people are really using docker-latest in Fedora. I > realized that because the version in F25 is old and nobody adds karma > to the updates in bodhi there. Is there any real user of docker-latest > in Fedora? Just asking beca

[atomic-devel] New blog on containerd.

http://www.projectatomic.io/blog/

Re: [atomic-devel] Fedora 26 change: using overlayfs as default

On 12/16/2016 09:42 AM, Marius Vollmer wrote: > Daniel J Walsh writes: > >> On 12/16/2016 03:16 AM, Marius Vollmer wrote: >>> Vivek Goyal writes: >>> >>>> [...] And if overlayfs does not work for a user, switching back to >>>> devm

Re: [atomic-devel] Fedora 26 change: using overlayfs as default

On 12/16/2016 03:16 AM, Marius Vollmer wrote: > Vivek Goyal writes: > >> [...] And if overlayfs does not work for a user, switching back to >> devmapper should be easy. >> >> - atomic storage reset >> - edit /etc/sysconfig/docker-storage-setup and set >> STORAGE_DRIVER=devicemapper >> - restar

Re: [atomic-devel] Fedora 26 change: using overlayfs as default

On 12/15/2016 12:18 PM, Josh Berkus wrote: > Dan, Dusty, Vivek: > > So far nobody has defined (technically) the exact problem with overlayfs > and how it affects applications which want to write data inside the > container. > > Note that just saying "don't use Overlay for persistent data" really

Re: [atomic-devel] Fedora 26 change: using overlayfs as default

On 12/14/2016 10:38 AM, Dusty Mabe wrote: > > On 12/14/2016 07:51 AM, Daniel J Walsh wrote: >> I have heard that the issue with yum/rpm is being worked on in the kernel. >> For those that to not know the issue is for programs that open a file twice >> once for readonly

Re: [atomic-devel] Fedora 26 change: using overlayfs as default

On 12/13/2016 02:18 PM, Dusty Mabe wrote: > > On 12/13/2016 01:02 PM, Colin Walters wrote: >> On Tue, Dec 13, 2016, at 12:45 PM, Clayton Coleman wrote: >>> Are the POSIX issues in applications running on overlay mostly resolved >>> now? I.e. if we flipped the default would be reasonably able to

Re: [atomic-devel] Fedora 26 change: using overlayfs as default

On 12/13/2016 01:02 PM, Colin Walters wrote: > On Tue, Dec 13, 2016, at 12:45 PM, Clayton Coleman wrote: >> Are the POSIX issues in applications running on overlay mostly >> resolved now? I.e. if we flipped the default would be reasonably >> able to support a diverse range of Linux workloads wit

Re: [atomic-devel] Fedora 26 change: using overlayfs as default

, but still allow a user to switch from overlay back to devicemapper. On 12/13/2016 12:23 PM, Chris Murphy wrote: > On Tue, Dec 13, 2016 at 8:01 AM, Daniel J Walsh wrote: >> The only way to change from one storage to the other is to use >> >> atomic storage export >>

Re: [atomic-devel] Fedora 26 change: using overlayfs as default

On 12/12/2016 05:53 PM, Josh Berkus wrote: > On 12/12/2016 02:24 PM, Dusty Mabe wrote: > >> I think the rationale is that we'd like to not have a much different >> experience whether you are using docker on atomic host or not. My >> thoughts are that overlay is where we want to be in the future a

Re: [atomic-devel] Fedora 26 change: using overlayfs as default

On 12/12/2016 05:19 PM, Jason Brooks wrote: > On Mon, Dec 12, 2016 at 2:12 PM, Dusty Mabe wrote: >> After I get a bug[1] fixed and out the door I'm going to publish >> a blog post/docs on setting up Fedora 25 Atomic host and/or Cloud >> base to use overlay2 as the storage driver for docker. >> >

Re: [atomic-devel] Fedora 26 change: using overlayfs as default

On 12/12/2016 05:16 PM, Dusty Mabe wrote: > > On 12/12/2016 05:13 PM, Josh Berkus wrote: >> On 12/12/2016 02:12 PM, Dusty Mabe wrote: >>> After I get a bug[1] fixed and out the door I'm going to publish >>> a blog post/docs on setting up Fedora 25 Atomic host and/or Cloud >>> base to use overlay

