Bug 209642 - Problems with /var/lock/rpm and mock-0.6.5
Problems with /var/lock/rpm and mock-0.6.5
Product: Fedora Hosted Projects
Classification: Retired
Component: mock (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Clark Williams
Depends On:
  Show dependency treegraph
Reported: 2006-10-06 12:04 EDT by Orion Poplawski
Modified: 2013-01-09 23:06 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-17 16:28:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2006-10-06 12:04:22 EDT
Description of problem:

Since the install of mock-0.6.5 I've often been getting the following errors
when running with --no-clean:

Could not create dir /var/lib/mock/fedora-5-i386-core/root/var/lock/rpm. Error:
[Errno 13] Permission denied: '/var/lib/mock/fedora-5-i386-core/root/var/lock/rpm'

Version-Release number of selected component (if applicable):
Comment 1 Orion Poplawski 2006-10-06 12:13:03 EDT
After a full run, I end up with:

drwxrwxr-x  root  lock root:object_r:var_lib_t          .
drwxr-xr-x  root  root root:object_r:var_lib_t          ..
drwx------  root  root root:object_r:var_lib_t          lvm
drwxr-sr-x  orion mock root:object_r:var_lib_t          rpm
drwxr-xr-x  root  root root:object_r:var_lib_t          subsys

So from then on it works for me, but I suspect no one else could use the same
mock buildroot with the --no-clean option.

Here's an old pre-mock 0.6.5 dir:

drwxrwxr-x  root lock user_u:object_r:var_lib_t        .
drwxr-xr-x  root root user_u:object_r:var_lib_t        ..
drwx------  root root user_u:object_r:var_lib_t        lvm
drwxr-xr-x  root root user_u:object_r:var_lib_t        subsys
Comment 2 Clark Williams 2006-12-14 14:01:12 EST
Hmmm, we haven't changed anything with regard to uid's for some time. That makes
me suspect that we're tripping over some new SELinux behavior. 

What release are you using to host the mock builds? FC6?

Comment 3 Orion Poplawski 2006-12-14 16:54:19 EST

The only avc I see is:

audit(1166054769.556:22): avc:  denied  { write } for  pid=16557 comm="mount"
name="root.log" dev=dm-2 ino=8392900 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=file
audit(1166058540.243:23): avc:  denied  { write } for  pid=23164 comm="umount"
name="root.log" dev=dm-2 ino=8392900 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=file

reported in bug 216920.  May be others that are dontaudited though.

Note You need to log in before you can comment on or make changes to this bug.