Description of problem: We define an ovirt_exec_t for init scripts here: http://gerrit.ovirt.org/gitweb?p=ovirt-node.git;a=blob;f=recipe/ovirt16-post.ks;h=1e33816644404a7d2f1b1e7133ac5411e2ce7f59;hb=HEAD#l134 But during build it appears as if it isn't picked up at some point (see below, last line of additional info) One not: It seems as if the errors don't appear during policy creating but during some livecd-* runs (see flattened spec http://jenkins.virt.bos.redhat.com/jenkins/job/ovirt-node-iso-f17/ws/ovirt-node-iso.ks) Version-Release number of selected component (if applicable): F17 build Additional info: Configuring SELinux Compiling targeted ovirt module ============ NOTE: No errors here =============== /usr/bin/checkmodule: loading policy configuration from tmp/ovirt.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 15) to tmp/ovirt.mod Creating targeted ovirt.pp policy package rm tmp/ovirt.mod tmp/ovirt.mod.fc Attempting to install module 'ovirt.pp': Ok: return value of 0. Committing changes: Ok: transaction number 0. Fixing boot menu /usr/share/info/dir: could not read (No such file or directory) and could not create (No such file or directory) Removing python source files Creating manifest....done ============ NOTE: But here, which should be where we invoke livecd-* scripts (needs to be confirmed) =============== /etc/selinux/targeted/contexts/files/file_contexts: line 4180 has invalid context system_u:object_r:ovirt_exec_t:s0 /etc/selinux/targeted/contexts/files/file_contexts: line 4410 has invalid context system_u:object_r:ovirt_exec_t:s0
Additionally it should be noted that the two init files do no longer exist on F17 as we use systemd units there
This problems seems quite generic as it seems to appear each time (in this or another way, affecting different types) when the host selinux policy doesn't match the policy used within the image. It's more a build problem than a problem of Node.