Вопросы про porteus

Добро пожаловать!

Moderator: Blaze

User avatar
Blaze
DEV Team
DEV Team
Posts: 3917
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus current ☯ all DEs ☯
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

Вопросы про porteus

Post#646 by Blaze » 27 Oct 2024, 06:14

bytie, согласно скрипту проверки check-config.sh этот пакет cgroupfs-mount_1.4_all.deb 100% необходим и должен быть запущен от root пользователя:

Code: Select all

/usr/bin/cgroupfs-mount
А так в config kernel не так все хорошо:

Code: Select all

enerally Necessary:
- cgroup hierarchy: properly mounted [/sys/fs/cgroup]
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: missing
- CONFIG_CGROUP_DEVICE: missing
- CONFIG_CGROUP_FREEZER: missing
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: missing
- CONFIG_MEMCG: missing
- CONFIG_KEYS: enabled
- CONFIG_VETH: enabled (as module)
- CONFIG_BRIDGE: enabled (as module)
- CONFIG_BRIDGE_NETFILTER: enabled (as module)
- CONFIG_IP_NF_FILTER: enabled (as module)
- CONFIG_IP_NF_MANGLE: enabled (as module)
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_IPVS: missing
- CONFIG_NETFILTER_XT_MARK: enabled (as module)
- CONFIG_IP_NF_NAT: enabled (as module)
- CONFIG_NF_NAT: enabled (as module)
- CONFIG_POSIX_MQUEUE: enabled
- CONFIG_CGROUP_BPF: missing

Optional Features:
- CONFIG_USER_NS: enabled
- CONFIG_SECCOMP: enabled
- CONFIG_SECCOMP_FILTER: enabled
- CONFIG_CGROUP_PIDS: missing
- CONFIG_MEMCG_SWAP: missing
    (cgroup swap accounting is currently enabled)
- CONFIG_LEGACY_VSYSCALL_NONE: enabled
    (containers using eglibc <= 2.13 will not work. Switch to
     "CONFIG_VSYSCALL_[NATIVE|EMULATE]" or use "vsyscall=[native|emulate]"
     on kernel command line. Note that this will disable ASLR for the,
     VDSO which may assist in exploiting security vulnerabilities.)
- CONFIG_BLK_CGROUP: missing
- CONFIG_BLK_DEV_THROTTLING: missing
- CONFIG_CGROUP_PERF: missing
- CONFIG_CGROUP_HUGETLB: missing
- CONFIG_NET_CLS_CGROUP: missing
- CONFIG_CGROUP_NET_PRIO: missing
- CONFIG_CFS_BANDWIDTH: missing
- CONFIG_FAIR_GROUP_SCHED: enabled
- CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
- CONFIG_IP_VS: missing
- CONFIG_IP_VS_NFCT: missing
- CONFIG_IP_VS_PROTO_TCP: missing
- CONFIG_IP_VS_PROTO_UDP: missing
- CONFIG_IP_VS_RR: missing
- CONFIG_SECURITY_SELINUX: missing
- CONFIG_SECURITY_APPARMOR: missing
- CONFIG_EXT4_FS: enabled
- CONFIG_EXT4_FS_POSIX_ACL: enabled
- CONFIG_EXT4_FS_SECURITY: enabled
- Network Drivers:
  - "overlay":
    - CONFIG_VXLAN: missing
    - CONFIG_BRIDGE_VLAN_FILTERING: enabled
      Optional (for encrypted networks):
      - CONFIG_CRYPTO: enabled
      - CONFIG_CRYPTO_AEAD: enabled
      - CONFIG_CRYPTO_GCM: enabled (as module)
      - CONFIG_CRYPTO_SEQIV: enabled
      - CONFIG_CRYPTO_GHASH: enabled
      - CONFIG_XFRM: enabled
      - CONFIG_XFRM_USER: enabled
      - CONFIG_XFRM_ALGO: enabled
      - CONFIG_INET_ESP: enabled (as module)
      - CONFIG_NETFILTER_XT_MATCH_BPF: enabled (as module)
  - "ipvlan":
    - CONFIG_IPVLAN: missing
  - "macvlan":
    - CONFIG_MACVLAN: missing
    - CONFIG_DUMMY: missing
  - "ftp,tftp client in container":
    - CONFIG_NF_NAT_FTP: enabled (as module)
    - CONFIG_NF_CONNTRACK_FTP: enabled (as module)
    - CONFIG_NF_NAT_TFTP: enabled (as module)
    - CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
- Storage Drivers:
  - "btrfs":
    - CONFIG_BTRFS_FS: enabled
    - CONFIG_BTRFS_FS_POSIX_ACL: enabled
  - "overlay":
    - CONFIG_OVERLAY_FS: enabled
  - "zfs":
    - /dev/zfs: missing
    - zfs command: missing
    - zpool command: missing

Limits:
- /proc/sys/kernel/keys/root_maxkeys: 1000000
Отправлено спустя 1 час 9 минут 59 секунд:
Постарался активировать все опции ядра под docker.
64bit-ALL-kernel6.11.5-docker.tar (Внимание! Cборка производилась под Porteus 5.1 alpha)
Лично, ядро не проверял.

