So, several things ...
On Mon, Jun 11, 2018 at 4:41 PM, Richard W.M. Jones <rjones@xxxxxxxxxx> wrote:
> (Adding virt-tools-list)
>
> On Fri, Jun 08, 2018 at 02:20:22PM +0200, Timothée Floure wrote:
>> Hello,
>>
>> I'm trying to package virt-bootstrap [0], but various tests fail due to
>> SELinux. I know some selinux basics from redhat's selinux manual [1],
>> but am unsure about how to approach the issue.
virt-bootstrap is already part of Fedora28+.
>>
>> For example, the following command - extracted from a failing test -
>> fails due to SELinux:
>>
>> ```
>> virt-sandbox -c qemu:///session --name=bootstrap_26639 -m host-bind:/mnt=/tmp/tmps77ywg1n_bootstrap_dest -- /bin/tar xf /tmp/tmp8gca1fzq_bootstrap_tarfiles/b52c708f02ff0ee783331f23f723ed9123dfc72994e19d1c33f3bd5db723007a.tar -C /mnt --exclude "dev/*" --overwrite --absolute-names
>> ```
>>
>> ```
>> type=AVC msg=audit(1525329618.892:19448): avc: denied { read } for pid=31860 comm="qemu-system-x86" name="config" dev="dm-3" ino=4589515 scontext=unconfined_u:unconfined_r:svirt_t:s0:c422,c725 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir permissive=0
>> ```
This is something that, IMO, should be reported as an issue for the
selinux-policy component. But maybe virt-sandbox/qemu maintainers have
a different opinion here.
>>
>> I also attached the related specfile to this email. I would appreciate
>> if someone could take a few minutes to redirect me.
>>
>>
>> [0] https://github.com/virt-manager/virt-bootstrap
>> [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/part_i-selinux
>>
>> Thanks !
>>
>> --
>> Timothée Floure
>
>> %global debug_package %{nil}
>>
>> Name: virt-bootstrap
>> Version: 1.0.0
>> Release: 1%{?dist}
>> Summary: Easy way to setup the root file system for libvirt-based containers
>>
>> License: GPLv3
>> URL: https://github.com/virt-manager/%{name}
>> Source0: https://github.com/virt-manager/%{name}/archive/v%{version}.tar.gz
>>
>> BuildArch: noarch
>> BuildRequires: python3-devel
>> BuildRequires: perl-podlators
>> BuildRequires: sed
>> # Provides virt-sandbox
>> BuildRequires: libvirt-sandbox
>> # Provides virt-builder
>> BuildRequires: libguestfs-tools-c
>> BuildRequires: python3-libguestfs
>> BuildRequires: python3-passlib
>> BuildRequires: python3-mock
>> Requires: skopeo
>> # Provides virt-sandbox
>> Requires: libvirt-sandbox
>> # Provides virt-builder
>> Requires: libguestfs-tools-c
>> Requires: python3-libguestfs
>> Requires: python3-passlib
>>
>> %description
>> %{summary}.
>>
>> %prep
>> %setup -q
>>
>>
>> %build
>> %py3_build
>>
>> %install
>> %py3_install
>>
>> sed -i 's|#!/usr/bin/env python|#!/usr/bin/python|' \
>> %{buildroot}%{python3_sitelib}/virtBootstrap/virt_bootstrap.py
>>
>> chmod +x %{buildroot}%{python3_sitelib}/virtBootstrap/virt_bootstrap.py
>>
>> %check
>> %{__python3} setup.py test
>>
>> %files
>> %license LICENSE
>> %doc README.md
>> %{_bindir}/%{name}
>> %{python3_sitelib}/*
>> %{_mandir}/man1/%{name}.1*
>>
>> %changelog
>> * Mon Apr 30 2018 Timothée Floure <fnux@xxxxxxxxxxxxxxxxx> - 1.0.0-1
>> - Let there be package
>
>
>
>
>> _______________________________________________
>> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
>> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/EYYT6HPMNJXQNFRUR3BA3NLVCFLY6RMA/
>
>
> --
> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> libguestfs lets you edit virtual machines. Supports shell scripting,
> bindings from many languages. http://libguestfs.org
>
> _______________________________________________
> virt-tools-list mailing list
> virt-tools-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/virt-tools-list
Best Regards,
--
Fabiano Fidêncio
_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list
