Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-11 Thread nicolas . mailhot
Hi, BTW since we are talking about debug and future tech, what is the correct way (as of rawhide and EPEL 7) to handle extracting debug info from /builddir/build/BUILDROOT/golang-github-performancecopilot-speed-2.0.0-1.el7.llt.x86_64/usr/bin/mmvdump *** ERROR: No build ID note found in /build

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-11 Thread Mark Wielaard
Hi Tomas, On Fri, 2017-10-06 at 20:09 +0200, Tomas Tomecek wrote: > Mark, thanks for feedback! > > I'll be honest that I left gcc and gdb in there by accident. As Dan > said, we are trying to reduce size of that container so it's easier > to use. Who decides what's in it? > This was an internal

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-06 Thread Tomas Tomecek
Mark, thanks for feedback! I'll be honest that I left gcc and gdb in there by accident. As Dan said, we are trying to reduce size of that container so it's easier to use. Who decides what's in it? This was an internal collaboration with multiple people -- in the end, everyone can express themselve

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-06 Thread Daniel Walsh
On 10/06/2017 10:14 AM, Mark Wielaard wrote: On Mon, 2017-09-18 at 16:48 +0200, Tomas Tomecek wrote: we managed to move tools container from Fedora Dockerfiles github repo to Fedora infra [1]. As a side effects, we put systemtap in a dedicated container. We would very much appreciate your feedb

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-06 Thread Mark Wielaard
On Mon, 2017-09-18 at 16:48 +0200, Tomas Tomecek wrote: > we managed to move tools container from Fedora Dockerfiles github > repo to Fedora infra [1]. As a side effects, we put systemtap in a > dedicated container. > > We would very much appreciate your feedback here What determines what goes in

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-06 Thread Tomas Tomecek
Thank you for figuring this out! I fixed in dist-git: https://src.fedoraproject.org/container/systemtap/c/a8a59cacb440aacc150fad8a94d264d53a341baf?branch=master Can't build in OSBS, seems like the service is having issues. Tomas On Thu, Oct 5, 2017 at 7:50 PM, Jeremy Eder wrote: > Woops, sor

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Daniel Walsh
On 10/05/2017 01:55 PM, Frank Ch. Eigler wrote: Hi, Dan - On Thu, Oct 05, 2017 at 01:49:48PM -0400, Daniel Walsh wrote: [...] But really for something like this, it would be better to just run it --privileged. There is [no] security confinement present in what you are doing. Yup. I thought "

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Jeremy Eder
Woops, sorry Dan, my bad. That was a relic from earlier, when I tried sys_admin. Looks like --security-opt label:disable is enough to get it going. # docker run --security-opt label:disable --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/kernel/debug -v /usr/src/kernels:/usr/src/kernels -v /usr/

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Daniel Walsh
On 10/05/2017 01:47 PM, Frank Ch. Eigler wrote: Hi, Dan - Could you show the docker line that atomic run is executing? % atomic run --spc candidate-registry.fedoraproject.org/f26/systemtap /usr/share/systemtap/examples/io/iotop.stp docker run --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/ke

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Daniel Walsh
On 10/05/2017 01:38 PM, Jeremy Eder wrote: I don't see any avc when it fails while label:disable is set. I ran semodule -DB and retried. I now see dontaudit stuff but still no interesting denials. I'm not sure if you were talking to me or Frank with the atomic command line... I pulled the

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Jeremy Eder
I don't see any avc when it fails while label:disable is set. I ran semodule -DB and retried. I now see dontaudit stuff but still no interesting denials. I'm not sure if you were talking to me or Frank with the atomic command line... I pulled the label out docker inspect on the systemtap image s

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Daniel Walsh
On 10/05/2017 01:18 PM, Jeremy Eder wrote: setenforce 0 works...security-opt label:disable does not. On Thu, Oct 5, 2017 at 1:06 PM, Daniel Walsh > wrote: On 10/05/2017 01:00 PM, Frank Ch. Eigler wrote: wcohen forwarded: [...]

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Daniel Walsh
On 10/05/2017 01:11 PM, Frank Ch. Eigler wrote: Hi, Dan - [...] Rather then putting the system into permissive mode, you should run a privileged container "atomic run --spc " fails similarly on f26, despite its underlying "docker run --cap-add SYS_MODULE ..." parts. or at least disable S

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Jeremy Eder
setenforce 0 works...security-opt label:disable does not. On Thu, Oct 5, 2017 at 1:06 PM, Daniel Walsh wrote: > On 10/05/2017 01:00 PM, Frank Ch. Eigler wrote: > >> wcohen forwarded: >> >> [...] >>> [root@dhcp23-91 ~]# atomic run --spc candidate-registry.fedoraproje ct.org/f26/syste

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Daniel Walsh
On 10/05/2017 01:00 PM, Frank Ch. Eigler wrote: wcohen forwarded: [...] [root@dhcp23-91 ~]# atomic run --spc candidate-registry.fedoraproject.org/f26/systemtap docker run --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/kernel

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread William Cohen
On 10/05/2017 10:33 AM, Jeremy Eder wrote: > Forgot to add Will Cohen (discussed stap errors with him briefly).  Also my > replies won't make it to the dev list since I am not subscribed (just fyi I > guess). > > On Thu, Oct 5, 2017 at 9:10 AM, Jeremy Eder > wrote: > >

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Tomas Tomecek
Jeremy, thanks a lot for trying this out! > my god tmux is in here?? yes! That's the reason I added it :D > ​systemtap (aww, no readme?) There should be this [1] help file (in roff format) placed in the container. I didn't run into the issue you are experencing. I think it could be related to

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Jeremy Eder
Forgot to add Will Cohen (discussed stap errors with him briefly). Also my replies won't make it to the dev list since I am not subscribed (just fyi I guess). On Thu, Oct 5, 2017 at 9:10 AM, Jeremy Eder wrote: > First of all, that readme is awesome. > > spot checking the tools container...seems

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Jeremy Eder
First of all, that readme is awesome. spot checking the tools container...seems to all "just work" when I run it with atomic run ... blktrace works ethtool works (-K -i -c -S specifically) netstat works pstack works perf top,record,report works iotop works slabtop works lstopo works htop works (wi

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-05 Thread Tomas Tomecek
Not sure if the question is for me -- I literally have no idea how to do that. Let me know how I can help, Tomas On Thu, Oct 5, 2017 at 5:04 AM, Dusty Mabe wrote: > > > On 09/18/2017 10:48 AM, Tomas Tomecek wrote: > > Hello, > > > > we managed to move tools container from Fedora Dockerfiles

Re: [atomic-devel] tools and systemtap containers are available in Fedora

2017-10-04 Thread Dusty Mabe
On 09/18/2017 10:48 AM, Tomas Tomecek wrote: > Hello, > > we managed to move tools container from Fedora Dockerfiles github repo to > Fedora infra [1]. As a side effects, we put systemtap in a dedicated > container. > > We would very much appreciate your feedback here: so if you have some tim