Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate dropping requirement for --security-opt label=type:unconfined_t #928

Closed
cgwalters opened this issue Dec 2, 2024 · 0 comments · Fixed by #930
Closed

Investigate dropping requirement for --security-opt label=type:unconfined_t #928

cgwalters opened this issue Dec 2, 2024 · 0 comments · Fixed by #930
Labels
area/install Issues related to `bootc install`

Comments

@cgwalters
Copy link
Collaborator

Moving this from #826 (comment)

Basically it'd be nice if we could simplify the install invocations and drop --security-opt label=type:unconfined_t. In some testing, it works fine without it with a Fedora 40 host (podman machine 40.20241019.2.0, podman version 5.2.5). It also works on a C9S host (podman-5.3.1-1.el9.x86_64).

Actually, things also work with podman version 4.9.4-rhel from RHEL 9.4.

Soo...yeah, let's try just taking this out of all of our CI and see if anything breaks.
@cgwalters cgwalters added the area/install Issues related to `bootc install` label Dec 2, 2024
@cgwalters cgwalters mentioned this issue Dec 2, 2024
Closed
cgwalters added a commit to cgwalters/bootc that referenced this issue Dec 2, 2024
@cgwalters
install: Drop code/test uses of --security-opt
6b62ba1 
We think this is unnecessary now; part of improving
the ergonomics of `bootc install` in general, but
especially with the `to-existing-root` path.

Once this lands, at some point later then we
can also remove it from all of the documentation.
But the most safe thing is to leave it in the
docs for a bit longer.

Closes: containers#928

Signed-off-by: Colin Walters <[email protected]>
@cgwalters cgwalters mentioned this issue Dec 2, 2024
Merged
cgwalters added a commit to cgwalters/bootc that referenced this issue Dec 9, 2024
@cgwalters
install: Drop code/test uses of --security-opt
bcdac01 
We think this is unnecessary now; part of improving
the ergonomics of `bootc install` in general, but
especially with the `to-existing-root` path.

Once this lands, at some point later then we
can also remove it from all of the documentation.
But the most safe thing is to leave it in the
docs for a bit longer.

Closes: containers#928

Signed-off-by: Colin Walters <[email protected]>
cgwalters added a commit to cgwalters/bootc that referenced this issue Dec 10, 2024
@cgwalters
install: Drop code/test uses of --security-opt
fa474a9 
We think this is unnecessary now; part of improving
the ergonomics of `bootc install` in general, but
especially with the `to-existing-root` path.

Once this lands, at some point later then we
can also remove it from all of the documentation.
But the most safe thing is to leave it in the
docs for a bit longer.

Closes: containers#928

Signed-off-by: Colin Walters <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/install Issues related to `bootc install`
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

install: Drop code/test uses of --security-opt cgwalters/bootc
1 participant
@cgwalters