Alex Bennée <alex.ben...@linaro.org> writes: > Markus Armbruster <arm...@redhat.com> writes: > >> Philippe Mathieu-Daudé <phi...@redhat.com> writes: >> >>> On 8/9/19 8:46 AM, Markus Armbruster wrote: >>>> In my "build everything" tree, changing qemu/main-loop.h triggers a >>>> recompile of some 5600 out of 6600 objects (not counting tests and >>>> objects that don't depend on qemu/osdep.h). It includes block/aio.h, >>>> which in turn includes qemu/event_notifier.h, qemu/notify.h, >>>> qemu/processor.h, qemu/qsp.h, qemu/queue.h, qemu/thread-posix.h, >>>> qemu/thread.h, qemu/timer.h, and a few more. >>>> >>>> Include qemu/main-loop.h only where it's needed. Touching it now >>>> recompiles only some 1700 objects. For block/aio.h and >>>> qemu/event_notifier.h, these numbers drop from 5600 to 2800. For the >>>> others, they shrink only slightly. >>>> >>>> Signed-off-by: Markus Armbruster <arm...@redhat.com> >>>> --- >>> [...] >>>> diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h >>>> index 77f5df59b0..ac18a1184a 100644 >>>> --- a/include/sysemu/sysemu.h >>>> +++ b/include/sysemu/sysemu.h >>>> @@ -5,7 +5,6 @@ >>>> #include "qapi/qapi-types-run-state.h" >>>> #include "qemu/timer.h" >>>> #include "qemu/notify.h" >>>> -#include "qemu/main-loop.h" >>>> #include "qemu/bitmap.h" >>>> #include "qemu/uuid.h" >>>> #include "qom/object.h" >>> >>> netmap failing again :S >>> >>> $ make docker-image-debian-amd64 V=1 DEBUG=1 >>> [...] >>> CC net/netmap.o >>> net/netmap.c: In function 'netmap_update_fd_handler': >>> net/netmap.c:109:5: error: implicit declaration of function >>> 'qemu_set_fd_handler' [-Werror=implicit-function-declaration] >>> qemu_set_fd_handler(s->nmd->fd, >>> ^~~~~~~~~~~~~~~~~~~ >>> net/netmap.c:109:5: error: nested extern declaration of >>> 'qemu_set_fd_handler' [-Werror=nested-externs] >> >> I managed to lose the fix somehow. >> >> I admit I ran "make docker-test-build", realized docker needs root, and >> went "sod it, cross fingers & send out the patches". > > I've sent some patches to make docker-test-build more closely resemble > what shippable exercises. > > As for root you can setup a docker group and do it that way (see the > docs in docs/devel/testing.rst). It's not recommended for production > machines as it makes escalation fairly trivial (the daemon itself still > runs as root).
As Dan Walsh explained in a blog post[*], access to the docker socket is equivalent to root. Might be okay on a throwaway or special-purpose box, but definitely not on my desktop. The solution the blog post recommends for now is sudo with password, which I consider only marginally better: instead of leaving the safe door open, we install a security camera to log access to the safe, *then* leave the safe door open. Just in case whoever helps himself to the contents of the safe is too lazy to help himself to the logs, too. In the great tradition of throwing security under the bus to get work done, I set up sudo. Avoiding NOPASSWD: turns out to be impractical. Running "make docker-test-build" fails for me on master (v4.1.0-rc4), details appended. > Hopefully Marc's podman support: > > Subject: [PATCH v2 0/5] tests/docker: add podman support > Date: Tue, 9 Jul 2019 23:43:25 +0400 > Message-Id: <20190709194330.837-1-marcandre.lur...@redhat.com> > > will make these requirements a little less onerous. Sounds like a much needed upgrade to me. [...] [*] https://www.projectatomic.io/blog/2015/08/why-we-dont-let-non-root-users-run-docker-in-centos-fedora-or-rhel/ My failure: $ make -C bld docker-test-build make: Entering directory '/work/armbru/qemu/bld' BUILD centos7 make[1]: Entering directory '/work/armbru/qemu/bld' GEN /work/armbru/qemu/bld/docker-src.2019-08-10-07.29.32.8915/qemu.tar COPY RUNNER RUN test-build in qemu:centos7 [...] make[1]: Leaving directory '/work/armbru/qemu/bld' BUILD debian9 BUILD debian-amd64 make[1]: Entering directory '/work/armbru/qemu/bld' GEN /work/armbru/qemu/bld/docker-src.2019-08-10-07.30.18.17180/qemu.tar COPY RUNNER RUN test-build in qemu:debian-amd64 [...] install -c -m 0644 /tmp/qemu-test/build/trace-events-all "/tmp/qemu-test/build/=destdir/tmp/qemu-test/install/share/qemu/trace-events-all" Error in atexit._run_exitfuncs: Traceback (most recent call last): File "/usr/lib64/python2.7/atexit.py", line 24, in _run_exitfuncs func(*targs, **kargs) File "/work/armbru/qemu/tests/docker/docker.py", line 234, in _kill_instances return self._do_kill_instances(True) File "/work/armbru/qemu/tests/docker/docker.py", line 213, in _do_kill_instances for i in self._output(cmd).split(): File "/work/armbru/qemu/tests/docker/docker.py", line 239, in _output **kwargs) File "/usr/lib64/python2.7/subprocess.py", line 223, in check_output raise CalledProcessError(retcode, cmd, output=output) CalledProcessError: Command '['sudo', 'docker', 'ps', '-q']' returned non-zero exit status 1 Error in sys.exitfunc: Traceback (most recent call last): File "/usr/lib64/python2.7/atexit.py", line 24, in _run_exitfuncs func(*targs, **kargs) File "/work/armbru/qemu/tests/docker/docker.py", line 234, in _kill_instances return self._do_kill_instances(True) File "/work/armbru/qemu/tests/docker/docker.py", line 213, in _do_kill_instances for i in self._output(cmd).split(): File "/work/armbru/qemu/tests/docker/docker.py", line 239, in _output **kwargs) File "/usr/lib64/python2.7/subprocess.py", line 223, in check_output raise CalledProcessError(retcode, cmd, output=output) subprocess.CalledProcessError: Command '['sudo', 'docker', 'ps', '-q']' returned non-zero exit status 1 CLEANUP /work/armbru/qemu/bld/docker-src.2019-08-10-07.30.18.17180 make[1]: Leaving directory '/work/armbru/qemu/bld' BUILD debian-arm64-cross Traceback (most recent call last): File "/work/armbru/qemu/tests/docker/docker.py", line 615, in <module> sys.exit(main()) File "/work/armbru/qemu/tests/docker/docker.py", line 611, in main return args.cmdobj.run(args, argv) File "/work/armbru/qemu/tests/docker/docker.py", line 366, in run dkr = Docker() File "/work/armbru/qemu/tests/docker/docker.py", line 193, in __init__ self._command = _guess_docker_command() File "/work/armbru/qemu/tests/docker/docker.py", line 65, in _guess_docker_command commands_txt) Exception: Cannot find working docker command. Tried: docker sudo docker make: *** [/work/armbru/qemu/tests/docker/Makefile.include:53: docker-image-debian-arm64-cross] Error 1 make: Leaving directory '/work/armbru/qemu/bld' There are a few SELinux gripes in my logs, like this one: type=AVC msg=audit(1565418107.93:125036): avc: denied { module_request } for pid=19599 comm="configure" kmod="binfmt-464c" scontext=system_u:system_r:container_t:s0:c611,c653 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=0
