[virt-tools-list] virt-bootstrap: libvirt and SELinux issues
Richard W.M. Jones
rjones at redhat.com
Mon Jun 11 14:41:31 UTC 2018
(Adding virt-tools-list)
On Fri, Jun 08, 2018 at 02:20:22PM +0200, Timothée Floure wrote:
> Hello,
>
> I'm trying to package virt-bootstrap [0], but various tests fail due to
> SELinux. I know some selinux basics from redhat's selinux manual [1],
> but am unsure about how to approach the issue.
>
> For example, the following command - extracted from a failing test -
> fails due to SELinux:
>
> ```
> virt-sandbox -c qemu:///session --name=bootstrap_26639 -m host-bind:/mnt=/tmp/tmps77ywg1n_bootstrap_dest -- /bin/tar xf /tmp/tmp8gca1fzq_bootstrap_tarfiles/b52c708f02ff0ee783331f23f723ed9123dfc72994e19d1c33f3bd5db723007a.tar -C /mnt --exclude "dev/*" --overwrite --absolute-names
> ```
>
> ```
> type=AVC msg=audit(1525329618.892:19448): avc: denied { read } for pid=31860 comm="qemu-system-x86" name="config" dev="dm-3" ino=4589515 scontext=unconfined_u:unconfined_r:svirt_t:s0:c422,c725 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir permissive=0
> ```
>
> I also attached the related specfile to this email. I would appreciate
> if someone could take a few minutes to redirect me.
>
>
> [0] https://github.com/virt-manager/virt-bootstrap
> [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/part_i-selinux
>
> Thanks !
>
> --
> Timothée Floure
> %global debug_package %{nil}
>
> Name: virt-bootstrap
> Version: 1.0.0
> Release: 1%{?dist}
> Summary: Easy way to setup the root file system for libvirt-based containers
>
> License: GPLv3
> URL: https://github.com/virt-manager/%{name}
> Source0: https://github.com/virt-manager/%{name}/archive/v%{version}.tar.gz
>
> BuildArch: noarch
> BuildRequires: python3-devel
> BuildRequires: perl-podlators
> BuildRequires: sed
> # Provides virt-sandbox
> BuildRequires: libvirt-sandbox
> # Provides virt-builder
> BuildRequires: libguestfs-tools-c
> BuildRequires: python3-libguestfs
> BuildRequires: python3-passlib
> BuildRequires: python3-mock
> Requires: skopeo
> # Provides virt-sandbox
> Requires: libvirt-sandbox
> # Provides virt-builder
> Requires: libguestfs-tools-c
> Requires: python3-libguestfs
> Requires: python3-passlib
>
> %description
> %{summary}.
>
> %prep
> %setup -q
>
>
> %build
> %py3_build
>
> %install
> %py3_install
>
> sed -i 's|#!/usr/bin/env python|#!/usr/bin/python|' \
> %{buildroot}%{python3_sitelib}/virtBootstrap/virt_bootstrap.py
>
> chmod +x %{buildroot}%{python3_sitelib}/virtBootstrap/virt_bootstrap.py
>
> %check
> %{__python3} setup.py test
>
> %files
> %license LICENSE
> %doc README.md
> %{_bindir}/%{name}
> %{python3_sitelib}/*
> %{_mandir}/man1/%{name}.1*
>
> %changelog
> * Mon Apr 30 2018 Timothée Floure <fnux at fedoraproject.org> - 1.0.0-1
> - Let there be package
> _______________________________________________
> devel mailing list -- devel at lists.fedoraproject.org
> To unsubscribe send an email to devel-leave at lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/EYYT6HPMNJXQNFRUR3BA3NLVCFLY6RMA/
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
More information about the virt-tools-list
mailing list