Jonathan Lebon
Jonathan Lebon
I wouldn't necessarily try to tackle every provider which supports this in one card. Maybe we can make this one about GCP, and have separate cards for others? That way...
The difference with the root one is that it's modifying an existing partition (so it needs to refer to it), whereas the /var one is new. And actually, ideally that...
I'm not sure I understand. Can you clarify: did a user hit a bug somehow related to this? How did this come on your radar?
@benjaminpreiss Are you still interested in tweaking this PR as suggested above?
I think they're saying that even with the `svirt_home_t` label, it wasn't working. It'd be helpful to see the exact AVC denial you're hitting if you can still reproduce this.
Hmm, we might just need to clarify that if you're using the session libvirt, then it goes in `~/.local/share/libvirt/images/` and if the system one, `/var/lib/libvirt/images`. Or just rework it so...
The only concern I have with this "redirect" plan is that it now makes our image pulls dependent on both registry.fedoraproject.org and Quay.io working, instead of just the latter. For...
Related: #105 I say there: > I'd prefer we don't upload Jenkins logs to the S3 bucket in case credentials get leaked somehow in there. Though maybe that's too conservative?...
Another slightly more complex but more foolproof approach is making the pipeline job entirely credentials-less, and make the uploading part a separate job entirely.
Retitled issue. I still think this would be good to do, but we need to think through how to do it carefully. We've been moving towards native Jenkins credentials recently,...