Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

selinux error in lxd/lxc: Could not create dir /var/lib/mock/rocky+epel-9-x86_64-bootstrap/root/sys/fs/selinux. Error: [Errno 30] Read-only file system #1374

Open
sena73 opened this issue May 23, 2024 · 2 comments
Open

selinux error in lxd/lxc: Could not create dir /var/lib/mock/rocky+epel-9-x86_64-bootstrap/root/sys/fs/selinux. Error: [Errno 30] Read-only file system #1374

sena73 opened this issue May 23, 2024 · 2 comments
Labels
question

Comments

@sena73
Copy link

sena73 commented May 23, 2024

Short description of the problem

If I start mock in lxc or lxd container (rocky9/8, centos8/9), I get error 'Could not create dir /var/lib/mock/rocky+epel-9-x86_64-bootstrap/root/sys/fs/selinux. Error: [Errno 30] Read-only file system'

Currently the only way to workaround this problem is to install and configure selinux on the host system (which is Debian 12). Then the problem is gone, but I do not want that. Selinux is not working well on Debian and pollutes all logs, slows down the system.

I found old issue 258, which is similar but was not inside container...

Output of rpm -q mock

mock-5.5-1.el9.noarch

Steps to reproduce issue

  1. Try to build rpm using mock inside lxc or lxd container with CentOS 8/9 or Rocky 8/9 inside Debian 12

mock --rebuild packagename.el9.src.rpm

ERROR: Could not create dir /var/lib/mock/rocky+epel-9-x86_64-bootstrap/root/sys/fs/selinux. Error: [Errno 30] Read-only file system: '/var/lib/mock/rocky+epel-9-x86_64-bootstrap/root/sys/fs/selinux'

Full error message

Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/mockbuild/file_util.py", line 20, in mkdirIfAbsent
os.makedirs(dirName)
File "/usr/lib64/python3.9/os.py", line 225, in makedirs
mkdir(name, mode)
OSError: [Errno 30] Read-only file system: '/var/lib/mock/rocky+epel-9-x86_64-bootstrap/root/sys/fs/selinux'

Any additional notes

Output of `mock --debug-config`

mock_debug_config.txt
@github-project-automation github-project-automation bot moved this to Needs triage in CPT Kanban May 23, 2024
@praiskup
Copy link
Member

praiskup commented Jun 3, 2024

You need to have the rights to for mounting in container (typically CAP_SYS_ADMIN), then you can use Mock properly. I don't know how to achieve this using lxc/lxd, we have this doc file that would appreciate your help if you can provide a better guidance.

What I typically do is, as a non-root user, podman run --rm -ti --privileged ....

@praiskup praiskup moved this from Needs triage to Someday in future in CPT Kanban Jun 12, 2024
@sena73
Copy link
Author

sena73 commented Jun 13, 2024

You need to have the rights to for mounting in container (typically CAP_SYS_ADMIN), then you can use Mock properly. I don't know how to achieve this using lxc/lxd, we have this doc file that would appreciate your help if you can provide a better guidance.

What I typically do is, as a non-root user, podman run --rm -ti --privileged ....

  1. The problem is not that container has no right to mount, since I get the same error for the both privileged and unprivileged containers. The problem is only gone if I install and configure selinux on the host.
  2. Why would mock need to mount /sys/fs/selinux in container at all? That looks completely wrong for me. Can you explain that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@praiskup @sena73