The SELinux plugin adds a hook that adds a "--setopt=tsflags=nocontexts"
option to every command routed through mock.util.do. This doesn't just
include "yum" commands, as can be seen for instance if a build fails in
the "setup" phase, where mock tries to unmount all mounted filesystems
with a umount command with the bogus option added to each invocation.
You can see this for yourself if you try building a package that pulls
in a build requirement that uses file capabilities and have the tmpfs
plugin enabled; rpm/cpio cannot apply the capability on tmpfs and so the
build bails out. I use "spamass-milter" in Rawhide as a nice, small
package that demonstrates this effect.
WARNING: Command failed. See logs for output.
# umount -n /var/lib/mock/city-fan-rawhide-x86_64/root/dev/shm
--setopt=tsflags=nocontexts
WARNING: Command failed. See logs for output.
# umount -n /var/lib/mock/city-fan-rawhide-x86_64/root/dev/pts
--setopt=tsflags=nocontexts
WARNING: Command failed. See logs for output.
# umount -n
/var/lib/mock/city-fan-rawhide-x86_64/root/proc/filesystems
--setopt=tsflags=nocontexts
WARNING: Command failed. See logs for output.
# umount -n /var/lib/mock/city-fan-rawhide-x86_64/root/tmp/ccache
--setopt=tsflags=nocontexts
WARNING: Command failed. See logs for output.
# umount -n /var/lib/mock/city-fan-rawhide-x86_64/root/var/cache/yum
--setopt=tsflags=nocontexts
WARNING: Command failed. See logs for output.
# umount -n /var/lib/mock/city-fan-rawhide-x86_64/root/sys
--setopt=tsflags=nocontexts
WARNING: Command failed. See logs for output.
# umount -n /var/lib/mock/city-fan-rawhide-x86_64/root/proc
--setopt=tsflags=nocontexts
WARNING: Forcibly unmounting
'/var/lib/mock/city-fan-rawhide-x86_64/root/dev/shm' from chroot.
WARNING: Forcibly unmounting
'/var/lib/mock/city-fan-rawhide-x86_64/root/dev/pts' from chroot.
WARNING: Forcibly unmounting
'/var/lib/mock/city-fan-rawhide-x86_64/root/proc/filesystems' from chroot.
WARNING: Forcibly unmounting
'/var/lib/mock/city-fan-rawhide-x86_64/root/tmp/ccache' from chroot.
WARNING: Forcibly unmounting
'/var/lib/mock/city-fan-rawhide-x86_64/root/var/cache/yum' from chroot.
WARNING: Forcibly unmounting
'/var/lib/mock/city-fan-rawhide-x86_64/root/sys' from chroot.
WARNING: Forcibly unmounting
'/var/lib/mock/city-fan-rawhide-x86_64/root/proc' from chroot.
The attached patch makes the plugin only apply the extra option when the
command being run is yum. Works for me, though is uses "startswith" and
so won't work on python 2.4. I'm sure a native python speaker could
write it in a more portable way.
Paul.
>From a6432ec994eb6a95ed6ce84cb4fc578e2f0b735a Mon Sep 17 00:00:00 2001
From: Paul Howarth <[email protected]>
Date: Fri, 3 Dec 2010 15:20:51 +0000
Subject: [PATCH] Don't add --setopt=tsflags=nocontexts to all commands
Update the SELinux plugin to only add the --setopt=tsflags=nocontexts option
to yum commands rather than blindly adding it to all commands.
---
py/mock/plugins/selinux.py | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/py/mock/plugins/selinux.py b/py/mock/plugins/selinux.py
index 0a1d644..f061523 100644
--- a/py/mock/plugins/selinux.py
+++ b/py/mock/plugins/selinux.py
@@ -89,9 +89,11 @@ class SELinux(object):
option = "--setopt=tsflags=nocontexts"
if type(command) is list:
- command.append(option)
+ if command[0] == self.rootObj.yum_path:
+ command.append(option)
elif type(command) is str:
- command += " %s" % option
+ if command.startswith(self.rootObj.yum_path):
+ command += " %s" % option
return self._originalUtilDo(command, *args, **kargs)
--
1.7.3.2
--
buildsys mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/buildsys
