This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 614440 - [PATCH] Get mock to turn off selinux within the chroot
[PATCH] Get mock to turn off selinux within the chroot
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: mock (Show other bugs)
14
All Linux
low Severity medium
: ---
: ---
Assigned To: Clark Williams
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-14 09:51 EDT by Thomas Liu
Modified: 2013-01-10 01:04 EST (History)
7 users (show)

See Also:
Fixed In Version: mock-1.1.10-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-23 17:58:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
patch to mock (2.66 KB, text/plain)
2010-07-14 10:53 EDT, Thomas Liu
no flags Details
mock errors (66.89 KB, text/plain)
2010-08-07 16:49 EDT, Julian Sikorski
no flags Details

  None (edit)
Description Thomas Liu 2010-07-14 09:51:16 EDT
Hi,

Dan Walsh and I have been working on confining mock builds with SELinux.  As part of this process, we need mock to think selinux is turned off within the chroot.  This patch accomplishes this by remounting /proc/filesystems within the chroot so that SELinux appears to be off.  We also pass RPM the NOCONTEXTS flag so that it won't put down labels.

Thanks,
-Thomas
Comment 1 Clark Williams 2010-07-14 10:31:30 EDT
Umm, what patch?
Comment 2 Thomas Liu 2010-07-14 10:53:32 EDT
Created attachment 431803 [details]
patch to mock
Comment 3 Thomas Liu 2010-07-14 10:53:58 EDT
Sorry, think I forgot to attach the patch the first time.
Comment 4 Clark Williams 2010-07-14 18:01:19 EDT
I applied your patch but yum failed due to this block of code:

@@ -623,7 +635,7 @@ class Root(object):
     def _yum(self, cmd, returnOutput=0):
         """use yum to install packages/package groups into the chroot"""
         # mock-helper yum --installroot=rootdir cmd
-        cmdOpts = ""
+        cmdOpts = "--setopt=tsflags=nocontexts"
         if not self.online:
             cmdOpts = "-C"


As far as I know, yum does not have a --setopt option.
Comment 5 Daniel Walsh 2010-07-15 08:56:43 EDT
Thomas, What version of python were you testing with?  I think this all works in F14
Comment 6 Thomas Liu 2010-07-15 15:45:45 EDT
I have been using yum-3.2.27-16.fc14.noarch, which does have this setopt option.
Comment 7 Bug Zapper 2010-07-30 08:34:31 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle.
Changing version to '14'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 8 Fedora Update System 2010-08-03 18:25:06 EDT
mock-1.1.3-1.fc14 has been submitted as an update for Fedora 14.
http://admin.fedoraproject.org/updates/mock-1.1.3-1.fc14
Comment 9 Fedora Update System 2010-08-03 18:25:59 EDT
mock-1.1.3-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/mock-1.1.3-1.fc13
Comment 10 Fedora Update System 2010-08-03 18:28:58 EDT
mock-1.0.10-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/mock-1.0.10-1.el5
Comment 11 Fedora Update System 2010-08-03 18:30:03 EDT
mock-1.0.10-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/mock-1.0.10-1.fc12
Comment 12 Fedora Update System 2010-08-04 19:04:34 EDT
mock-1.0.10-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update mock'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/mock-1.0.10-1.el5
Comment 13 Fedora Update System 2010-08-05 10:22:23 EDT
mock-1.1.3-1.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update mock'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/mock-1.1.3-1.fc14
Comment 14 Fedora Update System 2010-08-05 19:36:04 EDT
mock-1.1.3-1.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update mock'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/mock-1.1.3-1.fc13
Comment 15 Fedora Update System 2010-08-05 19:37:35 EDT
mock-1.0.10-1.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update mock'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/mock-1.0.10-1.fc12
Comment 16 Julian Sikorski 2010-08-07 16:49:42 EDT
Created attachment 437374 [details]
mock errors

I'm not sure if this is the right place for the bug, but I'm seeing some strange warnings upon finishing a mock job when --resultdir is involved.
Adding "config_opts['plugin_conf']['selinux_enable'] = False" to site-defaults.cfg remedies it. Packages still build, though. I have attached the console output. This is with mock-1.1.3-1.fc13.noarch.
Comment 17 Fedora Update System 2010-08-07 19:23:43 EDT
mock-1.1.3-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Clark Williams 2010-08-09 10:49:26 EDT
Julian,

