ChanServ changed the topic of #freedesktop to: https://www.freedesktop.org infrastructure and online services || for questions about freedesktop.org projects, please see each project's contact || for discussions about specifications, please use https://gitlab.freedesktop.org/xdg or xdg@lists.freedesktop.org
co1umbarius has joined #freedesktop
columbarius has quit [Ping timeout: 480 seconds]
tinywrkb has joined #freedesktop
sergi has joined #freedesktop
Wallbraker has joined #freedesktop
dabrain34[m]1 has joined #freedesktop
bstrie[m] has joined #freedesktop
ylatuya[m] has joined #freedesktop
Mark[m] has joined #freedesktop
Leopold_ has quit [Remote host closed the connection]
marcel203s[m] has joined #freedesktop
jarthur has quit [Ping timeout: 480 seconds]
ximion has quit [Quit: Detached from the Matrix]
gilvbp has quit [Quit: Connection closed for inactivity]
ystreet009 has joined #freedesktop
ystreet00 has quit [Ping timeout: 480 seconds]
ystreet009 is now known as ystreet00
vyivel_ has joined #freedesktop
vyivel has quit [Read error: Connection reset by peer]
vyivel_ is now known as vyivel
mvlad has joined #freedesktop
sima has joined #freedesktop
columbarius has joined #freedesktop
co1umbarius has quit [Ping timeout: 480 seconds]
___nick___ has joined #freedesktop
MajorBiscuit has joined #freedesktop
MajorBiscuit has quit [Ping timeout: 480 seconds]
MajorBiscuit has joined #freedesktop
<bentiss> gitlab update coming in FWIW (there was at least one security update)
dcunit3d_ has joined #freedesktop
dcunit3d_ has quit [Remote host closed the connection]
<acidbong> hi there, hello
<acidbong> are both pydbus and dbus-python capable of getting signals from elogind? do they not care whether logind is standalone or a part of systemd?
<daniels> bentiss: so I'm looking at some weirdness on the new arm-9 runner - our weston armv7 jobs are totally fine on arm-7 and arm-8 but fail on arm-9 like https://gitlab.freedesktop.org/mvlad/weston/-/jobs/41891505 (and many other examples)
<daniels> bentiss: I was trying to SSH in to run stuff locally but can't login as root@ for some reason - it rejects my key
<bentiss> daniels: you need to login as core@, not root@ :/
<daniels> ah!
<bentiss> yeah, sorry :(
<daniels> np :)
<bentiss> that error looks weird, as if the container was not having the correct binaries...
<daniels> root@5fa81c058a2d:/app# clang-11
<daniels> Segmentation fault
<daniels> root@5fa81c058a2d:/app# /lib/ld-linux-armhf.so.3 /usr/bin/clang-11
<daniels> /usr/bin/clang-11: error while loading shared libraries: /usr/bin/clang-11: failed to map segment from shared object
<bentiss> selinux?
<bentiss> May 17 10:12:10 fdo-equinix-arm-9 audit[623996]: AVC avc: denied { mmap_zero } for pid=623996 comm="clang-11" scontext=system_u:system_r:container_t:s0:c357,c887 tcontext=system_u:system_r:container_t:s0:c357,c887 tclass=memprotect permissive=0
<daniels> ha ...
<daniels> yeah, looks like anything that links to libllvm
<bentiss> it's a matter of editing /etc/selinux/custom/local_podman.cil to add some new rules
<daniels> ooh, nice
<bentiss> we still need to add the rules in the system with semodule -i, but at least we can edit them :)
<bentiss> there are quite a few denied logs...
<daniels> well, at least I made it 37 years in life without having to know how to write an SELinux policy
<bentiss> Heh... I learned yesterday on my side too ;)
<bentiss> but the thing that worries me, is is that safe to allow such rules for containers... why are they trying to mmap the host?
