On Fri, 09 May 2008 16:00:17 -0400 Eric Paris <eparis@xxxxxxxxxx> wrote: > On Fri, 2008-05-09 at 15:33 -0400, Eric Paris wrote: > > On Fri, 2008-05-02 at 13:20 -0400, Stephen Smalley wrote: > > > One question that has come up is whether the patch to support > > > setting unknown file labels is sufficient to support the buildsys > > > needs, or whether something more is required. My impression is > > > that all we truly need is: > > > 1) support for setting unknown file labels for use by rpm, and > > > 2) bind mount /dev/null over selinux/load within the chroot so > > > that policy loads within the chroot do nothing rather than > > > changing the build host's policy, and > > > 3) bind mount a regular empty file over selinux/context within the > > > chroot so that attempts to validate/canonicalize contexts by rpm > > > will always return the original value w/o trying to validate > > > against the build host's policy. > > > > So I ran livecd-creator today with a couple of things inside the > > chroot /selinux > > > > load -> /dev/null > > null -> /dev/null > > context = [blank file] > > mls = 1 > > enforcing = 1 > > policyvers = 22 > > > > This was attempting to build a F9 livecd on an F9 box, so I wasn't > > worried about the labeling issues (although the kernel in question > > is patched to support unknown labels) > > > > Things blew up spectacularly :) > > So I added O_TRUNC to both of the callers to /selinux/context in > libselinux and that took care of the lsetfilecon() crap but I still > get tons and tons of "scriptlet failed, exit status 255" > > Anyone have ideas/suggestions how to debug those more? > > warning: libgcc-4.3.0-8: Header V3 DSA signature: NOKEY, key ID > 4f2a6fd2 Installing: libgcc > ##################### [ 1/129] error: %post(libgcc-4.3.0-8.x86_64) > scriptlet failed, exit status 255 Installing: > setup ##################### [ 2/129] > Installing: filesystem ##################### > [ 3/129] Installing: basesystem > ##################### [ 4/129] Installing: > ncurses-base ##################### [ 5/129] > Installing: tzdata ##################### > [ 6/129] Installing: rootfiles > ##################### [ 7/129] Installing: > glibc ##################### [ 8/129] error: > %post(glibc-2.8-3.x86_64) scriptlet failed, exit status 255 > Installing: ncurses-libs ##################### > [ 9/129] error: %post(ncurses-libs-5.6-16.20080301.fc9.x86_64) > scriptlet failed, exit status 255 Installing: > popt ##################### [ 10/129] error: > %post(popt-1.13-3.fc9.x86_64) scriptlet failed, exit status 255 > Installing: zlib ##################### > [ 11/129] error: %post(zlib-1.2.3-18.fc9.x86_64) scriptlet failed, > exit status 255 These all look like library packages so I'd hazard a guess that the thing that's failing is ldconfig. Perhaps you could replace ldconfig with a wrapper than runs it under strace? Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
