| *** ailan_ has quit IRC | 00:05 | |
| *** fuentess has quit IRC | 00:11 | |
| *** fuentess has joined #kata-dev | 00:12 | |
| *** sameo has quit IRC | 00:34 | |
| *** Yarboa has quit IRC | 02:20 | |
| *** Yarboa has joined #kata-dev | 02:21 | |
| *** fuentess has quit IRC | 02:49 | |
| *** ailan_ has joined #kata-dev | 07:30 | |
| *** jodh has joined #kata-dev | 07:33 | |
| *** dklyle has quit IRC | 07:41 | |
| *** sgarzare has joined #kata-dev | 07:53 | |
| *** ailan_ has quit IRC | 08:02 | |
| *** ailan_ has joined #kata-dev | 08:02 | |
| *** fgiudici has joined #kata-dev | 08:08 | |
| *** sameo has joined #kata-dev | 08:21 | |
| *** iamweswilson_ has joined #kata-dev | 08:28 | |
| kata-irc-bot | <fidencio> @fupan, hey/ping. About glibc and the issues @jakob.naucke faced, seems that we call https://docs.rs/dirs/1.0.5/dirs/fn.home_dir.html while the process is yet not fully sandboxed. | 08:38 |
|---|---|---|
| kata-irc-bot | <fupan> Yes, but I remember you said that you can reproduce it with glibc static linked, is it true? | 08:41 |
| kata-irc-bot | <fidencio> Yep. And the reason we don't hit that with musl is simply because musl doesn't seem to support NSS and its plugin framework. | 08:43 |
| *** iamweswilson has quit IRC | 08:43 | |
| *** iamweswilson_ is now known as iamweswilson | 08:43 | |
| kata-irc-bot | <fidencio> By the end of the day, it looks like a bug in glibc. However, if we could work that around to not hit that bug (which we have folks from IBM and Red Hat already aware of the issue), that would be needd. | 08:44 |
| kata-irc-bot | <fidencio> Thinking about that, I wonder whether setting $HOME could be done later, only after the process gets fully sandboxed. | 08:45 |
| kata-irc-bot | <fidencio> By the way, pardon me, but I have a quick small knowledge in the rust agent, if any, at all. So, please, bear with me, bear with my lack of knowledge. :slightly_smiling_face: | 08:46 |
| kata-irc-bot | <fupan> So can you give me a clear step on how to reproduce it on x86, thus I can figure out how to workaround it. But now I haven’t reproduce it from my side. | 08:49 |
| kata-irc-bot | <fidencio> @fupan, okay, and just now I realised I missed this comment from you (https://github.com/kata-containers/kata-containers/issues/675#issuecomment-783852229) | 08:51 |
| kata-irc-bot | <fidencio> @fupan, today is a horrible horrible day, long and full of meetings. But tomorrow I'll get a 100% clean environment, reproduce it, and add the steps you need to reproduce it | 08:52 |
| kata-irc-bot | <fidencio> And will share as part of the 675. | 08:52 |
| kata-irc-bot | <fidencio> @fupan, does that sound reasonable? | 08:52 |
| kata-irc-bot | <fupan> that’s great. thanks. | 08:52 |
| kata-irc-bot | <fidencio> Thank you for the help, sincerely! | 08:54 |
| kata-irc-bot | <jakob.naucke> I've been working on a `getpwuid`-less way of acquiring the home directory, but it does depend on `sh` and I'm not 100% sure about its stability | 08:59 |
| *** davidgiluk has joined #kata-dev | 09:03 | |
| kata-irc-bot | <fupan> Why depeneds on sh? | 09:11 |
| kata-irc-bot | <jakob.naucke> I basically launch an extra process that performs an `execv` on `sh` and gets the home directory through `getent` or, failing that, from `/etc/passwd` | 09:13 |
| kata-irc-bot | <fupan> Hi @fidencio now I can reproduce it using steps @jakob.naucke commented at https://github.com/kata-containers/kata-containers/issues/675#issuecomment-784013551 . | 09:28 |
| kata-irc-bot | <fupan> I will take a look at this issue and see how to fix/work around it. | 09:28 |
| kata-irc-bot | <fidencio> @fupan, lovely! | 09:28 |
| kata-irc-bot | <fidencio> Thanks a lot! | 09:28 |
| *** ailan_ has quit IRC | 09:36 | |
| *** ailan has joined #kata-dev | 09:38 | |
| kata-irc-bot | <fidencio> @bergwolf, when are you planning the next release? https://github.com/kata-containers/kata-containers/issues/1493 is something that we really have to have fixed before that date /o\ | 10:02 |
