Merge "Don't set capabilities in priviledge mode"

This commit is contained in:
Zuul 2021-01-15 20:20:35 +00:00 committed by Gerrit Code Review
commit edd80b9369
20 changed files with 11 additions and 46 deletions

View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg

View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg

View File

@ -16,8 +16,6 @@ platforms:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
command: /sbin/init
capabilities:
- ALL
volumes:
- /run/udev:/run/udev:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
@ -36,8 +34,6 @@ platforms:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
command: /sbin/init
capabilities:
- ALL
volumes:
- /run/udev:/run/udev:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro

View File

@ -16,8 +16,6 @@ platforms:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
privileged: true
@ -33,8 +31,6 @@ platforms:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
privileged: true

View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /dev:/dev
- /lib/modules:/lib/modules

View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /dev:/dev
- /lib/modules:/lib/modules

View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /dev:/dev
- /lib/modules:/lib/modules

View File

@ -17,8 +17,6 @@ platforms:
/bin/mkdir -p /var/run/dbus &&
/usr/bin/dbus-uuidgen > /var/lib/dbus/machine-id &&
/usr/bin/dbus-daemon --config-file=/usr/share/dbus-1/system.conf
capabilities:
- ALL
volumes:
- /dev:/dev
- /lib/modules:/lib/modules

View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools cronie rsyslog
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg

View File

@ -12,8 +12,6 @@ platforms:
url: registry.access.redhat.com
dockerfile: Dockerfile
pkg_extras: python*setuptools
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg

View File

@ -12,8 +12,6 @@ platforms:
url: registry.access.redhat.com
dockerfile: Dockerfile
pkg_extras: python*setuptools
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg

View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg

View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg

View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro

View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro

View File

@ -13,8 +13,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
@ -35,8 +33,6 @@ platforms:
dockerfile: Dockerfile
pkg_extras: python*setuptools
command: /sbin/init
capabilities:
- ALL
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro

View File

@ -16,8 +16,6 @@ platforms:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
privileged: true
@ -33,8 +31,6 @@ platforms:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
command: /sbin/init
capabilities:
- ALL
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
privileged: true

View File

@ -12,8 +12,6 @@ platforms:
url: registry.access.redhat.com
dockerfile: Dockerfile
pkg_extras: python*setuptools
capabilities:
- ALL
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro

View File

@ -12,8 +12,6 @@ platforms:
url: registry.access.redhat.com
dockerfile: Dockerfile
pkg_extras: python*setuptools
capabilities:
- ALL
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro

View File

@ -15,6 +15,17 @@
include_role:
name: ensure-pip
# https://github.com/containers/podman/issues/8965
# podman rootless systemd is broken in 2.0.5, so we use 1.6.4
- name: Pin container-tools
become: true
shell: |
dnf module disable container-tools:rhel8 -y
dnf module enable container-tools:2.0 -y
when:
- (ansible_os_family | lower) == "redhat"
- (ansible_distribution_major_version | int) >= 8
- name: Setup bindep
pip:
name: "bindep"