[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v1 1/4] automation/scripts/containerize: fix DOCKER_CMD=podman


  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Edwin Török <edvin.torok@xxxxxxxxxx>
  • Date: Tue, 17 Nov 2020 18:24:09 +0000
  • Authentication-results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: Edwin Török <edvin.torok@xxxxxxxxxx>, "Doug Goldstein" <cardoe@xxxxxxxxxx>
  • Delivery-date: Tue, 17 Nov 2020 18:24:39 +0000
  • Ironport-sdr: PZ7B6VkG7TYTQ2LzJFIJRinvipug0hywn82BZW1WgXjggOwuGai/BfAMIa5zeFsaSgs3RNVUeP aNMbS7ycFA2wEYeeazq0OTL4nM/NVBgaogeFB2rD0j6AVldImmO9vekRPzem3mTAXMWtDHn0s1 Ub31NwE0KhnTSGXDpNY86dadJgb9iArgWkXeh0ytArYEotGe5Rj7Eu9Ar7OIhH8Yx8xeQb8mAl Uk7R+fjlrbDniwA0iPQqPuRuMdvv8j4J6HzD02EloMPWcMz0xmnHpz/ElatiFrUQWc4UYYEHF8 284=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On CentOS 8 with SELinux containerize doesn't work at all:

Make sure that the source code and SSH agent directories are passed on
with SELinux relabeling enabled.
(`-security-opt label=disabled` would be another option)

Signed-off-by: Edwin Török <edvin.torok@xxxxxxxxxx>
---
 automation/scripts/containerize | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/automation/scripts/containerize b/automation/scripts/containerize
index a75d54566c..ed991bb79c 100755
--- a/automation/scripts/containerize
+++ b/automation/scripts/containerize
@@ -7,7 +7,7 @@
 # and /etc/subgid.
 #
 docker_cmd=${DOCKER_CMD:-"docker"}
-[ "$DOCKER_CMD" = "podman" ] && userns_podman="--userns=keep-id"
+[ "$DOCKER_CMD" = "podman" ] && userns_podman="--userns=keep-id" selinux=",z"
 
 einfo() {
     echo "$*" >&2
@@ -95,9 +95,9 @@ einfo "*** Launching container ..."
 exec ${docker_cmd} run \
     ${userarg} \
     ${SSH_AUTH_SOCK:+-e SSH_AUTH_SOCK="/tmp/ssh-agent/${SSH_AUTH_NAME}"} \
-    -v "${CONTAINER_PATH}":/build:rw \
+    -v "${CONTAINER_PATH}":/build:rw${selinux} \
     -v "${HOME}/.ssh":/root/.ssh:ro \
-    ${SSH_AUTH_DIR:+-v "${SSH_AUTH_DIR}":/tmp/ssh-agent} \
+    ${SSH_AUTH_DIR:+-v "${SSH_AUTH_DIR}":/tmp/ssh-agent${selinux}} \
     ${XEN_CONFIG_EXPERT:+-e XEN_CONFIG_EXPERT=${XEN_CONFIG_EXPERT}} \
     ${CONTAINER_ARGS} \
     -${termint}i --rm -- \
-- 
2.18.4




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.