Unable to build .pp file or RPM from RHEL branch or latest tag about container-selinux HOT 14 CLOSED

Also, just so I am clear, which branch/tag should I be using to build from to use on a RHEL 7.3 box running docker-engine 1.13.1?

from container-selinux.

@mlcooper can you please check if your RHEL-1.12 branch is on commit 7a17443 (the latest on that branch). That builds just fine for me on RHEL 7.3.

from container-selinux.

The latest commit 7a17443 now does build on my RHEL7.3 box. I am sure I did a git pull late yesterday to ensure I had the latest on this branch, but today when I did the git pull I did receive a newer commit.

I am now checking to see if I can build an RPM and deploy it on a rhel7.3 box

from container-selinux.

Yes I fixed the issues you were seeing yesterday. Sorry about breaking your build.

from container-selinux.

@mlcooper just a headsup, make sure to update the commit id in container-selinux.spec on line 8 to the latest on RHEL-1.12 before you build it. Else it will probably complain. I think I can mirror the RHEL dist-git for container-selinux on github if people feel the need.

I'm not a fan of the rpm specfile living in the upstream repo itself, but whatever makes @rhatdan happy.

from container-selinux.

@lsm5 I'm not sure I follow where to put the commit id on line 8:
https://github.com/projectatomic/container-selinux/blob/RHEL-1.12/container-selinux.spec#L8

It is a comment line at the moment.

from container-selinux.

That file is way too old. Much preferable to fetch and use https://src.fedoraproject.org/cgit/rpms/container-selinux.git/tree/container-selinux.spec . Change line 9 to the latest commit id on RHEL-1.12 branch.

Then spectool -g container-selinux.spec followed by rpmbuild.

specfiles in the upstream repo often end up being stale, coz all updates usually go to the dist-git repos. Hence me not being a fan of it.

from container-selinux.

That's actually fedora's specfile, but does include conditions for RHEL. If it doesn't work like expected, let me know

from container-selinux.

Thanks for the further instructions/clarification there, @lsm5

I built the rpm, and it installed successfully:

[root@n7-z01-0a2a0576 yum.repos.d]# yum list installed|grep container
container-selinux.noarch           2.10-1.el7                      @eat-rhel7

Is this the actual module it installs?

[root@n7-z01-0a2a0576 yum.repos.d]# semodule -l|grep container
container       1.0.0

from container-selinux.

@lsm5 I agree, I also think the spec file should just be an example. The real spec file should live in the rhel/fedora dist-gits.

from container-selinux.

BTW We have been asked to move this project to OCI/selinux repo. So all things SELinux for containers would be under one repo.

Go bindings and selinux policy.

from container-selinux.

@mlcooper yes, that's the installed module.

@rhatdan is the spec file better under something like an example dir or similar? Just that I feel having the spec file listed the way like it is now, gives the impression that it's current, specially to new users. Or maybe just a comment in this file that it's most likely out of date and the user should proceed with caution / fetch from dist-gits.

from container-selinux.

Sure I will move it to a sample directory.

from container-selinux.

Moved it to a contrib directory in master branch.

from container-selinux.