From 728dba17e3f437b6afe9a595264fcd08ada6622d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Fri, 5 Jan 2024 14:52:09 +0100 Subject: [PATCH 1/2] build: build base images in unconfined mode To workaround [1] in Github actions environment. Github Actions Runners do not yet have up to date podman version that contains this fix. [1] https://github.com/containers/podman/issues/21012 --- src/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/build.sh b/src/build.sh index 5c701113..4441d032 100755 --- a/src/build.sh +++ b/src/build.sh @@ -92,7 +92,7 @@ function build_base_image { done echo "Building $name from $from" - ${DOCKER} run --name sssd-wip-base --detach -i "$from" + ${DOCKER} run --security-opt seccomp=unconfined --name sssd-wip-base --detach -i "$from" if [ $name == 'base-ground' ]; then base_install_python fi From 20d6c2e36586dde876b04675a599bd95ad82b0e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Fri, 5 Jan 2024 16:32:08 +0100 Subject: [PATCH 2/2] ci: restart podman socket during setup Same as d6500ea076ba66676dc38436c073e3e94c91b629 just for PR CI. Fixes an issue where 'systemctl enable --now podman.socket' fails during container setup. + sudo systemctl enable --now podman.socket Job failed. See "journalctl -xe" for details. systemd[1]: Failed to listen on Podman API Socket. systemd[1]: podman.socket: Socket service podman.service already active, refusing. --- .github/actions/install-dependencies/action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/actions/install-dependencies/action.yml b/.github/actions/install-dependencies/action.yml index 8f379fa4..cb7e379a 100644 --- a/.github/actions/install-dependencies/action.yml +++ b/.github/actions/install-dependencies/action.yml @@ -18,4 +18,5 @@ runs: - name: Enable podman socket shell: bash run: | - sudo systemctl enable --now podman.socket + sudo systemctl enable podman.socket + sudo systemctl restart podman.socket