Re: [atomic-devel] Changing /etc/localtime with container images

On 12/08/2016 01:30 PM, Colin Walters wrote: > > On Wed, Dec 7, 2016, at 04:14 PM, Daniel J Walsh wrote: > >> docker run -ti -v /etc/localtime:/etc/localtime:ro fedora bash > One problem with this (and in general, any host <-> container binds) > is that one needs to

Re: [atomic-devel] Changing /etc/localtime with container images

On 12/08/2016 11:04 AM, Frantisek Kluknavsky wrote: > On 07/12/16 22:14, Daniel J Walsh wrote: >> The following bugzilla shows a problem with containers. >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1399749\\ >> >> People want to be able to volume mount in /

[atomic-devel] Changing /etc/localtime with container images

The following bugzilla shows a problem with containers. https://bugzilla.redhat.com/show_bug.cgi?id=1399749\\ People want to be able to volume mount in /etc/localtime into a container to change its TimeZone. The problem is the way the kernel handles bind mounting symbolic links On my host I hav

[atomic-devel] New blog on Container Capabilities.

http://rhelblog.redhat.com/2016/11/30/container-tidbits-adding-capabilities-to-a-container/

Re: [atomic-devel] Kubeadm vs. SELinux

ying Devan as well since he's been working with kubeadm for a while. >>>> >>>>> On Nov 22, 2016, at 5:25 PM, Jason Brooks wrote: >>>>> >>>>>> On Tue, Nov 22, 2016 at 2:38 PM, Daniel J Walsh >>>>>> wrote: >&

Re: [atomic-devel] Kubeadm vs. SELinux

On 11/23/2016 10:46 AM, Daniel J Walsh wrote: > > On 11/23/2016 10:33 AM, Devan Goodwin wrote: >> On Wed, Nov 23, 2016 at 9:44 AM, Daniel J Walsh wrote: >>> On 11/22/2016 07:37 PM, Jason Brooks wrote: >>>> On Tue, Nov 22, 2016 at 4:26 PM, Josh Berkus wr

Re: [atomic-devel] Kubeadm vs. SELinux

On 11/23/2016 10:34 AM, Devan Goodwin wrote: > On Wed, Nov 23, 2016 at 9:42 AM, Daniel J Walsh wrote: >> >> On 11/22/2016 07:26 PM, Josh Berkus wrote: >>> On 11/22/2016 03:27 PM, Clayton Coleman wrote: >>>> Copying Devan as well since he's been workin

Re: [atomic-devel] Kubeadm vs. SELinux

On 11/23/2016 10:33 AM, Devan Goodwin wrote: > On Wed, Nov 23, 2016 at 9:44 AM, Daniel J Walsh wrote: >> >> On 11/22/2016 07:37 PM, Jason Brooks wrote: >>> On Tue, Nov 22, 2016 at 4:26 PM, Josh Berkus wrote: >>>> On 11/22/2016 03:27 PM, Clayton Coleman wrot

Re: [atomic-devel] Extending Atomic Host and 'rpm-ostree pkg-add'

lines in Python. > > > On 11/22/2016 05:08 PM, Daniel J Walsh wrote: >> Very nice. Probably need some work on the Name field. >> >> Do you have the example code? > The code is available on github: https://github.com/jfilak/af > > It's a shell script and it'

Re: [atomic-devel] Kubeadm vs. SELinux

ov 22, 2016, at 5:25 PM, Jason Brooks wrote: >>>> >>>>> On Tue, Nov 22, 2016 at 2:38 PM, Daniel J Walsh wrote: >>>>> >>>>> >>>>>> On 11/22/2016 05:15 PM, Josh Berkus wrote: >>>>>> Currently, it is not possible to

Re: [atomic-devel] Kubeadm vs. SELinux

On 11/22/2016 07:26 PM, Josh Berkus wrote: > On 11/22/2016 03:27 PM, Clayton Coleman wrote: >> Copying Devan as well since he's been working with kubeadm for a while. >> >>> On Nov 22, 2016, at 5:25 PM, Jason Brooks wrote: >>> >>>> On T

