mach/mock and selinux
Oliver Falk
oliver at linux-kernel.at
Sat May 21 11:45:26 UTC 2005
> petersen at redhat.com (Jens Petersen) writes:
>
> >>>Thanks. I tried it and got to:
> >>>
> >>>$ mock -r fedora-3-i386-core mock-0.1-1.src.rpm
> > ::
> >>> Non-zero return value 127 on executing
> >>>/usr/sbin/mock-helper chroot
> >>>/var/lib/mock//fedora-3-i386-core/root /sbin/runuser - root -c
> >>>"/usr/sbin/useradd -u 500 -d /builddir mockbuild"
> >
> > Ok I haven't tested, but apparently this is caused by using
> > selinux,
> > which presumably also explains the problem I was seeing
> > earlier with mach.
>
> SELinux was never designed to work with or in chroot
> environments, and unless somebody implements another kernel
> API, this will not change. So best would be, to disable
> SELinux completely at system start.
Correct, Enrico, but wouldn't make sense to give user mock all (selinux)
permission for /var/lib/mock!? Just in case someone wants to have selinux
enabled, but also wants to use mock :-) Hmmm. Or is this caused by useradd
that want's to write /var/lib/mock/*/*/etc/{passwd,group,shadow}? If so it
might be harder to find a good solution. I don't think that allowing useradd
to write to /var/lib/mock/*/* is a good idea...
However, just my 2 cent. As I'm not a selinux-fan and have it disabled on my
dev-boxes, I don't mind. :-)
Best,
Oliver
More information about the fedora-extras-list
mailing list