skopeo rdepends on it, and skopeo has been extended to native and nativesdk, so container-host-config needs also be extended. Signed-off-by: Chen Qi <Qi.Chen@...> Signed-off-by: Bruce Ashfie

The /etc/containers/policy.json[1] file is used to specify verification policy. For now, we can see it's used by both cri-o and skopeo. To avoid conflict, we use container-host-config to provide this

ostree is in meta-oe, libseccomp is in oe-core. So remove these two. Signed-off-by: Chen Qi <Qi.Chen@...> Signed-off-by: Bruce Ashfield <bruce.ashfield@...> --- README | 2 -- 1 file ch

From: Bruce Ashfield <bruce.ashfield@...> Instead of providing storage and registries configuration files in this package, we inherit container-host which will provide a common definition of the

From: Bruce Ashfield <bruce.ashfield@...> This is a configuration only recipe that produces a package which installs some common configuration files. In this introduction we have both registries

The old crio.conf file can cause cri-o start failure. The error message is as below. validating runtime config: runtime validation: failed to \ translate monitor fields for runtime runc: cgroupfs mana

From: Bruce Ashfield <bruce.ashfield@...> Introducing a small (at the moment) class that represents configuration and processing required to prepare a target image to be a container host. A reci

crio.service now reports the following error messages: level=error msg="Writing clean shutdown supported file: \ open /var/lib/crio/clean.shutdown.supported: no such file or directory" level=error msg

For cri-o, libselinux is optional, this can be seen from its Makefile. So let's make selinux optional by using PACKAGECONFIG, whose default value is determined by the DISTRO_FEATURES. In this way, met

libseccomp is not in oe-core. There's no need to check meta-security any more. Signed-off-by: Chen Qi <Qi.Chen@...> Signed-off-by: Bruce Ashfield <bruce.ashfield@...> --- recipes-conta

Hi Bruce, I've tested master-next and sent out three patches against it. The first one is a revert, which only means 'please drop the original patch from master-next'. With these three patches on mast

The /etc/containers/policy.json[1] file is used to specify verification policy. For now, we can see it's used by both cri-o and skopeo. To avoid conflict, we use container-host-config to provide this

skopeo rdepends on it, and skopeo has been extended to native and nativesdk, so container-host-config needs also be extended. Signed-off-by: Chen Qi <Qi.Chen@...> --- .../container-host-conf

Do NOT merge this patch. This revert-type patch is only an indication that the original patch on master-next should be dropped. A follow-up patch to master-next will be sent to add policy.json to cont

Hi Bruce, I've sent out V2. I also noticed there's a cri-o upgrade in master-next, so I cherry-picked it onto my branch and tested 'k8s + cri-o + flannel' for qemux86-64. Things are working. Regards,

For cri-o, libselinux is optional, this can be seen from its Makefile. So let's make selinux optional by using PACKAGECONFIG, whose default value is determined by the DISTRO_FEATURES. In this way, met

ostree is in meta-oe, libseccomp is in oe-core. So remove these two. Signed-off-by: Chen Qi <Qi.Chen@...> --- README | 2 -- 1 file changed, 2 deletions(-) diff --git a/README b/README index

OK, I see. Let's just drop this patch so that libselinux is still a dependency and the layer check is still there. I'll send out V2 of the README change to match the current situation. Regards, Qi

Yes, indeed. Thanks a lot for spotting that. A common configuration-only package does seem to be the most reasonable solution. Regards, Qi

I disable it by default to align with oe-core/meta-openembedded practice, although some of the recipes there are using DISTRO_FEATURES to determine the default value. Also, selinux is set to 'false' b