Bug 1065572

Summary: libseccomp requires kernel
Product: [Fedora] Fedora Reporter: Zbigniew Jędrzejewski-Szmek <zbyszek>
Component: libseccompAssignee: Paul Moore <pmoore>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: hhoyer, johannbg, juzhang, lpoetter, pmoore
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: libseccomp-2.1.1-1.fc21 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1066136 1212058 (view as bug list) Environment:
Last Closed: 2014-02-19 16:57:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1212058    

Description Zbigniew Jędrzejewski-Szmek 2014-02-15 00:24:04 UTC
Description of problem:
libseccomp requires the kernel package. This means that any package containing a program linked to libseccomp will force the installation of the kernel package. One such package is systemd (in versions >= 209), which is often installed in containers and lighweight VMs which do not have a kernel. Installing the kernel (and dependent packages) is a very large overhead for the minimal installation.

I understand the reason for this dependency, but it doesn't really work: on one hand, seccomp does detect missing kernel capabilities, and on the other, even with the kernel package installed one can run an older kernel, since it is multi-installable.

Version-Release number of selected component (if applicable):

How reproducible:

Comment 1 Paul Moore 2014-02-17 21:05:04 UTC
Resolved in libseccomp-2.1.1-1.fc21.

This BZ is against Rawhide, do you see a need for this in F20 as well, or are you happy to see it in F21?

Comment 2 Zbigniew Jędrzejewski-Szmek 2014-02-17 21:06:45 UTC
F21 is enough, thanks.

Comment 3 Paul Moore 2014-02-17 21:13:48 UTC
Okay, once I see the updated package propagate out to my Rawhide system I'll consider this closed.

Comment 4 Jóhann B. Guðmundsson 2014-02-18 10:58:18 UTC
This should also be fixed in all the GA releases ( F19/F20 ). 

People are running containers there as well

Comment 5 Zbigniew Jędrzejewski-Szmek 2014-02-18 13:01:27 UTC
Yeah, but we have no intention of linking to libseccomp there.

Comment 6 Paul Moore 2014-02-19 16:57:57 UTC
Everything looks fine now on my Rawhide system:

# rpm -q libseccomp libseccomp-devel
# rpm -qR libseccomp
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsXz) <= 5.2-1
# rpm -qR libseccomp-devel
libseccomp(x86-64) = 2.1.1-1.fc21
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsXz) <= 5.2-1

Comment 7 Paul Moore 2014-02-25 20:08:32 UTC
*** Bug 1069867 has been marked as a duplicate of this bug. ***