wcohen forwarded:
> [...]
>> [root@dhcp23-91 ~]# atomic run --spc
>> candidate-registry.fedoraproject.org/f26/systemtap
>> <http://candidate-registry.fedoraproject.org/f26/systemtap>
>> docker run --cap-add SYS_MODULE -v /sys/kernel/debug:/sys/kernel/debug
>> -v /usr/src/kernels:/usr/src/kernels -v /usr/lib/modules/:/usr/lib/modules/
>> -v /usr/lib/debug:/usr/lib/debug -t -i --name systemtap-spc
>> candidate-registry.fedoraproject.org/f26/systemtap
>> <http://candidate-registry.fedoraproject.org/f26/systemtap>
>> [...]
>> ERROR: Couldn't insert module
>> '/tmp/stapNEjJDX/stap_4f013e7562b546a0316af840de9f0713_8509.ko': Operation
>> not permitted
>> [...]
I bet
# setenforce 0
makes it work for you. As per audit.log:
type=AVC msg=audit(1507222590.683:7940): avc: denied { module_load }
for pid=7595 comm="staprun" scontext=system_u:system_r:container_t:s0:c534,c921
tcontext=system_u:system_r:container_t:s0:c534,c921 tclass=system permissive=1
- FChE
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