Re: [atomic-devel] Kubeadm vs. SELinux

On 11/22/2016 06:25 PM, Jason Brooks wrote: > On Tue, Nov 22, 2016 at 2:38 PM, Daniel J Walsh wrote: >> >> On 11/22/2016 05:15 PM, Josh Berkus wrote: >>> Currently, it is not possible to run Kubeadm with SELinux enabled. >>> >>> This is bad; it me

Re: [atomic-devel] Kubeadm vs. SELinux

On 11/22/2016 05:15 PM, Josh Berkus wrote: > Currently, it is not possible to run Kubeadm with SELinux enabled. > > This is bad; it means that Kubernetes' official installation > instructions include `setenforce 0`. But it's hard to argue the point > when a kubeadm install -- soon to be the main

Re: [atomic-devel] projectatomic kubernetes container images

On 11/22/2016 04:25 PM, Jason Brooks wrote: > On Tue, Nov 22, 2016 at 12:21 PM, Daniel J Walsh wrote: >> >> On 11/22/2016 02:59 PM, Jason Brooks wrote: >>> I'd like to start a projectatomic repo for fedora/centos kube >>> dockerfiles, and I'd like t

Re: [atomic-devel] projectatomic kubernetes container images

On 11/22/2016 02:59 PM, Jason Brooks wrote: > I'd like to start a projectatomic repo for fedora/centos kube > dockerfiles, and I'd like to build them under the projectatomic docker > hub namespace. > > This is my test repo: https://github.com/jasonbrooks/k8s-images. I > have branches for centos a

Re: [atomic-devel] Extending Atomic Host and 'rpm-ostree pkg-add'

reated from Docker image : docker.io/fedora:latest > > The package was created by these steps: > > sudo docker run -it --rm --name wether fedora sh > mkdir -p /exports/hostfs/opt/filak/ > echo "Hello, world!" > /exports/hostfs/opt/filak/jakub.txt > > In another termi

Re: [atomic-devel] Extending Atomic Host and 'rpm-ostree pkg-add'

. I realized it a bit late and I didn't > want to spent too much time on a proof-of-concept script. > > Could you please tell me more about the attributes you have on mind? I am > afraid that I am caught in my use case and I cannot see anything beyond that. > > > On 11/18/

Re: [atomic-devel] Extending Atomic Host and 'rpm-ostree pkg-add'

o_etcd-latest.0.noarch > > For sake of simplicity, I assume that the /exports/hostfs/etc/etcd.conf file > exists within the container. > > > Jakub > > PS: The script is just a proof of concept that I created over night. > > > 0: https://github.com/jfilak/af/blob/master/at

Re: [atomic-devel] Extending Atomic Host and 'rpm-ostree pkg-add'

Seems like a simple fix. rpm-ostree should be modified to support file path rpms as well as rpm repositories. But will this work on a traditional rpm based system like RHEL or Fedora Workstation? On 11/18/2016 03:35 AM, Jakub Filak wrote: > I've been playing with privileged containers deliver

Re: [atomic-devel] Adding new system containers to docker hub

On 11/15/2016 01:48 PM, Dusty Mabe wrote: > If no one opposes I will help Giuseppe set up the repos for hosting his > system containers [1] on docker hub under our organization. We'll be > doing this tomorrow. > > Dusty > > [1] > https://lists.projectatomic.io/projectatomic-archives/atomic-dev

Re: [atomic-devel] [RFC] move system containers under projectatomic

On 11/10/2016 12:23 PM, Giuseppe Scrivano wrote: > Hi everyone, > > I am currently keeping the system containers definitions under: > > https://github.com/giuseppe/atomic-oci-containers/ > > There are 5 system container images: > > 1) Etcd > 2) Flannel > 3) hello-world - a minimal image to show h

Re: [atomic-devel] I would like to discuss a new IMAGE label to indicate whether an image is a --system image.