Отправлено спустя 2 часа 26 минут 35 секунд:
Запустил docker без libcgroup (без cgroupfs-mount так же запускается).

В процессах запущен:

Code: Select all

ps aux | grep -i [d]ocker
root      6808  1.7  0.3 2249632 65020 pts/0   Sl   12:40   0:01 /usr/bin/dockerd -p /var/run/dockerd.pid
root      6820  0.2  0.2 2244164 45536 ?       Ssl  12:40   0:00 containerd --config /var/run/docker/containerd/containerd.toml
guest     7033  4.0  0.4 612348 70828 ?        Sl   12:41   0:01 /usr/bin/xed /var/log/docker.log
в логах докера

Code: Select all

time="2024-10-27T12:47:31.911639274+03:00" level=warning msg="WARNING: No swap limit support"
time="2024-10-27T12:47:31.911701884+03:00" level=warning msg="WARNING: No kernel memory TCP limit support"
time="2024-10-27T12:47:31.911731672+03:00" level=warning msg="WARNING: No oom kill disable support"
time="2024-10-27T12:47:31.911794791+03:00" level=warning msg="WARNING: bridge-nf-call-iptables is disabled"
time="2024-10-27T12:47:31.911814760+03:00" level=warning msg="WARNING: bridge-nf-call-ip6tables is disabled"
Прогнал скрипт - на выходе имеем для ядра два missing

Code: Select all

CONFIG_MEMCG_SWAP: missing
CONFIG_CGROUP_HUGETLB: missing
и предупреждение

Code: Select all

- CONFIG_LEGACY_VSYSCALL_NONE: enabled
    (containers using eglibc <= 2.13 will not work. Switch to
     "CONFIG_VSYSCALL_[NATIVE|EMULATE]" or use "vsyscall=[native|emulate]"
     on kernel command line. Note that this will disable ASLR for the,
     VDSO which may assist in exploiting security vulnerabilities.)
и еще по zfs

Code: Select all

  - "zfs":
    - /dev/zfs: missing
    - zfs command: missing
    - zpool command: missing
Еще мне не нравятся опции с SELinux и APPARMOR - отключу в следующих сборках.

Отправлено спустя 1 час 52 минуты 22 секунды:
Пересобрал ядро без SELinux и APPARMOR
Porteus Kernel Builder (Пост Blaze #100899)
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

bytie
White ninja
White ninja
Posts: 11
Joined: 15 Oct 2024, 12:29
Distribution: Porteus 5

Вопросы про porteus

Post#647 by bytie » 30 Oct 2024, 03:36

Blaze, ядро я поставил в 5.01 и загрузился, но ничего не изменилось. Подожду выхода Porteus 5.1.

User avatar
Blaze
DEV Team
DEV Team
Posts: 3917
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus current ☯ all DEs ☯
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

Вопросы про porteus

Post#648 by Blaze » 30 Oct 2024, 13:23

bytie, ядро правильно обновили?

Code: Select all

# Все операции производить от root пользователя!

# заменить 000-kernel.xzm
# удалить crippled_sources.xzm
# По своему желанию добавить 06-crippled_sources-NNN-XXbit.xzm
/путь-до/porteus/base

# заменить vmlinuz
/путь-до/boot/syslinux

# перезагрузить Porteus
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

bytie
White ninja
White ninja
Posts: 11
Joined: 15 Oct 2024, 12:29
Distribution: Porteus 5

Вопросы про porteus

Post#649 by bytie » 31 Oct 2024, 16:51

Blaze, правильно.

Code: Select all

guest@porteus.example.net
-------------------------
OS: Porteus 5.01 x86_64 
Host: Z9PE-D8 WS 1.0x 
Kernel: 6.11.5-porteus 
Uptime: 8 mins 
Повторил ещё раз для верности. Увы, `sudo ./rc.docker start` к успешному запуску не приводит. `sudo dockerd` в итоге говорит "failed to start daemon: Devices cgroup isn't mounted".

Post Reply