Etienne Champetier issues

Results 43 issues of


                                            Etienne Champetier

trafficstars

rpm-ostree: set untrusted ostree pull flag

By default ostree validate checksum when pulling from remote repos, but not for local repos. Set the untrusted ostree pull flag to always validate files.

manual testing required

f38

Ensure tuned is started before the network

After=network.target was introduced in dd9ee3ef5d207f766d01688184ff8b717483a56f to work around network initscripts reloading sysctls Some sysctls like net.core.default_qdisc need to be applied before network interface are brought up, so use Before=network-pre.target Signed-off-by:...

Set LimitNOFILE=1048576 in containerd.service

LimitNOFILE was either 1048576 or infinity since 2017 https://github.com/containerd/containerd/commit/b009642e1accccb128e96652ee019d4a01eddbfc This means soft limit was at a minimum 1048576 since then. Since systemd 240, infinity is 1073741816 which causes issue, and...

needs-ok-to-test

size/XS

shadow files are user readable

Scanning my system using oscap / cis profile, shadow files have incorrect permissions **Host system details** Alma 8.7 based OS **Expected vs actual behavior** ``` # ls -l /etc/*shadow* -r--------....

priority/medium

difficulty/medium

triaged

fail compose when new users / groups are created

### Describe the bug When using check-passwd/group file it would be great to have an option to fail the build when new entries are found ### Reproduction steps part of...

area/baseimage-builds

area/passwd

area/sd-sysusers

rpm script output not always printed

rpm scripts outputs are often not printed, so we potentially missing important errors or warnings **Host system details** Alma 8.8 build host (rpm-ostree 2022.10...) **Expected vs actual behavior** ``` #...

priority/high

difficulty/medium

triaged

AuthenticAMD.bin includes README, breaking early loading

**Describe the bug** Dracut builds AuthenticAMD.bin by doing more or less `cat /usr/lib/firmware/amd-ucode/* > AuthenticAMD.bin` Since https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode/README?id=89ec6198f13d1007563ff87aae5de209e993be07 the folder contains a README file. **Distribution used** Alma 8 / Alma 9...

bug

cockpit.file().replace() doesn't preserve owner/group/mode

### Explain what happens https://github.com/cockpit-project/cockpit/blob/27cb665b5c135481f900dafac0c1b754ab91b5a0/src/bridge/cockpitfsreplace.c#L270 replace create a new world readable file, this is a problem when using replace() to write any kind of sensitive data. Developer can call chmod...

bug

cockpit-bridge

Using OVS internal interfaces instead of veth ?

Has anyone attempted to use OVS internal interfaces instead of veth ? It was mentioned a long time ago by @phoracek in https://github.com/k8snetworkplumbingwg/ovs-cni/issues/2#issuecomment-413576807_ but can't find anything about why it...

some files don't have mtime set to 0

Using rpm-ostree-2022.2-2.el8.alma.x86_64 / ostree-2022.1-2.el8.x86_64 (Alma 8.6) Here the files that have mtime not set to 0: - All empty files: ``` diff -u