Argggh, I missed the calls to 'chattr' in utils.rmtree(). I'll have to figure out a way to tell that routine whether to do chattr's, so the next update might take a little bit...
Comment 19 Fedora Update System 2010-08-19 13:20:44 EDT
mock-1.1.4-1.fc14 has been submitted as an update for Fedora 14.
http://admin.fedoraproject.org/updates/mock-1.1.4-1.fc14
Comment 20 Fedora Update System 2010-08-19 13:21:51 EDT
mock-1.1.4-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/mock-1.1.4-1.fc13
Comment 21 Fedora Update System 2010-08-19 13:32:37 EDT
mock-1.0.11-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/mock-1.0.11-1.fc12
Comment 22 Fedora Update System 2010-08-19 13:33:57 EDT
mock-1.0.11-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/mock-1.0.11-1.el5
Comment 23 Fedora Update System 2010-08-19 17:59:59 EDT
mock-1.0.11-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update mock'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/mock-1.0.11-1.el5
Comment 24 Paul Howarth 2010-08-20 11:43:46 EDT
I guess this bug supersedes Bug #573111 ?
Comment 25 Clark Williams 2010-08-21 08:55:48 EDT
No, that one is telling yum/rpm not to lay down labels. That operation is not affected by the selinux plugin since that "turns off" selinux when running inside the chroot and all yum/rpm operations happen outside the chroot (they just operation *on* the chroot files).
Comment 26 Fedora Update System 2010-08-23 17:57:22 EDT
mock-1.1.4-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 27 Fedora Update System 2010-08-23 21:28:03 EDT
mock-1.1.4-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 28 Fedora Update System 2010-08-25 21:02:47 EDT
mock-1.0.11-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 29 Fedora Update System 2010-09-20 10:42:48 EDT
mock-1.0.12-1.fc12 has been submitted as an update for Fedora 12.
https://admin.fedoraproject.org/updates/mock-1.0.12-1.fc12
Comment 30 Fedora Update System 2010-09-20 10:44:22 EDT
mock-1.0.12-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/mock-1.0.12-1.el5
Comment 31 Fedora Update System 2010-10-20 11:44:34 EDT
mock-1.0.13-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/mock-1.0.13-1.el5
Comment 32 Fedora Update System 2010-10-20 11:46:53 EDT
mock-1.0.13-1.fc12 has been submitted as an update for Fedora 12.
https://admin.fedoraproject.org/updates/mock-1.0.13-1.fc12
Comment 33 Fedora Update System 2010-12-14 11:14:47 EST
mock-1.0.14-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/mock-1.0.14-1.el5
Comment 34 Fedora Update System 2011-01-18 15:05:00 EST
mock-1.0.15-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/mock-1.0.15-1.el5
Comment 35 Fedora Update System 2011-02-19 21:27:10 EST
mock-1.1.9-1.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/mock-1.1.9-1.fc13
Comment 36 Fedora Update System 2011-02-19 21:30:11 EST
mock-1.0.16-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/mock-1.0.16-1.el5
Comment 37 Fedora Update System 2011-02-19 21:33:02 EST
mock-1.1.9-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/mock-1.1.9-1.el6
Comment 38 Fedora Update System 2011-02-19 21:35:54 EST
mock-1.1.9-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/mock-1.1.9-1.fc14
Comment 39 Fedora Update System 2011-03-03 03:25:54 EST
mock-1.1.9-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 40 Fedora Update System 2011-03-03 03:34:35 EST
mock-1.1.9-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 41 Fedora Update System 2011-05-13 16:34:58 EDT
mock-1.1.10-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/mock-1.1.10-1.fc15
Comment 42 Fedora Update System 2011-05-13 16:39:24 EDT
mock-1.1.10-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/mock-1.1.10-1.fc14
Comment 43 Fedora Update System 2011-05-13 16:43:39 EDT
mock-1.0.17-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/mock-1.0.17-1.el5
Comment 44 Fedora Update System 2011-05-13 16:47:58 EDT
mock-1.1.10-1.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/mock-1.1.10-1.fc13
Comment 45 Fedora Update System 2011-05-13 16:52:21 EDT
mock-1.1.10-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/mock-1.1.10-1.el6
Comment 46 Fedora Update System 2011-05-19 00:36:18 EDT
mock-1.1.10-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 47 Fedora Update System 2011-05-24 22:43:38 EDT
mock-1.1.10-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 48 Fedora Update System 2011-05-24 23:17:51 EDT
mock-1.1.10-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 49 Fedora Update System 2011-06-02 15:07:46 EDT
mock-1.0.17-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 50 Fedora Update System 2011-06-02 15:17:37 EDT
mock-1.1.10-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.