Description of problem: Since the install of mock-0.6.5 I've often been getting the following errors when running with --no-clean: Could not create dir /var/lib/mock/fedora-5-i386-core/root/var/lock/rpm. Error: [Errno 13] Permission denied: '/var/lib/mock/fedora-5-i386-core/root/var/lock/rpm' Version-Release number of selected component (if applicable): mock-0.6.5-1.fc5
After a full run, I end up with: /var/lib/mock/fedora-5-x86_64-core/root/var/lock: drwxrwxr-x root lock root:object_r:var_lib_t . drwxr-xr-x root root root:object_r:var_lib_t .. drwx------ root root root:object_r:var_lib_t lvm drwxr-sr-x orion mock root:object_r:var_lib_t rpm drwxr-xr-x root root root:object_r:var_lib_t subsys So from then on it works for me, but I suspect no one else could use the same mock buildroot with the --no-clean option. Here's an old pre-mock 0.6.5 dir: /var/lib/mock/fedora-4-i386-core/root/var/lock: drwxrwxr-x root lock user_u:object_r:var_lib_t . drwxr-xr-x root root user_u:object_r:var_lib_t .. drwx------ root root user_u:object_r:var_lib_t lvm drwxr-xr-x root root user_u:object_r:var_lib_t subsys
Hmmm, we haven't changed anything with regard to uid's for some time. That makes me suspect that we're tripping over some new SELinux behavior. What release are you using to host the mock builds? FC6? Clark
FC6. The only avc I see is: audit(1166054769.556:22): avc: denied { write } for pid=16557 comm="mount" name="root.log" dev=dm-2 ino=8392900 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file audit(1166058540.243:23): avc: denied { write } for pid=23164 comm="umount" name="root.log" dev=dm-2 ino=8392900 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file reported in bug 216920. May be others that are dontaudited though.