Fedora buildsys and SELinux

Eric Paris eparis at redhat.com
Fri May 9 20:00:17 UTC 2008 

On Fri, 2008-05-09 at 15:33 -0400, Eric Paris wrote:
> On Fri, 2008-05-02 at 13:20 -0400, Stephen Smalley wrote:
> > One question that has come up is whether the patch to support setting
> > unknown file labels is sufficient to support the buildsys needs, or
> > whether something more is required.  My impression is that all we truly
> > need is:
> > 1) support for setting unknown file labels for use by rpm, and
> > 2) bind mount /dev/null over selinux/load within the chroot so that
> > policy loads within the chroot do nothing rather than changing the build
> > host's policy, and
> > 3) bind mount a regular empty file over selinux/context within the
> > chroot so that attempts to validate/canonicalize contexts by rpm will
> > always return the original value w/o trying to validate against the
> > build host's policy.
> 
> So I ran livecd-creator today with a couple of things inside the
> chroot /selinux
> 
> load -> /dev/null
> null -> /dev/null
> context = [blank file]
> mls = 1
> enforcing = 1
> policyvers = 22
> 
> This was attempting to build a F9 livecd on an F9 box, so I wasn't
> worried about the labeling issues (although the kernel in question is
> patched to support unknown labels)
> 
> Things blew up spectacularly   :)

So I added O_TRUNC to both of the callers to /selinux/context in
libselinux and that took care of the lsetfilecon() crap but I still get
tons and tons of "scriptlet failed, exit status 255"

Anyone have ideas/suggestions how to debug those more?  

warning: libgcc-4.3.0-8: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
  Installing: libgcc                       ##################### [  1/129] 
error: %post(libgcc-4.3.0-8.x86_64) scriptlet failed, exit status 255
  Installing: setup                        ##################### [  2/129] 
  Installing: filesystem                   ##################### [  3/129] 
  Installing: basesystem                   ##################### [  4/129] 
  Installing: ncurses-base                 ##################### [  5/129] 
  Installing: tzdata                       ##################### [  6/129] 
  Installing: rootfiles                    ##################### [  7/129] 
  Installing: glibc                        ##################### [  8/129] 
error: %post(glibc-2.8-3.x86_64) scriptlet failed, exit status 255
  Installing: ncurses-libs                 ##################### [  9/129] 
error: %post(ncurses-libs-5.6-16.20080301.fc9.x86_64) scriptlet failed, exit status 255
  Installing: popt                         ##################### [ 10/129] 
error: %post(popt-1.13-3.fc9.x86_64) scriptlet failed, exit status 255
  Installing: zlib                         ##################### [ 11/129] 
error: %post(zlib-1.2.3-18.fc9.x86_64) scriptlet failed, exit status 255

More information about the fedora-selinux-list mailing list