Created attachment 800508 [details] root.log from failed mock build Description of problem: If I set the basedir to my external hard disk (which mounts on /data -- space on the internal SSD is scarce)... config_opts['basedir'] = '/data/mock/lib' ...building packages in mock doesn't work anymore. Version-Release number of selected component (if applicable): mock-1.1.33-1.fc19.noarch yum-3.4.3-106.fc19.noarch rpm-4.11.1-3.fc19.x86_64 How reproducible: reproducible Steps to Reproduce: 1. Configure "config_opts['basedir'] = '/data/mock/lib'" in /etc/mock/site-defaults.cfg 2. "mock rebuild <some SRPM>" or in a dist-git checkout, "fedpkg mockbuild" Actual results: See attached root.log Expected results: building packages in mock works even if basedir is not the default Additional info: I think the SELinux context of /data/mock/{lib,cache} is correct, "ausearch -sv none -ts recent" doesn't yield results after a failed build. nils@gibraltar:~> ls -lZa /data/mock/ drwxr-xr-x. root root unconfined_u:object_r:file_t:s0 . drwxrwxrwt. nils nils system_u:object_r:file_t:s0 .. drwxrwsr-x. root mock unconfined_u:object_r:file_t:s0 cache drwxrwsr-x. root mock system_u:object_r:mock_var_lib_t:s0 lib Unlike bug #980244, the RPM database files have correct permissions: nils@gibraltar:~> ls -l /data/mock/lib/fedora-rawhide-x86_64/root/var/lib/rpm total 14212 -rw-r--r--. 1 root mock 761856 Sep 20 15:19 Basenames -rw-r--r--. 1 root mock 8192 Sep 20 15:19 Conflictname -rw-r--r--. 1 root mock 176128 Sep 20 15:19 Dirnames -rw-r--r--. 1 root mock 8192 Sep 20 15:19 Group -rw-r--r--. 1 root mock 12288 Sep 20 15:19 Installtid -rw-r--r--. 1 root mock 16384 Sep 20 15:19 Name -rw-r--r--. 1 root mock 8192 Sep 20 15:19 Obsoletename -rw-r--r--. 1 root mock 13340672 Sep 20 15:19 Packages -rw-r--r--. 1 root mock 98304 Sep 20 15:19 Providename -rw-r--r--. 1 root mock 65536 Sep 20 15:19 Requirename -rw-r--r--. 1 root mock 28672 Sep 20 15:19 Sha1header -rw-r--r--. 1 root mock 16384 Sep 20 15:19 Sigmd5 -rw-r--r--. 1 root mock 8192 Sep 20 15:19 Triggername
Hmmm, I created /home/tmp/mock on my system and then set basedir of a fedora-19-x86_64.cfg to point there. I got all kinds of weird errors until I set the gid bit of /home/tmp/mock to be setgid mock: $ sudo chgrp mock /home/tmp/mock $ sudo chmod g+s /home/tmp/mock Then I could build packages with selinux turned on or off. I can't tell from your 'ls -lZa' whether the /data/mock directory is setgid mock. If it is then we need to dig deeper.
On a different tack, our SELinux guru said that an easier way would be to bind-mount your /data/mock directory over /var/lib/mock: $ sudo mount -bind /data/mock /var/lib/mock
(In reply to Clark Williams from comment #1) > Hmmm, I created /home/tmp/mock on my system and then set basedir of a > fedora-19-x86_64.cfg to point there. I got all kinds of weird errors until I > set the gid bit of /home/tmp/mock to be setgid mock: > > $ sudo chgrp mock /home/tmp/mock > $ sudo chmod g+s /home/tmp/mock > > Then I could build packages with selinux turned on or off. > > I can't tell from your 'ls -lZa' whether the /data/mock directory is setgid > mock. If it is then we need to dig deeper. It is setgid mock: nils@gibraltar:~> ls /data/mock/ -lZa drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 . drwxrwxrwt. nils nils system_u:object_r:file_t:s0 .. drwxrwsr-x. root mock unconfined_u:object_r:default_t:s0 cache drwxrwsr-x. root mock system_u:object_r:default_t:s0 lib (In reply to Clark Williams from comment #2) > On a different tack, our SELinux guru said that an easier way would be to > bind-mount your /data/mock directory over /var/lib/mock: > > $ sudo mount -bind /data/mock /var/lib/mock I'd like to do that, but /data is on an external disk and that would triple the number of mount operations: mount /data mount --bind /data/mock/lib /var/lib/mock mount --bind /data/mock/cache /var/cache/mock I've looked into mock's bind_mount options but they apparently only work for bind mounts into the build root, but not for the rest.
(In reply to Nils Philippsen from comment #3) > (In reply to Clark Williams from comment #2) > > On a different tack, our SELinux guru said that an easier way would be to > > bind-mount your /data/mock directory over /var/lib/mock: > > > > $ sudo mount -bind /data/mock /var/lib/mock > > I'd like to do that, but /data is on an external disk and that would triple > the number of mount operations: > > mount /data > mount --bind /data/mock/lib /var/lib/mock > mount --bind /data/mock/cache /var/cache/mock > This is on a USB drive? Or eSATA? You should be able to script those bind mounts rather easily. > I've looked into mock's bind_mount options but they apparently only work for > bind mounts into the build root, but not for the rest. Correct, mock's main concern is getting the organization and contents of the chroot correct. From what I see in your root log, you're running on f19 and kicked off a package build for a rawhide/f21 package. It looks like most of the %post sections failed during the installation and then rpm decides that the rpmdb is corrupt. What type of filesystem is on this external drive? If you point to a local filesystem, say something in /var/tmp does it still error out as before?
I just grabbed one of my external USB drives and tried to build an SRPM with the basedir set to that drive. Got the same sort of results as you did from rpm. This looks like an issue with NTFS (or HPFS or exFAT, whichever the drive filesystem is using).
I think I've found the issue: because the FS (ext4 BTW) is mounted by me ("user"), it was mounted with "noexec,nosuid,nodev" which breaks mock/rpm in interesting ways (found this when I tried to run "make" in the kernel source tree that's on the same volume) -- not sure if mock could check for this situation. Sorry for the hassle.