Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rootless rpm-ostree can't mknod; causes broken RHCOS #1950

Closed
jlebon opened this issue Dec 10, 2019 · 0 comments · Fixed by #1951
Closed

Rootless rpm-ostree can't mknod; causes broken RHCOS #1950

jlebon opened this issue Dec 10, 2019 · 0 comments · Fixed by #1951
Assignees
@cgwalters

Comments

@jlebon
Copy link
Member

jlebon commented Dec 10, 2019

#1946 (comment)

In #1946, we gave dracut cap_mknod so it can create /dev/[u]random so it's baked in the final CPIO (background on this is in https://bugzilla.redhat.com/show_bug.cgi?id=1778940). However, running the compose in a rootless podman will still fail to mknod. And because RHCOS now relies on those devices being there on early boot, we now fail to boot.

We need to either bake it into the CPIO ourselves or (ideally) teach dracut to do this.
@jlebon jlebon mentioned this issue Dec 10, 2019
Merged
@cgwalters cgwalters self-assigned this Dec 10, 2019
cgwalters added a commit to cgwalters/rpm-ostree that referenced this issue Dec 10, 2019
@cgwalters
kernel: Append /dev/{u,}random to initrd instead of dracut caps
5911d82 
Rather than giving dracut `cap_mknod` which won't work in
unprivileged scenarios, append a tiny static pre-generated CPIO
blob with `/dev/random` and `/dev/urandom` to the output of
dracut.

This is a hack until dracut does this itself.  But the problem
is patches to dracut will take eleven billion years to ship
in RHCOS.

Closes: coreos#1950
@cgwalters cgwalters mentioned this issue Dec 10, 2019
Merged
cgwalters added a commit to cgwalters/rpm-ostree that referenced this issue Dec 10, 2019
@cgwalters
kernel: Append /dev/{u,}random to initrd instead of dracut caps
1846aed 
Rather than giving dracut `cap_mknod` which won't work in
unprivileged scenarios, append a tiny static pre-generated CPIO
blob with `/dev/random` and `/dev/urandom` to the output of
dracut.

This is a hack until dracut does this itself.  But the problem
is patches to dracut will take eleven billion years to ship
in RHCOS.

Closes: coreos#1950
openshift-merge-robot pushed a commit that referenced this issue Dec 10, 2019
@cgwalters @openshift-merge-robot
kernel: Append /dev/{u,}random to initrd instead of dracut caps
4e3c41b 
Rather than giving dracut `cap_mknod` which won't work in
unprivileged scenarios, append a tiny static pre-generated CPIO
blob with `/dev/random` and `/dev/urandom` to the output of
dracut.

This is a hack until dracut does this itself.  But the problem
is patches to dracut will take eleven billion years to ship
in RHCOS.

Closes: #1950
@ericcurtin ericcurtin mentioned this issue Nov 2, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cgwalters cgwalters

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

kernel: Append /dev/{u,}random to initrd instead of dracut caps cgwalters/rpm-ostree
2 participants
@cgwalters @jlebon