SELinux breaks machinectl user experience
by Germano Massullo
Hi everybody, I am studying the systemd-nspawn containers and I noticed
that there is a bug[1] in SELinux policy that prevents the user to use
commands like
# machinectl login foo
# machinectl start foo
# machinectl stop foo
Meanwhile the SELinux maintainers patch such bug, I would like to
manually adjust SELinux policy to allow machinectl and at the same time
to not leave security holes around. Since I am not a SELinux expert, I
would like to ask you for suggestions.
Thank you for your time
Best regards
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1416540
7 years, 3 months
No meeting today
by Kushal Das
Hi all,
Most of the Working Group members are travelling for DevConf, so we are
cancelling our meeting today.
A few of us still chatting on the #fedora-cloud channel.
Kushal
--
Fedora Cloud Engineer
CPython Core Developer
https://kushaldas.in
https://dgplug.org
7 years, 3 months
Won't Make Meeting - Devconf
by Dusty Mabe
I'm in Brno this week for devconf and won't make the meeting today. Please grab
me on irc or send me an email if you need something.
Dusty
7 years, 3 months
Does it make sense for me to convert my server to an Atomic Host ?
by Philip Rhoades
People,
I have a F25 64bit server - it is mainly used to run Qmail and EZMLM but
also has a couple of trivial web sites on it. I am thinking of moving
about a dozen small Rails and Jekyll websites off Digital Ocean and back
on to this server. Should I do a clean, bare-metal install of Fedora
Atomic Host onto this server, convert the Qmail + EZMLM services into a
Docker image to run on this new FPA server and then move all my DO web
sites on to this new FPA as Docker images as well?
Thanks,
Phil.
--
Philip Rhoades
PO Box 896
Cowra NSW 2794
Australia
E-mail: phil(a)pricom.com.au
7 years, 3 months
Changing hosted ostree repo so that we align "released content" with
2wk releases
by Dusty Mabe
Note: please don't respond to this email. Please continue discussion
in the linked ticket.
This is a partial implementation of releng ticket 6545 [1] which is a
migration of the old releng trac ticket 6313 [2].
Gross simplification: In the ticket two things were requested:
- The ostree commits should have slower cadence
- Version numbers of the pungi run match the ostree commits
I have got together with colin (some time ago) and patrick (recently)
to discuss an implementation for the first bulleted ask: "ostree
commits should have slower cadence". This proposal is for that work
item.
Currently what we have is ostree composes that run as part of (or
immediately after) bodhi runs that push out new updated rpms into the
updates or updates-testing yum repos in Fedora. As part of this a new
ostree commit is created with the new content and the
fedora-atomic/25/x86_64/docker-host ref within the ostree repo gets
updated.
This fedora-atomic/25/x86_64/docker-host ref is the one that our users
running atomic host are following. It means that when they run
`rpm-ostree upgrade` they are getting the latest commit from the last
bodhi run, not the commit from the last two week release.
We'd like to change this so that user's only get new commits ~every
two weeks (when we do a release). We can achieve this by making a
few changes:
- change bodhi ostree composes to update a different "ref"
- we are proposing this ref should be called
"fedora-atomic/25/x86_64/updates/docker-host"
since it tracks the updates yum repo
- alternatively we already have
fedora-atomic/25/x86_64/testing/docker-host
which tracks the updates-testing yum repo.
In the future we will change this name to
"updates-testing" vs just "testing"
- updating the two week release process to update the
fedora-atomic/25/x86_64/docker-host ref
- This means that ref will only get updated when we do a release.
- building the iso/cloud images from the "updates" ref
but pointing them to the 2wk release ref
- This will mean we can still get new images every night to test
but when we release one of these images it tracks the 2wk ref
by default.
I've talked with patrick and these changes are pretty simple to make.
We welcome feedback, but hope to implement these changes soon.
I'll be updating ticket 6545 with this information as well. Please
comment with any discussion in the ticket!
Dusty
[1] https://pagure.io/releng/issue/6545
[2] https://fedorahosted.org/rel-eng/ticket/6313
7 years, 3 months