On 11/09/2016 05:49 AM, Giuseppe Scrivano wrote: > Hi, > > Daniel J Walsh writes: > >> One problem I have with this is forgetting to use the --system flag when >> installing the container. >> >> I would like to add a LABEL to the image that would tell at

Re: [atomic-devel] I would like to discuss a new IMAGE label to indicate whether an image is a --system image.

On 11/08/2016 04:17 PM, Stephen Milner wrote: > On Tue, Nov 8, 2016 at 2:59 PM, Daniel J Walsh wrote: > >> system container. I guess we could add a label like >> >> LABEL org.projectatomic.atomic.type=system >> >> Then this would cause atomic to use the -

Re: [atomic-devel] I would like to discuss a new IMAGE label to indicate whether an image is a --system image.

On 11/08/2016 03:35 PM, Colin Walters wrote: > On Tue, Nov 8, 2016, at 02:59 PM, Daniel J Walsh wrote: > >> LABEL org.projectatomic.atomic.type=system > Seems OK, though we could also just auto-infer it from the presence > of /exports/service.template in the image. I guess we c

[atomic-devel] I would like to discuss a new IMAGE label to indicate whether an image is a --system image.

Giuseppe Scrivano has been introducing the concept os system containers. https://github.com/giuseppe/atomic-oci-containers These are containers pulled to a host using the skopeo via the atomic install command. They get installed onto an ostree on /var/lib/containers/atomic. They install syste

Re: [atomic-devel] We have a bugzilla requesting that we change the default CMD to systemd for base images in RHEL

On 10/31/2016 09:05 AM, Jan Pazdziora wrote: > On Mon, Oct 31, 2016 at 08:58:21AM -0400, Daniel J Walsh wrote: >> I think the systemd guys would argue that there is no processes running >> other then those that you need. Removing >> some of these could cause other servic

Re: [atomic-devel] We have a bugzilla requesting that we change the default CMD to systemd for base images in RHEL

On 10/31/2016 08:49 AM, Jan Pazdziora wrote: > On Mon, Oct 31, 2016 at 08:21:10AM -0400, Daniel J Walsh wrote: >> Which services do you see running as default that should not? I went > Well, after starting the fedora:24 /usr/bin/ini container, I see just > > root

Re: [atomic-devel] We have a bugzilla requesting that we change the default CMD to systemd for base images in RHEL

On 10/31/2016 08:07 AM, Jan Pazdziora wrote: > On Fri, Oct 21, 2016 at 11:50:36AM -0400, Daniel J Walsh wrote: >> If we make this change, we would want to do it in Fedora and Centos also. >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1387282 >> >> The benefi

Re: [atomic-devel] We have a bugzilla requesting that we change the default CMD to systemd for base images in RHEL

> versus opt-out. Anyone want to convince me otherwise? :) > > Cheers, > > > > On Wed, Oct 26, 2016 at 6:34 AM, Daniel J Walsh <mailto:dwa...@redhat.com>> wrote: > > > > On 10/25/2016 04:30 PM, Josh Berkus wrote: > > On 10/25/2016 12:

Re: [atomic-devel] Docker project: Can you have overlay2 speed and density with devicemapper? Yep.

There has been a lot of talk of also doing this with VFS back end also (Which is basically standard storage). One of our long term goals with OCID is to support readonly containers on an NFS store. Which would also give us the same benefits over a COW file system. On 10/26/2016 02:20 PM, Vish

Re: [atomic-devel] We have a bugzilla requesting that we change the default CMD to systemd for base images in RHEL

On 10/25/2016 04:30 PM, Josh Berkus wrote: > On 10/25/2016 12:14 PM, Josh Berkus wrote: >> On 10/25/2016 12:02 PM, Jeremy Eder wrote: >>> When you "docker pull golang", the image is over 600MB (and it's built >>> on alpine). >>> Same with docker pull java...also > 600MB. >>> >>> docker pull alpin

Re: [atomic-devel] We have a bugzilla requesting that we change the default CMD to systemd for base images in RHEL

On 10/25/2016 01:43 PM, Josh Berkus wrote: > On 10/21/2016 01:17 PM, Daniel J Walsh wrote: >> >> On 10/21/2016 01:14 PM, Matthew Miller wrote: >>> On Fri, Oct 21, 2016 at 01:03:58PM -0400, Joe Brockmeier wrote: >>>> I like Dan's proposal of rhel7-in

[atomic-devel] At Red Hat DevOps means more then just the DEV part.

