On Wed, 22 Aug 2018 14:54:02 +0000 <jack.f...@dell.com> wrote: > So failure mode is the target filesystem is devoid of SELinux file > contexts, all files are unlabeled_t, which pretty much breaks > everything in enforcing mode. So whatever the corruption > cause/effect in the Psuedo database, the end result is when > Mksquashfs runs it can't get labels for the files.
Ugh. Sorry, this is a known issue, I think we have an open bug for it, and so far as I could tell the last time I looked at it, it was theoretically-impossible to fix it sanely. See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=6580 The basic problem is: SELinux is extended attributes, and if we are allowing *any* use of extended attributes, there is no way for pseudo to distinguish between "host environment is trying to set a host environment extended attribute" and "build system is trying to set a target environment extended attribute". And we can partially address this by turning off xattr support, so all extended attribute use gets ENOSYS or whatever, but then I think the host system stuff will also fail. I am open to suggestions on ways this could be addressed sanely, but I haven't come up with anything good yet. (FWIW, I'm more present on the oe-core list, which I still scan for messages with "pseudo" in the subject line.) -s -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto