setroublshoot reports an error preventing ldconfig from writing to /dev/null durring a mock build Ataching the setroubleshoot output.
Created attachment 267171 [details] setroubleshoot output
doesnt prevent mock builds, simply produces annoying log messages. Should be filed against selinux-policy.
This is caused by a mislabling of the mock build direcrtory /dev/null should be labeled null_device_t not dev_log_t. I think the true solution to get mock to run in a context that does not transion to confined domains, so these avc's dont happen.
dwalsh, Thanks for the help. I have fixed this in mock by doing a "chcon --reference=/dev/FILE /mock/build/root/dev/FILE". This fixes this issue for all of the /dev/ entries in mock. There are still a couple other denials that dont have file details: SELinux is preventing /sbin/depmod (depmod_t) "search" to (var_lib_t). SELinux is preventing useradd (useradd_t) "read write" to (var_log_t). SELinux is preventing tzdata-update (tzdata_t) "search" to (var_lib_t). I'm not sure how to fix these because it does not list the path it is trying to access. Can you explain more about "get mock to run in a context that does not transion to confined domains"? I dont follow this. This specific bug I am going to mark as FIXED - NEXTRELEASE. I dont intend to make another release for a few weeks, at least. If you would like to check out the fixed version, please look in the git repository for mock.