Bug 1212058

Summary:	libseccomp requires kernel
Product:	Red Hat Enterprise Linux 7	Reporter:	Lukáš Nykrýn <lnykryn>
Component:	libseccomp	Assignee:	Paul Moore <pmoore>
Status:	CLOSED DUPLICATE	QA Contact:	Virtualization Bugs <virt-bugs>
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	7.2	CC:	extras-qa, hhoyer, johannbg, juzhang, lpoetter, pmoore, rjsm, vpavlin, zbyszek
Target Milestone:	rc
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:	1065572	Environment:
Last Closed:	2015-04-16 22:00:55 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1065572
Bug Blocks:

Description Lukáš Nykrýn 2015-04-15 13:24:04 UTC

We are rebasing systemd in 7.2 and we have the same problem as in fedora.


+++ This bug was initially created as a clone of Bug #1065572 +++

Description of problem:
libseccomp requires the kernel package. This means that any package containing a program linked to libseccomp will force the installation of the kernel package. One such package is systemd (in versions >= 209), which is often installed in containers and lighweight VMs which do not have a kernel. Installing the kernel (and dependent packages) is a very large overhead for the minimal installation.

I understand the reason for this dependency, but it doesn't really work: on one hand, seccomp does detect missing kernel capabilities, and on the other, even with the kernel package installed one can run an older kernel, since it is multi-installable.

Version-Release number of selected component (if applicable):
libseccomp-2.1.0-1.fc20.x86_64

How reproducible:
100%

--- Additional comment from Paul Moore on 2014-02-17 22:05:04 CET ---

Resolved in libseccomp-2.1.1-1.fc21.

This BZ is against Rawhide, do you see a need for this in F20 as well, or are you happy to see it in F21?

--- Additional comment from Zbigniew Jędrzejewski-Szmek on 2014-02-17 22:06:45 CET ---

F21 is enough, thanks.

--- Additional comment from Paul Moore on 2014-02-17 22:13:48 CET ---

Okay, once I see the updated package propagate out to my Rawhide system I'll consider this closed.

--- Additional comment from Jóhann B. Guðmundsson on 2014-02-18 11:58:18 CET ---

This should also be fixed in all the GA releases ( F19/F20 ). 

People are running containers there as well

--- Additional comment from Zbigniew Jędrzejewski-Szmek on 2014-02-18 14:01:27 CET ---

Yeah, but we have no intention of linking to libseccomp there.

--- Additional comment from Paul Moore on 2014-02-19 17:57:57 CET ---

Everything looks fine now on my Rawhide system:

# rpm -q libseccomp libseccomp-devel
libseccomp-2.1.1-1.fc21.x86_64
libseccomp-devel-2.1.1-1.fc21.x86_64
# rpm -qR libseccomp
/sbin/ldconfig
/sbin/ldconfig
libc.so.6()(64bit)
libc.so.6(GLIBC_2.14)(64bit)
libc.so.6(GLIBC_2.2.5)(64bit)
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rtld(GNU_HASH)
rpmlib(PayloadIsXz) <= 5.2-1
# rpm -qR libseccomp-devel
/usr/bin/pkg-config
libc.so.6()(64bit)
libc.so.6(GLIBC_2.2.5)(64bit)
libc.so.6(GLIBC_2.3)(64bit)
libseccomp(x86-64) = 2.1.1-1.fc21
libseccomp.so.2()(64bit)
pkgconfig
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rtld(GNU_HASH)
rpmlib(PayloadIsXz) <= 5.2-1

--- Additional comment from Paul Moore on 2014-02-25 21:08:32 CET ---

Comment 1 Václav Pavlín 2015-04-15 13:53:36 UTC

This is very important for container images we produce because we don't want to have Kernel there.

Comment 2 Paul Moore 2015-04-16 22:00:55 UTC


*** This bug has been marked as a duplicate of bug 1066136 ***