-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing SELinux labeling on some files when built on SELinux-disabled hosts #362
Comments
I'm not immediately reproducing this with a full |
I'm sorry, I should have digged deeper. It seems it's fallout from using BOOTC_SKIP_SELINUX_HOST_CHECK, /etc/fstab is unlabeld in my image because the image was generated on a non-selinux system:
and indeed
For the "old" ostree stages we have a
But that won't work of course because the deployment is unlabled and osbuild no longer touches things after bootc isntall to-filesystem ran.
A very naive approach might be to just label it with something like:
but it feels a bit crude (sorry!). |
Ah. Yes that patch looks fine. I suspect the root ssh authorized keys would need similar treatment. Or maybe what would be best is to actually lower down into ostree something like (Or of course, put all this stuff behind something more like #267 which would handle this in a slightly more structured fashion) |
bootc install to-filesystem
on fedora:elnRight now bootc supports an experimental install from a non-selinux host when using the `BOOTC_SKIP_SELINUX_HOST_CHECK=1` option. This is nice and works relatively well. However files written during the install like /etc/fstab or the tmpfiles.dfile in /etc/tmpfile.d/bootc-root-ssh.conf must be labeled too. This commit adds a (rather crude) manual way to do this. Closes containers#362
Right now bootc supports an experimental install from a non-selinux host when using the `BOOTC_SKIP_SELINUX_HOST_CHECK=1` option. This is nice and works relatively well. However files written during the install like /etc/fstab or the tmpfiles.dfile in /etc/tmpfile.d/bootc-root-ssh.conf must be labeled too. This commit adds a (rather crude) manual way to do this. Closes containers#362
Right now bootc supports an experimental install from a non-selinux host when using the `BOOTC_SKIP_SELINUX_HOST_CHECK=1` option. This is nice and works relatively well. However files written during the install like /etc/fstab or the tmpfiles.dfile in /etc/tmpfile.d/bootc-root-ssh.conf must be labeled too. This commit adds a (rather crude) manual way to do this. Closes containers#362 Signed-off-by: Michael Vogt <[email protected]>
Right now bootc supports an experimental install from a non-selinux host when using the `BOOTC_SKIP_SELINUX_HOST_CHECK=1` option. This is nice and works relatively well. However files written during the install like /etc/fstab or the tmpfiles.dfile in /etc/tmpfile.d/bootc-root-ssh.conf must be labeled too. This commit adds a (rather crude) manual way to do this. Closes containers#362 Signed-off-by: Michael Vogt <[email protected]>
Right now bootc supports an experimental install from a non-selinux host when using the `BOOTC_SKIP_SELINUX_HOST_CHECK=1` option. This is nice and works relatively well. However files written during the install like /etc/fstab or the tmpfiles.dfile in /etc/tmpfile.d/bootc-root-ssh.conf must be labeled too. This commit adds a (rather crude) manual way to do this. Closes containers#362 Signed-off-by: Michael Vogt <[email protected]>
Right now bootc supports an experimental install from a non-selinux host when using the `BOOTC_SKIP_SELINUX_HOST_CHECK=1` option. This is nice and works relatively well. However files written during the install like /etc/fstab or the tmpfiles.dfile in /etc/tmpfile.d/bootc-root-ssh.conf must be labeled too. This commit adds a (rather crude) manual way to do this. Closes containers#362 Signed-off-by: Michael Vogt <[email protected]>
Right now bootc supports an experimental install from a non-selinux host when using the `BOOTC_SKIP_SELINUX_HOST_CHECK=1` option. This is nice and works relatively well. However files written during the install like /etc/fstab or the tmpfiles.dfile in /etc/tmpfile.d/bootc-root-ssh.conf must be labeled too. This commit adds a (rather crude) manual way to do this. Closes containers#362 Signed-off-by: Michael Vogt <[email protected]>
Right now bootc supports an experimental install from a non-selinux host when using the `BOOTC_SKIP_SELINUX_HOST_CHECK=1` option. This is nice and works relatively well. However files written during the install like /etc/fstab or the tmpfiles.dfile in /etc/tmpfile.d/bootc-root-ssh.conf must be labeled too. This commit adds a (rather crude) manual way to do this. Closes containers#362 Signed-off-by: Michael Vogt <[email protected]>
Right now bootc supports an experimental install from a non-selinux host when using the `BOOTC_SKIP_SELINUX_HOST_CHECK=1` option. This is nice and works relatively well. However files written during the install like /etc/fstab or the tmpfiles.dfile in /etc/tmpfile.d/bootc-root-ssh.conf must be labeled too. This commit adds a (rather crude) manual way to do this. Closes containers#362 Signed-off-by: Michael Vogt <[email protected]>
While experimenting with
bootc install to-filesystem
for the bib work I noticed that on firstboot the /boot directory and partiton is not mounted:I looked a bit into this but it seems an
fedora:eln
issue, I see /boot mounted just fine onquay.io/centos-bootc/centos-bootc-dev:stream9
.Feel free to close as not-actionable/irrelevant for bootc as it appears to be an image issue but I reported it because we talked about it and I wanted to followup properly.
The text was updated successfully, but these errors were encountered: