Bug 730416 - SELinux issues with rawhide buildroots with --shell
Summary: SELinux issues with rawhide buildroots with --shell
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: mock
Version: 15
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Clark Williams
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-12 20:30 UTC by Orion Poplawski
Modified: 2011-11-14 16:13 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-11-14 16:13:19 UTC


Attachments (Terms of Use)

Description Orion Poplawski 2011-08-12 20:30:02 UTC
Description of problem:

I'm trying to test out a build failure with a fedora-rawhide-x86_64 build root using mock --shell.  When run during the build, the xauth command (as called by xvfb-run) appears to work okay.  But when I run under --shell I get:

mock -r fedora-rawhide-x86_64 --shell
INFO: mock.py version 1.1.12 starting...
State Changed: init plugins
INFO: selinux enabled
State Changed: start
State Changed: lock buildroot
mock-chroot> xauth
xauth: error while loading shared libraries: libXau.so.6: cannot open shared object file: Permission denied
mock-chroot> strace xauth
execve("/usr/bin/xauth", ["xauth"], [/* 14 vars */]) = 0
brk(0)                                  = 0xdc3000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9da328a000
access("/etc/ld.so.preload", R_OK)      = -1 EACCES (Permission denied)
open("/etc/ld.so.cache", O_RDONLY)      = -1 EACCES (Permission denied)
open("/lib64/tls/x86_64/libXau.so.6", O_RDONLY) = -1 EACCES (Permission denied)
stat("/lib64/tls/x86_64", 0x7fff30d5a5a0) = -1 EACCES (Permission denied)
open("/lib64/tls/libXau.so.6", O_RDONLY) = -1 EACCES (Permission denied)
stat("/lib64/tls", 0x7fff30d5a5a0)      = -1 EACCES (Permission denied)
open("/lib64/x86_64/libXau.so.6", O_RDONLY) = -1 EACCES (Permission denied)
stat("/lib64/x86_64", 0x7fff30d5a5a0)   = -1 EACCES (Permission denied)
open("/lib64/libXau.so.6", O_RDONLY)    = -1 EACCES (Permission denied)
stat("/lib64", 0x7fff30d5a5a0)          = -1 EACCES (Permission denied)
open("/usr/lib64/tls/x86_64/libXau.so.6", O_RDONLY) = -1 EACCES (Permission denied)
stat("/usr/lib64/tls/x86_64", 0x7fff30d5a5a0) = -1 EACCES (Permission denied)
open("/usr/lib64/tls/libXau.so.6", O_RDONLY) = -1 EACCES (Permission denied)
stat("/usr/lib64/tls", 0x7fff30d5a5a0)  = -1 EACCES (Permission denied)
open("/usr/lib64/x86_64/libXau.so.6", O_RDONLY) = -1 EACCES (Permission denied)
stat("/usr/lib64/x86_64", 0x7fff30d5a5a0) = -1 EACCES (Permission denied)
open("/usr/lib64/libXau.so.6", O_RDONLY) = -1 EACCES (Permission denied)
stat("/usr/lib64", 0x7fff30d5a5a0)      = -1 EACCES (Permission denied)
writev(2, [{"xauth", 5}, {": ", 2}, {"error while loading shared libra"..., 36}, {": ", 2}, {"libXau.so.6", 11}, {": ", 2}, {"cannot open shared object file", 30}, {": ", 2}, {"Permission denied", 17}, {"\n", 1}], 10xauth: error while loading shared libraries: libXau.so.6: cannot open shared object file: Permission denied
) = 108
exit_group(127)                         = ?

Version-Release number of selected component (if applicable):
mock-1.1.12-1.fc15.noarch

This host is running in enforcing mode.  If I switch to permissive, it works.

Perhaps the selinux plugin needs to be updated for new location of /selinux?

Comment 1 Clark Williams 2011-10-12 19:02:47 UTC
Orion,

I suspect that the issue has to do with the way --shell setup the chroot (since it didn't do it the same way as --rebuild or --chroot). I've just refactored the code so that --shell and --chroot do the same setup steps as a --rebuild. 

I'd send you a patch but it's pretty big, so easiest thing would be to wait for 1.1.16 to hit brew. I'll try and ping you when it does.

Comment 2 Clark Williams 2011-11-11 21:43:55 UTC
Orion,

Have you been able to check the behavior of the current mock with this command?

Comment 3 Orion Poplawski 2011-11-14 16:13:19 UTC
It appears to be working now, thanks!


Note You need to log in before you can comment on or make changes to this bug.