We want to make sure OPS gets equal billing. Jeremy Eder explains how a little project we have been working on gets the best performance out of containers running on a devicemapper back end. http://developerblog.redhat.com/2016/10/25/docker-project-can-you-have-overlay2-speed-and-density-with-dev

[atomic-devel] New blog on Logging in containers.

http://www.projectatomic.io/blog/2016/10/playing-with-docker-logging/

Re: [atomic-devel] We have a bugzilla requesting that we change the default CMD to systemd for base images in RHEL

On 10/21/2016 01:14 PM, Matthew Miller wrote: > On Fri, Oct 21, 2016 at 01:03:58PM -0400, Joe Brockmeier wrote: >> I like Dan's proposal of rhel7-init (or fedora-init, centos-init). > For whatever it's worth, I don't. It makes sense if you're steeped in > the distro world where init systems have

Re: [atomic-devel] We have a bugzilla requesting that we change the default CMD to systemd for base images in RHEL

nt naming model. > > D. > > > On Oct 21, 2016 12:38 PM, "Mrunal Patel" <mailto:mpa...@redhat.com>> wrote: > > > > On Fri, Oct 21, 2016 at 9:29 AM, Daniel J Walsh <mailto:dwa...@redhat.com>> wrote: > > That might make th

Re: [atomic-devel] We have a bugzilla requesting that we change the default CMD to systemd for base images in RHEL

that. > > > On Oct 21, 2016, at 11:50 AM, Daniel J Walsh <mailto:dwa...@redhat.com>> wrote: > > > > If we make this change, we would want to do it in Fedora and > Centos also. > > > > https://bugzilla.redhat.com

[atomic-devel] We have a bugzilla requesting that we change the default CMD to systemd for base images in RHEL

If we make this change, we would want to do it in Fedora and Centos also. https://bugzilla.redhat.com/show_bug.cgi?id=1387282 The benefits of making this change are that people new to containers could follow a simple workflow similar to what the do on the OS, where all they need to do is install

[atomic-devel] Talking OCID (CRI-O) on Dave and Gunnar Show

https://dgshow.org/2016/10/127-cri-o/

[atomic-devel] New blog on running containers with tightened capabilities

http://rhelblog.redhat.com/2016/10/17/secure-your-containers-with-this-one-weird-trick/

[atomic-devel] We are looking at using OSTree as a backend for sharing file systems into an OCID Container runtime

We are seeing the same problem that William Temple had this summer, where OSTree refuses to store an image with devices on it. We understand that devices should not be in image, but sadly Ubuntu image has them and therefore thousands of other images do as well. If we block the creation of the dev

[atomic-devel] I have setup a IRC Channel on Freenode for OCID

Join #ocid if you are interested in the ongoing development.

[atomic-devel] Overlay/SELinux patches merged - Linus 4.9 tree.

Great work by Vivek G*oyal* . Now need to RHEL7 backport. Available in Fedora 25 and Rawhide now.

Re: [atomic-devel] Introducing OCID - Looking for contributors.

On 09/22/2016 11:32 AM, Richard Henwood wrote: >> -Original Message- >> From: atomic-devel-boun...@projectatomic.io [mailto:atomic-devel- >> boun...@projectatomic.io] On Behalf Of Daniel J Walsh >> Sent: Thursday, September 22, 2016 8:14 AM >> To: atomic-dev

[atomic-devel] Introducing OCID - Looking for contributors.

https://www.redhat.com/en/about/blog/running-production-applications-containers-introducing-ocid?sc_cid=70160011gf0AAA

Re: [atomic-devel] systemd as pid 1 in an unprivileged container.

On 09/16/2016 07:04 AM, Lukáš Nykrýn wrote: > Daniel J Walsh píše v Pá 16. 09. 2016 v 06:23 -0400: >> On 09/15/2016 06:42 AM, Tobias Florek wrote: >>> Thank you for you heroic effort to make docker containers a better >>> citizen! It is very appreciated. >>>

Re: [atomic-devel] systemd as pid 1 in an unprivileged container.

