plarsen has quit [Remote host closed the connection]
plarsen has joined #fedora-coreos
bgilbert has joined #fedora-coreos
HristoMarinov[m] has joined #fedora-coreos
<HristoMarinov[m]>
Hi, sorry if I'm in the wrong place but i want to bring attention to a possible issue I'm having with fcos 38.20230527.1.1 next.
<bgilbert>
HristoMarinov[m]: this is the right place
<HristoMarinov[m]>
OK, then I'll try to explain now.
<HristoMarinov[m]>
First, I am now studying this matter. I am running several wordpress containers behind nginx reverse-proxy in a KVM qemu VM. Couple of hours ago, when the system upgrades, after reboot, the containers did not started automatically by their systemd services. When I try to run them manually the following error is displayed
<HristoMarinov[m]>
Error: unable to start container "e727...": crun: setrlimit `RLIMIT_NPROC`: Operation not permitted: OCI permission denied
<HristoMarinov[m]>
When I rollback to to the previous deployment containers statrted as usual.
<dustymabe>
my guess would be the crun 1.8.4-1.fc38.x86_64 → 1.8.5-1.fc38.x86_64 or container-selinux 2:2.211.1-1.fc38.noarch → 2:2.215.0-2.fc38.noarch updates maybe
<HristoMarinov[m]>
I'm trying to participate as much as I can in the project, but all I can do for now is test (on the test days) and report back. Hopefully this is useful.
<dustymabe>
HristoMarinov[m]: if you have a test system you can try on 38.20230527.1.1 but overriding crun with the older 1.8.4-1.fc38.x86_64 version
<dustymabe>
unfortunately bodhi/koji are down right now for scheduled maintenance - otherwise I'd give you the command to run
<HristoMarinov[m]>
I can test on the same system as that is its main purpose.
<dustymabe>
HristoMarinov[m]: since bodhi is down we can't run the test yet, but for now you can open a tracker issue. please try to include enough detail :)
<dustymabe>
we may end up needing to open an issue against crun too
<HristoMarinov[m]>
dustymabe: I will try what you suggested and report back.
spresti has joined #fedora-coreos
spresti1 has quit [Read error: Connection reset by peer]
<dustymabe>
the other reason I was looking at crun specifically is because podman didn't update in that last cycle
<dustymabe>
HristoMarinov[m]: when bodhi/koji come back this command should get you the old crun back (so you can test it): `sudo systemctl stop zincati && sudo rpm-ostree override replace https://bodhi.fedoraproject.org/updates/FEDORA-2023-2c826fff41 --reboot`
daMaestro has joined #fedora-coreos
Betal has joined #fedora-coreos
daMaestro has quit [Quit: Leaving]
<HristoMarinov[m]>
dustymabe: That's why I decided to ask here, since all my containers are running on FCOS next, as recommended in the documentation.
sentenza has joined #fedora-coreos
daMaestro has joined #fedora-coreos
<walters>
Thanks so much for running next! This issue shows a very clear gap in the CI coverage for our projects and tests around upgrades and container images.
<dustymabe>
❤️
misuto has quit [Remote host closed the connection]
misuto has joined #fedora-coreos
misuto has quit [Remote host closed the connection]
misuto has joined #fedora-coreos
<HristoMarinov[m]>
I run on both VMs and bare metal (some are very old x86_64 Intel based machines). If there's anything else I can contribute, I'd be happy to do so.
<dustymabe>
HristoMarinov[m]: just participating here is useful. Test days are nice (thanks). We have weekly meetings, which you might like to attend. Helping answer questions on the discussion forum is always welcome: https://discussion.fedoraproject.org/tag/coreos
<fifofonix[m]>
Hristo Marinov: thanks, as a co--non-core-card-carrying-next-running community-member I appreciate it too!