from:"Alexis Simon via Bug reports for GNU Guix"

bug#66305: Error with recursive git checkout

2023-10-26 Thread Alexis Simon via Bug reports for GNU Guix


Hi,

I think I'm hitting this bug trying to git-fetch with submodules.
I am on a foreign distro.

--8<---cut here---start->8---
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-submodule: 
line 7: /bin/basename: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-submodule: 
line 7: /bin/sed: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-sh-setup: 
line 77: /bin/basename: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-sh-setup: 
line 77: /bin/sed: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-sh-setup: 
line 292: /bin/uname: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-submodule: 
line 613: /bin/sed: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-submodule: 
line 613 : cmd_: command not found
git-fetch: 
'/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/bin/git 
submodule update --init --recursive' failed with exit code 127

--8<---cut here---end--->8---

This is with a recent guix I think
--8<---cut here---start->8---
❯ guix describe
Generation 8oct. 24 2023 21:31:58   (current)
  guix 0074731
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 00747316ee0e1a7962ffe226c727776ba7a8163b
--8<---cut here---end--->8---

Alexis

bug#66305: Error with recursive git checkout

2023-10-26 Thread Alexis Simon via Bug reports for GNU Guix


ah well it seems this is due to a selinux policy error

--8<---cut here---start->8---
SELinux is preventing git-submodule from execute access on the file 
/usr/bin/sed.


*  Plugin catchall (100. confidence) suggests 
**


If you believe that git-submodule should be allowed execute access on 
the sed file by default.

Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'git-submodule' --raw | audit2allow -M my-gitsubmodule
# semodule -X 300 -i my-gitsubmodule.pp


Additional Information:
Source Contextsystem_u:system_r:guix_daemon.guix_daemon_t:s0
Target Contextsystem_u:object_r:bin_t:s0
Target Objects/usr/bin/sed [ file ]
Sourcegit-submodule
Source Path   git-submodule
Port  
Host  xps13
Source RPM Packages
Target RPM Packages   sed-4.8-12.fc38.x86_64
SELinux Policy RPMselinux-policy-targeted-38.29-1.fc38.noarch
Local Policy RPM
Selinux Enabled   True
Policy Type   targeted
Enforcing ModeEnforcing
Host Name xps13
Platform  Linux xps13 6.5.7-200.fc38.x86_64 #1 SMP
  PREEMPT_DYNAMIC Wed Oct 11 04:07:58 UTC 2023
  x86_64
Alert Count   460
First Seen2023-10-24 20:20:26 PDT
Last Seen 2023-10-25 09:44:31 PDT
Local ID  fa57086c-6738-4eec-8252-3abb66a9e249

Raw Audit Messages
type=AVC msg=audit(1698252271.150:513): avc:  denied  { execute } for 
pid=10644 comm="git-submodule" name="sed" dev="dm-0" ino=261979 
scontext=system_u:system_r:guix_daemon.guix_daemon_t:s0 
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0



Hash: git-submodule,guix_daemon.guix_daemon_t,bin_t,file,execute
--8<---cut here---end--->8---

But trying to fix it does not seem to have any effect. I've added this 
to the guix-daemon.cil and re-applied

--8<---cut here---start->8---
(allow guix_daemon_t
   bin_t
   (file (execute)))
--8<---cut here---end--->8---

Alexis

bug#66305: Error with recursive git checkout

2023-10-26 Thread Alexis Simon via Bug reports for GNU Guix


This is what was needed in the selinux policy to fix the errors

--8<---cut here---start->8---
(allow guix_daemon_t
   bin_t
   (file (execute execute_no_trans map)))
--8<---cut here---end--->8---

Alexis

bug#70316: `guix pack -f squashfs` does not create /tmp and /var/tmp

2024-04-09 Thread Alexis Simon via Bug reports for GNU Guix

Similarly to a previous patch for Docker [1], Singularity complains when 
using a squashfs image as the /tmp and /var/tmp folders do not exist.


It would be great if they were, I had programs failing quietly because 
there was no /tmp folder and tracked down the issue to this.


As a more general option, it could be interesting to have an option in 
guix pack to create any folder in the pack.


Thanks,
Alexis

[1] https://issues.guix.gnu.org/issue/37161

bug#66305: Error with recursive git checkout

bug#66305: Error with recursive git checkout

bug#66305: Error with recursive git checkout

bug#70316: `guix pack -f squashfs` does not create /tmp and /var/tmp

4 matches

Site Navigation

Mail list logo

Footer information