Bug 1641252

Summary: Use of nspawn blocks a socket mock needs for its pm_request plugin
Product: [Fedora] Fedora Reporter: Nicolas Mailhot <nicolas.mailhot>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: dwalsh, lvrabec, mgrepl, nicolas.mailhot, plautrba
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1641253 (view as bug list) Environment:
Last Closed: 2018-11-09 12:48:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1641187, 1641191    

Description Nicolas Mailhot 2018-10-20 13:49:33 UTC 
When activating the nspawn mock extension in EPEL or Fedora mock, the pm request stops working, because the socket the pm request client uses to talk to mock is blocked.

There is probably a bad security rule somewhere.

This is blocking pm request activation in koji and copr
Comment 1 Lukas Vrabec 2018-11-03 12:19:46 UTC 
Hi, 

Could you please reproduce it and attach output of:

# ausearch -m AVC -ts recent 

Thanks,
Lukas.
Comment 2 Nicolas Mailhot 2018-11-09 12:48:03 UTC 
In
https://github.com/rpm-software-management/mock/issues/218

mock upstream seems to think the problem is a bad nspawn configuration. I hoped they would finish the nspawn fix to confirm the selinux part is ok, but it is taking time.

So, I'll tentatively close this to avoid wasting your time while upstream fixes the nspawn conf.