<bentiss> also note that we might be simply missing a selinux rpm
<bentiss> selinux-policy-minimum is not installed for instance
<daniels> heh
<bentiss> though I would have expected container-selinux to be sufficient
<daniels> on arm-7 mmap_min_addr is 4096, so I'm not sure why mmap_zero firing is a problem
<daniels> where are you finding these denial logs btw? I can't see ausearch or anything installed
<bentiss> journalctl -t audit
<daniels> aha, nice
<bentiss> so calling clang on a local fedora install with this same container just works
<bentiss> trying with that minimum package installation
<bentiss> didn't change...
MajorBiscuit has quit [Ping timeout: 480 seconds]
<daniels> looks like the execve syscall returns -EACCES
<bentiss> alright manually created the mmpa_zero allow rule
<daniels> ok, that seems to work now, thanks!
<bentiss> nope
<bentiss> system_r context too needed
<daniels> really?
<daniels> because, I mean:
<daniels> root@39c1c63979ff:/app# clang-11
<daniels> clang: error: no input files
<bentiss> yeah, but I still saw an error while retrying the job
<bentiss> different
<daniels> \o/
<daniels> thanks a lot :)
<bentiss> daniels: FWIW -> https://gitlab.freedesktop.org/bentiss/helm-gitlab-infra/-/commit/250800f29d0c3e8c6cc7955dc781da81b047ae6f basically, take the scontext *_t, then the tcontext *_t, the class, and then the { denied } part
<bentiss> then sudo semodule -i /etc/selinux/custom/local_podman.cil
<bentiss> daniels: FWIW, I'll be AFK the rest of the week. So worse case, just disable the runner, it'll be not worse than the past week
<daniels> ok, thanks! that's really helpful though, I think I can figure the rest out from here
<daniels> hope you enjoy your long weekend
MajorBiscuit has joined #freedesktop
AbleBacon has quit [Read error: Connection reset by peer]
vkareh has joined #freedesktop
ximion has joined #freedesktop
Leopold_ has joined #freedesktop
MrCooper has quit [Remote host closed the connection]
MrCooper has joined #freedesktop
Haaninjo has joined #freedesktop
ninja21859 has quit [Remote host closed the connection]
ninja21859 has joined #freedesktop
ximion has quit [Quit: Detached from the Matrix]
MajorBiscuit has quit [Ping timeout: 480 seconds]
Leopold_ has quit [Remote host closed the connection]
Leopold_ has joined #freedesktop
Guest934 has quit [Ping timeout: 480 seconds]
MrCooper has quit [Remote host closed the connection]
MrCooper has joined #freedesktop
<acidbong> hi there, hello. I wanna write a daemon in Python that takes PrepareForSleep from logind and runs a lockscreen, but I have zero experience in Python. where do I start?
<acidbong> (I'm not using systemd, so sleep.target isn't a choice for me)
thaller has joined #freedesktop
___nick___ has quit []
___nick___ has joined #freedesktop
___nick___ has quit []
___nick___ has joined #freedesktop
MajorBiscuit has joined #freedesktop
AbleBacon has joined #freedesktop
MajorBiscuit has quit [Quit: WeeChat 3.6]
oldpcuser has joined #freedesktop
Satan2 has joined #freedesktop
alanc has quit [Remote host closed the connection]
alanc has joined #freedesktop
___nick___ has quit [Ping timeout: 480 seconds]
Satan2 has quit [Quit: Bad stuff happened]
Satan2 has joined #freedesktop
Satan2 has quit []
Satan2 has joined #freedesktop
mvlad has quit [Remote host closed the connection]
agd5f has quit [Read error: No route to host]
agd5f has joined #freedesktop
Haaninjo has quit [Quit: Ex-Chat]
todi has quit [Remote host closed the connection]
todi has joined #freedesktop
vkareh has quit [Quit: WeeChat 3.6]
ximion has joined #freedesktop
sima has quit [Ping timeout: 480 seconds]
agd5f_ has joined #freedesktop
agd5f has quit [Read error: Connection reset by peer]
Satan2 has quit [Remote host closed the connection]
darwin has joined #freedesktop