| *** hbrueckner has joined #kata-dev | 11:17 | |
| *** jodh has quit IRC | 12:04 | |
| kata-irc-bot | <wmoschet> hi @eric.ernst @fidencio, Those CVEs landed in the mailing list after I start this process to update the version on kata, so I had to cherry-pick them. I know QEMU has a process for stable releases but it seems it is up to the maintainers to release a stable version. -> https://qemu.readthedocs.io/en/latest/devel/stable-process.html | 12:31 |
| kata-irc-bot | <wmoschet> Overall, my PR is ready, I only need people to review it | 12:32 |
| kata-irc-bot | <wmoschet> As a future improvement, we could use the stable branch instead of tagged release + patches | 12:32 |
| kata-irc-bot | <bergwolf> still working on ci. once that's sorted, we can cut the release. now we add another item to fix kata-deploy | 12:38 |
| kata-irc-bot | <fidencio> kata-deploys doesn't have to be fixed, it seems to be okay. What has to be done on kata-deploy side is: • update the container with our binaries; • push the container to the proper location; • ensure that the we point to the image we just pushed | 12:41 |
| kata-irc-bot | <fidencio> Seems that both 1.x and 2.x kata-deploy may point to the same image | 12:42 |
| kata-irc-bot | <fidencio> and we need to ensure that doesn't happen | 12:42 |
| kata-irc-bot | <fidencio> About that, I can open a PR soon / tomorrow | 12:42 |
| *** fuentess has joined #kata-dev | 13:36 | |
| *** jodh has joined #kata-dev | 13:45 | |
| kata-irc-bot | <eric.ernst> I think we may need to just specify the version, or use something unique like :latest-1,x... | 13:51 |
| *** egernst_ has joined #kata-dev | 14:00 | |
| kata-irc-bot | <fidencio> yep, that's what we need :slightly_smiling_face: | 14:10 |
| kata-irc-bot | <fidencio> I panic'ed, Eric. | 14:10 |
| kata-irc-bot | <fidencio> I panic'ed. | 14:10 |
| kata-irc-bot | <eric.ernst> hehe. | 14:11 |
| kata-irc-bot | <eric.ernst> Need to make a decision on what latest should be now. | 14:11 |
| kata-irc-bot | <eric.ernst> but, the bits are there (thank fully I just used it last night for first time in a bit, so was confident the k8s side should be okay ) | 14:11 |
| *** egernst__ has joined #kata-dev | 14:28 | |
| *** egernst has quit IRC | 14:31 | |
| *** devimc has joined #kata-dev | 14:35 | |
| *** devimc has quit IRC | 14:38 | |
| *** ailan has quit IRC | 14:39 | |
| *** devimc has joined #kata-dev | 14:40 | |
| *** ailan has joined #kata-dev | 14:40 | |
| *** devimc has quit IRC | 15:00 | |
| *** egernst_ has quit IRC | 15:17 | |
| *** egernst has joined #kata-dev | 15:25 | |
| *** dklyle has joined #kata-dev | 16:00 | |
| *** egernst has quit IRC | 16:29 | |
| *** egernst__ has quit IRC | 16:30 | |
| *** egernst has joined #kata-dev | 16:30 | |
| *** pcaruana has quit IRC | 16:36 | |
| *** egernst_ has joined #kata-dev | 17:14 | |
| *** Yarboa has quit IRC | 17:21 | |
| *** Yarboa has joined #kata-dev | 17:22 | |
| *** egernst_ has quit IRC | 17:23 | |
| *** hbrueckner has quit IRC | 17:31 | |
| *** pcaruana has joined #kata-dev | 17:42 | |
| *** sgarzare has quit IRC | 17:57 | |
| *** jodh has quit IRC | 18:05 | |
| *** Yarboa has quit IRC | 18:20 | |
| *** Yarboa has joined #kata-dev | 18:32 | |
| *** egernst_ has joined #kata-dev | 19:03 | |
| *** egernst_ has quit IRC | 19:08 | |
| *** Yarboa has quit IRC | 19:20 | |
| *** Yarboa has joined #kata-dev | 19:22 | |
| *** egernst has quit IRC | 19:41 | |
| *** egernst has joined #kata-dev | 19:41 | |
| *** fgiudici has quit IRC | 19:55 | |
| *** davidgiluk has quit IRC | 20:29 | |
| *** Jeffrey4l has quit IRC | 20:39 | |
| *** Jeffrey4l has joined #kata-dev | 20:39 | |
| *** ailan has quit IRC | 22:04 | |
| *** sameo has quit IRC | 22:58 | |
| *** sameo has joined #kata-dev | 23:05 | |
| *** sameo has quit IRC | 23:20 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!