On 20/07/2024 1:15 am, Marek Marczykowski-Górecki wrote: > `cp --preserve=xattr` doesn't work in docker when SELinux is enabled. It > tries to set the "security.selinux" xattr, but SELinux (or overlay fs?) > denies it. > Workaround it by skipping selinux.selinux xattr copying. > > Signed-off-by: Marek Marczykowski-Górecki <[email protected]> > --- > Tested here: > https://gitlab.com/xen-project/people/marmarek/xen/-/jobs/7386198058 > > But since yocto container fails to build, it isn't exactly easy to apply > this patch... > "kirkstone" branch of meta-virtualization seems to target Xen 4.15 and > 4.16, so it isn't exactly surprising it fails to build with 4.19.
Why is the external version of Xen relevant to rebuilding the container ? Or is it that kirkstone has updated since the container was last built? I'm not familiar with yocto, and a quick glance at the docs haven't helped... ~Andrew > > I tried also bumping yocto version to scarthgap (which supposedly should > have updated pygrub patch), but that fails to build for me too, with a > different error: > > ERROR: Layer 'filesystems-layer' depends on layer 'networking-layer', but > this layer is not enabled in your configuration > ERROR: Parse failure with the specified layer added, exiting. > ... > ERROR: Nothing PROVIDES 'xen-image-minimal'. Close matches: > core-image-minimal > core-image-minimal-dev > Parsing of 2472 .bb files complete (0 cached, 2472 parsed). 4309 targets, > 101 skipped, 0 masked, 0 errors. > --- > automation/build/yocto/yocto.dockerfile.in | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/automation/build/yocto/yocto.dockerfile.in > b/automation/build/yocto/yocto.dockerfile.in > index fbaa4e191caa..600db7bf4d19 100644 > --- a/automation/build/yocto/yocto.dockerfile.in > +++ b/automation/build/yocto/yocto.dockerfile.in > @@ -68,6 +68,10 @@ RUN locale-gen en_US.UTF-8 && update-locale > LC_ALL=en_US.UTF-8 \ > ENV LANG en_US.UTF-8 > ENV LC_ALL en_US.UTF-8 > > +# Workaround `cp --preserve=xattr` not working in docker when SELinux is > +# enabled > +RUN echo "security.selinux skip" >> /etc/xattr.conf > + > # Create a user for the build (we don't want to build as root). > ENV USER_NAME docker-build > ARG host_uid=1000
