On Mon, Jun 11, 2018 at 5:34 PM, Fabiano Fidêncio <fidencio@xxxxxxxxxx> wrote: > So, several things ... > > On Mon, Jun 11, 2018 at 4:41 PM, Richard W.M. Jones <rjones@xxxxxxxxxx> wrote: >> (Adding virt-tools-list) >> >> On Fri, Jun 08, 2018 at 02:20:22PM +0200, Timothée Floure wrote: >>> Hello, >>> >>> I'm trying to package virt-bootstrap [0], but various tests fail due to >>> SELinux. I know some selinux basics from redhat's selinux manual [1], >>> but am unsure about how to approach the issue. > > virt-bootstrap is already part of Fedora28+. And a link for the builds: https://koji.fedoraproject.org/koji/packageinfo?packageID=27008 > >>> >>> For example, the following command - extracted from a failing test - >>> fails due to SELinux: >>> >>> ``` >>> virt-sandbox -c qemu:///session --name=bootstrap_26639 -m host-bind:/mnt=/tmp/tmps77ywg1n_bootstrap_dest -- /bin/tar xf /tmp/tmp8gca1fzq_bootstrap_tarfiles/b52c708f02ff0ee783331f23f723ed9123dfc72994e19d1c33f3bd5db723007a.tar -C /mnt --exclude "dev/*" --overwrite --absolute-names >>> ``` >>> >>> ``` >>> type=AVC msg=audit(1525329618.892:19448): avc: denied { read } for pid=31860 comm="qemu-system-x86" name="config" dev="dm-3" ino=4589515 scontext=unconfined_u:unconfined_r:svirt_t:s0:c422,c725 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir permissive=0 >>> ``` > > This is something that, IMO, should be reported as an issue for the > selinux-policy component. But maybe virt-sandbox/qemu maintainers have > a different opinion here. > >>> >>> I also attached the related specfile to this email. I would appreciate >>> if someone could take a few minutes to redirect me. >>> >>> >>> [0] https://github.com/virt-manager/virt-bootstrap >>> [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/part_i-selinux >>> >>> Thanks ! >>> >>> -- >>> Timothée Floure >> >>> %global debug_package %{nil} >>> >>> Name: virt-bootstrap >>> Version: 1.0.0 >>> Release: 1%{?dist} >>> Summary: Easy way to setup the root file system for libvirt-based containers >>> >>> License: GPLv3 >>> URL: https://github.com/virt-manager/%{name} >>> Source0: https://github.com/virt-manager/%{name}/archive/v%{version}.tar.gz >>> >>> BuildArch: noarch >>> BuildRequires: python3-devel >>> BuildRequires: perl-podlators >>> BuildRequires: sed >>> # Provides virt-sandbox >>> BuildRequires: libvirt-sandbox >>> # Provides virt-builder >>> BuildRequires: libguestfs-tools-c >>> BuildRequires: python3-libguestfs >>> BuildRequires: python3-passlib >>> BuildRequires: python3-mock >>> Requires: skopeo >>> # Provides virt-sandbox >>> Requires: libvirt-sandbox >>> # Provides virt-builder >>> Requires: libguestfs-tools-c >>> Requires: python3-libguestfs >>> Requires: python3-passlib >>> >>> %description >>> %{summary}. >>> >>> %prep >>> %setup -q >>> >>> >>> %build >>> %py3_build >>> >>> %install >>> %py3_install >>> >>> sed -i 's|#!/usr/bin/env python|#!/usr/bin/python|' \ >>> %{buildroot}%{python3_sitelib}/virtBootstrap/virt_bootstrap.py >>> >>> chmod +x %{buildroot}%{python3_sitelib}/virtBootstrap/virt_bootstrap.py >>> >>> %check >>> %{__python3} setup.py test >>> >>> %files >>> %license LICENSE >>> %doc README.md >>> %{_bindir}/%{name} >>> %{python3_sitelib}/* >>> %{_mandir}/man1/%{name}.1* >>> >>> %changelog >>> * Mon Apr 30 2018 Timothée Floure <fnux@xxxxxxxxxxxxxxxxx> - 1.0.0-1 >>> - Let there be package >> >> >> >> >>> _______________________________________________ >>> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx >>> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx >>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/EYYT6HPMNJXQNFRUR3BA3NLVCFLY6RMA/ >> >> >> -- >> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones >> Read my programming and virtualization blog: http://rwmj.wordpress.com >> libguestfs lets you edit virtual machines. Supports shell scripting, >> bindings from many languages. http://libguestfs.org >> >> _______________________________________________ >> virt-tools-list mailing list >> virt-tools-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/virt-tools-list > > Best Regards, > -- > Fabiano Fidêncio _______________________________________________ virt-tools-list mailing list virt-tools-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/virt-tools-list
