If a user has their role set to staff_u, the selinux policy prevents them from using mock to build packages. mricon@nikko:[~]$ mock -r fedora-17-x86_64 rpmbuild/SRPMS/totpcgi-0.5.0-2.fc17.src.rpm INFO: mock.py version 1.1.22 starting... State Changed: init plugins INFO: selinux enabled State Changed: start ERROR: Cannot find/open srpm: rpmbuild/SRPMS/totpcgi-0.5.0-2.fc17.src.rpm. Error: Unable to open file mricon@nikko:[~]$ id -Z staff_u:staff_r:staff_t:s0 mricon@nikko:[~]$ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 26 The AVCs are too numerous to list and are mostly for staff_consolehelper_t.
Could you compress these AVC msgs and attach them? Thank you.
Created attachment 595024 [details] AVCs obtained on fedora 17
Created attachment 595025 [details] AVCs obtained on RHEL6
Created attachment 711990 [details] mock -r fedora-rawhide-x86_64 -v --rebuild awstats-7.1.1-1.fc20.src.rpm staff_u can't use mock also in Rawhide selinux-policy-3.12.1-20.fc19.noarch mock-1.1.29-1.fc19.noarch
Petr, did it work with a local policy?
*** This bug has been marked as a duplicate of bug 923927 ***