On 09/15/2016 06:42 AM, Tobias Florek wrote: > Thank you for you heroic effort to make docker containers a better > citizen! It is very appreciated. > > Is there some work underway (or planned) to run systemd with non-zero > pid? That is some additional isolation that would benefit e.g. Openshift

Re: [atomic-devel] fedora 25 - overlayfs - docker error

On 09/14/2016 03:20 PM, Kushal Das wrote: > On 12/09/16, Antonio Murdaca wrote: >> Updated Docker in F25 again with the latest docker-selinux commit >> https://bodhi.fedoraproject.org/updates/docker-1.12.1-12.git9a3752d.fc25 >> > Still failing, tested today. > > [fedora@kushal-f25 ~]$ uname -a >

Re: [atomic-devel] systemd as pid 1 in an unprivileged container.

Awesome! > > > On Wed, Sep 14, 2016, 3:51 PM Daniel J Walsh <mailto:dwa...@redhat.com>> wrote: > > > On 09/14/2016 05:26 AM, Muayyad AlSadi wrote: >> >> Nice article. >> >> I would like to stress that docker is inte

Re: [atomic-devel] systemd as pid 1 in an unprivileged container.

l gracefully for > example when it does not have cgroups mounted it would just ignore > cgroups-related directives. > > I wish if I just run > > docker run -dt fedora-systemd > > Without any -v > > How far are we from this? > > We have it now, that is what is talked a

[atomic-devel] systemd as pid 1 in an unprivileged container.

http://developers.redhat.com/blog/2016/09/13/running-systemd-in-a-non-privileged-container/

Re: [atomic-devel] fedora 25 - overlayfs - docker error

On 09/12/2016 09:42 AM, Antonio Murdaca wrote: > On Mon, Sep 12, 2016 at 07:05:37PM +0530, Kushal Das wrote: >> On 12/09/16, Antonio Murdaca wrote: >>> On Sep 12, 2016 2:45 PM, "Daniel J Walsh" wrote: >>>> >>>> >>>> On 09/11/2016

Re: [atomic-devel] fedora 25 - overlayfs - docker error

On 09/11/2016 12:35 AM, Dusty Mabe wrote: > In Fedora 25 I grabbed the new kernel with overlayfs support [1] and I > configured docker to run with overlayfs by using > DOCKER_STORAGE_OPTIONS="--storage-driver=overlay2" > in /etc/sysconfig/docker-storage. > > [1] > https://kojipkgs.fedoraproje

Re: [atomic-devel] Update for AtomicCLI 1.12?

Yes they should be available in Fedora 24, 25, Rawhide very soon. On 09/09/2016 07:40 PM, Jason Brooks wrote: > On Fri, Sep 9, 2016 at 3:54 PM, Josh Berkus wrote: >> Colin, others: >> >> Any idea when 1.12 will show up in Fedora Atomic/Centos Atomic? >> Currently it's in continuous, but with sys

Re: [atomic-devel] Oneway - a way to drop privileges inside containers and lock it like that

shed and it have a way to drop privileges but > this is not the case with "node ." > > I'm not sure about k8s no new priv. > Ex. I want confd as root and node as app. > > I guess apache does not have nnp option. > > > On Tue, Sep 6, 2016, 9:05 PM Daniel J Wal

Re: [atomic-devel] Oneway - a way to drop privileges inside containers and lock it like that

A couple of things. 1 you could use real systemd rather then using some other init system. Secondly and perhaps conflicting, is why not run apache as non root to start rather then dropping privs. Apache will run perfectly fine without requiring root privs. Also you could set the NO_NEW_PRIVS

Re: [atomic-devel] Moving towards containerized Kube/layered packages

I like the idea. On 08/22/2016 10:13 AM, Colin Walters wrote: > Hi, I'd like to propose a fairly fundamental rework of Atomic Host. TL;DR: > > - Move towards "system containers" (or layered packages) for flannel/etcd > - Move towards containers (system, or Docker) for kubernetes-master > - Move

Re: [atomic-devel] Add mdadm to Fedora Atomic Host

On 08/18/2016 12:00 PM, Dusty Mabe wrote: > We need to add mdadm to Fedora Atomic Host so that we can support software > raid disk setups. > > https://pagure.io/fedora-atomic/pull-request/8 > No way to do this with SPC?

