[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: mach/mock and selinux



> petersen redhat com (Jens Petersen) writes:
> 
> >>>Thanks.  I tried it and got to:
> >>>
> >>>$ mock -r fedora-3-i386-core mock-0.1-1.src.rpm
> > ::
> >>> Non-zero return value 127 on executing 
> >>>/usr/sbin/mock-helper chroot  
> >>>/var/lib/mock//fedora-3-i386-core/root /sbin/runuser - root -c 
> >>>"/usr/sbin/useradd -u 500 -d /builddir mockbuild"
> >
> > Ok I haven't tested, but apparently this is caused by using 
> > selinux, 
> > which presumably also explains the problem I was seeing 
> > earlier with mach.
> 
> SELinux was never designed to work with or in chroot 
> environments, and unless somebody implements another kernel 
> API, this will not change. So best would be, to disable 
> SELinux completely at system start.

Correct, Enrico, but wouldn't make sense to give user mock all (selinux)
permission for /var/lib/mock!? Just in case someone wants to have selinux
enabled, but also wants to use mock :-) Hmmm. Or is this caused by useradd
that want's to write /var/lib/mock/*/*/etc/{passwd,group,shadow}? If so it
might be harder to find a good solution. I don't think that allowing useradd
to write to /var/lib/mock/*/* is a good idea...

However, just my 2 cent. As I'm not a selinux-fan and have it disabled on my
dev-boxes, I don't mind. :-)

Best,
 Oliver


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]