Comments (14)
Also, just so I am clear, which branch/tag should I be using to build from to use on a RHEL 7.3 box running docker-engine 1.13.1?
from container-selinux.
@mlcooper can you please check if your RHEL-1.12 branch is on commit 7a17443 (the latest on that branch). That builds just fine for me on RHEL 7.3.
from container-selinux.
The latest commit 7a17443
now does build on my RHEL7.3 box. I am sure I did a git pull
late yesterday to ensure I had the latest on this branch, but today when I did the git pull
I did receive a newer commit.
I am now checking to see if I can build an RPM and deploy it on a rhel7.3 box
from container-selinux.
Yes I fixed the issues you were seeing yesterday. Sorry about breaking your build.
from container-selinux.
@mlcooper just a headsup, make sure to update the commit id in container-selinux.spec on line 8 to the latest on RHEL-1.12 before you build it. Else it will probably complain. I think I can mirror the RHEL dist-git for container-selinux on github if people feel the need.
I'm not a fan of the rpm specfile living in the upstream repo itself, but whatever makes @rhatdan happy.
from container-selinux.
@lsm5 I'm not sure I follow where to put the commit id on line 8:
https://github.com/projectatomic/container-selinux/blob/RHEL-1.12/container-selinux.spec#L8
It is a comment line at the moment.
from container-selinux.
That file is way too old. Much preferable to fetch and use https://src.fedoraproject.org/cgit/rpms/container-selinux.git/tree/container-selinux.spec . Change line 9 to the latest commit id on RHEL-1.12 branch.
Then spectool -g container-selinux.spec
followed by rpmbuild.
specfiles in the upstream repo often end up being stale, coz all updates usually go to the dist-git repos. Hence me not being a fan of it.
from container-selinux.
That's actually fedora's specfile, but does include conditions for RHEL. If it doesn't work like expected, let me know
from container-selinux.
Thanks for the further instructions/clarification there, @lsm5
I built the rpm, and it installed successfully:
[root@n7-z01-0a2a0576 yum.repos.d]# yum list installed|grep container
container-selinux.noarch 2.10-1.el7 @eat-rhel7
Is this the actual module it installs?
[root@n7-z01-0a2a0576 yum.repos.d]# semodule -l|grep container
container 1.0.0
from container-selinux.
@lsm5 I agree, I also think the spec file should just be an example. The real spec file should live in the rhel/fedora dist-gits.
from container-selinux.
BTW We have been asked to move this project to OCI/selinux repo. So all things SELinux for containers would be under one repo.
Go bindings and selinux policy.
from container-selinux.
@mlcooper yes, that's the installed module.
@rhatdan is the spec file better under something like an example
dir or similar? Just that I feel having the spec file listed the way like it is now, gives the impression that it's current, specially to new users. Or maybe just a comment in this file that it's most likely out of date and the user should proceed with caution / fetch from dist-gits.
from container-selinux.
Sure I will move it to a sample directory.
from container-selinux.
Moved it to a contrib directory in master branch.
from container-selinux.
Related Issues (20)
- SELinux blocks ansible from doing DNF updates with the nsenter connection plugin HOT 8
- Branch protection for main branch HOT 3
- gating tests? HOT 2
- iptables-restore cannot read file from inside a container HOT 6
- allow user_u to work with containers HOT 8
- Packit: Use packit for bumping official fedora package HOT 1
- CI: check for long-running relabels HOT 1
- [packit] Propose downstream failed for release v2.213.0 HOT 3
- Issues on Fedora (container-selinux-2.211.1) with container_domain_template HOT 5
- Issue on RHEL with iscsiadm on v2.205 HOT 4
- user_namespace { create } rule not working HOT 11
- Concern with use of dac_override in home_container.cil HOT 3
- `avc: denied { shutdown }` when using socket activation with rootless podman quadlet HOT 3
- dri_device_t cannot be accessed correctly by pods using device plugins. HOT 12
- Add support for `rpm --verify` HOT 2
- container_init_t does not possess ptrace process context HOT 13
- CRI-O CI broken due to SELinux AVC Denials with latest runc (main branch) build HOT 20
- systemd crashes while attempting to start under container_user_r role HOT 11
- /etc/kubernetes filetrans? HOT 1
- container_user_u issues related to `podmansh` HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from container-selinux.