Re: [atomic-devel] The atomic command and setting hostname for containers

On 08/17/2016 04:00 AM, Jan Pazdziora wrote: > On Wed, Apr 20, 2016 at 02:31:22PM +0200, Jan Pazdziora wrote: >> On Tue, Apr 19, 2016 at 02:02:51PM -0700, Daniel J Walsh wrote: >>> But I like your example better. atomic install should almost always be a >>> privileg

[atomic-devel] New blog on ocitools. Running docker containers with runc.

http://www.projectatomic.io/blog/2016/08/ocitools-libgen/

Re: [atomic-devel] Preparing for overlayfs as equal option

The current plan for SELinux/OverlayFS support is to have the OverlayFS parts merged into the kernel for 4.8 kernel. The SELinux parts missed the cutoff and should be merged into the 4.9. Paul Moore the SELinux Kernel Maintainer will create test kernels in Copr with the Overlayfs support as soo

Re: [atomic-devel] right way to upgrade fedora atomic host

On 08/04/2016 03:40 PM, Vasiliy Tolstov wrote: > Hi! I'm test fedora atomic under qemu, ad see, that google gives me > some links how to update, but tools used for update are different. > For example i'm use my own rpm ostree repo,to update current system i > run atomic pull, atomic upgrade, syst

Re: [atomic-devel] Atomic Scan - pass image details to scanner

On 07/18/2016 04:31 AM, Dharmit Shah wrote: Hi, I'm creating a custom scanner based on atomic scan and am kind of stuck at passing/fetching the details of image under scan to/in the scanner. While going through atomic source code, I figured that under `Atomic/scan.py` we access the image by `

Re: [atomic-devel] [Container-tools] Who's going to ContainerCon/LinuxCon?

On 07/14/2016 11:21 AM, Josh Berkus wrote: Containerish folks: If you're going to ContainerCon/LinuxCon, and are available to work the Atomic/OpenShift booth, please ping me real soon with your dress shirt size. We're going to have some new gear for the booth. I am presenting although I have

Re: [atomic-devel] Atomic Dev Workflow

On 07/06/2016 03:09 PM, Joseph Jeffers wrote: Hello! I am Joseph Jeffers and I have been interested in working on and contributing to Project Atomic, specifically I have been looking at the 'atomic' program itself. I have never really done operating system or core app development (one of t

Re: [atomic-devel] A new policy rpm for Atomic?

I believe the types have to be maintained between the two. svirt_lxc_net_t, and svirt_sandbox_file_t. Although I would like to see these aliased to container_net_t and container_file_t, We need to make sure the docs work on either platform. On 07/05/2016 12:18 PM, Colin Walters wrote: On Mo

Re: [atomic-devel] catch-22: diagnostic tools on Atomic Host

On 06/26/2016 05:39 PM, Joe Brockmeier wrote: On Fri, Jun 24, 2016 at 3:56 PM, Daniel J Walsh wrote: Well if you have the software already installed in containers you could always use atomic mount to mount a container image and then mount the host into the container and chroot into it

Re: [atomic-devel] A new policy rpm for Atomic?

On 06/27/2016 02:04 AM, Miroslav Grepl wrote: Hi guys, I am finally looking for opened Atomic issues with SELinux for what we came with seatomic and I want to move it forward. My idea is we could start to ship selinux-policy-atomic.rpm based on the selinux-policy-targeted where we could reduce

Re: [atomic-devel] catch-22: diagnostic tools on Atomic Host

On 06/24/2016 02:15 PM, Josh Berkus wrote: On 06/24/2016 11:13 AM, Jonathan Lebon wrote: I'm not sure what the answer to this is; I'm reluctant to recommend installing a whole suite of diagnostic tools just for the case of a bare-metal user who has a problem. But on the other hand, the curren

