Woops, sorry Dan, my bad. That was a relic from earlier, when I tried sys_admin.
Looks like --security-opt label:disable is enough to get it going. # docker run --security-opt label:disable --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/kernel/debug -v /usr/src/kernels:/usr/src/kernels -v /usr/lib/modules/:/usr/lib/modules/ -v /usr/lib/debug:/usr/lib/debug -t -i --name systemtap candidate-registry.fedoraproject.org/f26/systemtap On Thu, Oct 5, 2017 at 1:47 PM, Frank Ch. Eigler <f...@redhat.com> wrote: > Hi, Dan - > > > > Could you show the docker line that atomic run is executing? > > % atomic run --spc candidate-registry.fedoraproject.org/f26/systemtap > /usr/share/systemtap/examples/io/iotop.stp > docker run --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/kernel/debug -v > /usr/src/kernels:/usr/src/kernels -v /usr/lib/modules/:/usr/lib/modules/ > -v /usr/lib/debug:/usr/lib/debug -t -i --name systemtap-spc > candidate-registry.fedoraproject.org/f26/systemtap > /usr/share/systemtap/examples/io/iotop.stp > > ... which fails. But a hand-run % docker run, with "--security-opt > label:disable" added in the front works for me. > > > > The LABEL would be the preferred way. > > Sure, just someone(tm) needs to find the Dockerfile in git. I > couldn't find it from a dozen minutes reading > https://fedoraproject.org/wiki/Changes/Layered_Docker_Image_Build_Service > and pals. > > > - FChE > -- -- Jeremy Eder