Re: [atomic-devel] golang 1.6 in CAHC

On 06/02/2016 10:12 PM, Colin Walters wrote: A primary goal for CentOS Atomic Host Continuous[1] is to more consistently integrate Project Atomic components on CentOS 7 as a base. Recently I had to "freeze" skopeo integration due to us only pulling in golang 1.4 from CentOS Core: https://githu

[atomic-devel] Atomic CLI, atomic-1.10, is being built for release

This is a big release. Lots of new features. Special Thanks to the following contributors to this release: Brent Baude Colin Walters Giuseppe Scrivano Marius Vollmer Saleem Ansari ## 1.10 (2016-5-25) Improve Error Handling - Unify error messages for no docker daemon (BZ #1300187) Add atomic s

[atomic-devel] New blog on container security.

The Answer is always the same: Layers of Security https://access.redhat.com/blogs/766093/posts/2334141

[atomic-devel] Nice job Antonio (runcom) Murdaca, allowing docker to build with golang 1.6

Just merged in a fix to allow docker to build with golang 1.6 and not break backwards compatibility with older docker clients. https://github.com/docker/docker/pull/22000

Re: [atomic-devel] docker does not work in F24 Atomic

On 05/11/2016 03:00 PM, Colin Walters wrote: On Wed, May 11, 2016, at 02:49 PM, Daniel J Walsh wrote: I want to have a single source to list all of my containers running on the system. As e.g. an OpenShift operator, what benefit is it for me? Kubernetes gives me a much more powerful multi

Re: [atomic-devel] docker does not work in F24 Atomic

On 05/11/2016 02:45 PM, Colin Walters wrote: On Wed, May 11, 2016, at 01:03 PM, Dusty Mabe wrote: Hey All, As far as I can tell Docker is broken in F24 atomic. We have had issues with docker for a while now but testing on fedora cloud base from the updates-testing repo seemed to show the prob

Re: [atomic-devel] docker does not work in F24 Atomic

On 05/11/2016 01:03 PM, Dusty Mabe wrote: Hey All, As far as I can tell Docker is broken in F24 atomic. We have had issues with docker for a while now but testing on fedora cloud base from the updates-testing repo seemed to show the problem as resolved. However, now that docker-1.10.3-7.gita4

Re: [atomic-devel] docker and docker-latest packages on CentOS Virt SIG

Probably best on Centos, we could probably use a blog on projectatomic also. On 05/11/2016 10:56 AM, Lokesh Mandvekar wrote: On Mon, May 09, 2016 at 05:18:46PM -0700, Jason Brooks wrote: On Mon, May 9, 2016 at 7:54 AM, Lokesh Mandvekar wrote: **CentOS Virt SIG** What: - 'docker' (v1.9) http

Re: [atomic-devel] docker and docker-latest packages on CentOS Virt SIG

On 05/10/2016 12:06 PM, Erik Swanson (eriswans) wrote: On May 10, 2016, at 05:48, Daniel J Walsh wrote: On 05/09/2016 07:38 PM, Erik Swanson (eriswans) wrote: On May 9, 2016, at 07:54, Lokesh Mandvekar wrote: - /usr/bin/docker is a script which execs /usr/bin/docker-current (v1.9) or

Re: [atomic-devel] [CentOS-devel] docker and docker-latest packages on CentOS Virt SIG

On 05/10/2016 09:04 AM, Lukáš Nykrýn wrote: Lokesh Mandvekar píše v Po 09. 05. 2016 v 09:54 -0500: **CentOS Virt SIG** What: - 'docker' (v1.9) http://cbs.centos.org/koji/buildinfo?buildID=10878 - 'docker-latest' (v1.10) http://cbs.centos.org/koji/buildinfo?buildID=10881 - both can be installe

Re: [atomic-devel] docker and docker-latest packages on CentOS Virt SIG

On 05/09/2016 07:38 PM, Erik Swanson (eriswans) wrote: On May 9, 2016, at 07:54, Lokesh Mandvekar wrote: - /usr/bin/docker is a script which execs /usr/bin/docker-current (v1.9) or /usr/bin/docker-latest (v1.10) based on what $DOCKERBINARY is set to. Too late (or wrong forum?) perhaps, but

  1   2   3   >