Loading...

XML

Word

Printable

Details

Type: Story
Resolution: Done
Priority: Normal
Fix Version/s: None
Affects Version/s: openshift-4.12
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False

Cost of Delay:
0
WSJF:
0

SFDC Cases Links:
SFDC Cases Counter:

Description

We saw this in an OKD job:

https://github.com/openshift/machine-config-operator/pull/3358#issuecomment-1267532305

It's simple to reproduce, from say a current RHCOS 4.12 doing:

[root@cosa-devsh ~]# podman run --privileged --pid=host --net=host --rm -v /:/run/host quay.io/fedora/fedora-coreos:testing-devel "rpm-ostree" "ex" "deploy-from-self" "/run/host"
NOTICE: Experimental commands are subject to change.
error: Writing content object: Setting xattrs: fsetxattr(security.selinux): Invalid argument

I've tried doing `--security-opt label=type:unconfined_t` which gives the same error (of course), but using `install_t` I get:

[root@cosa-devsh ~]# podman run --privileged --security-opt label=type:install_t --pid=host --net=host --rm -v /:/run/host quay.io/fedora/fedora-coreos:testing-devel "rpm-ostree" "ex" "deploy-from-self" "/run/host"
exec /usr/bin/rpm-ostree: permission denied
[root@cosa-devsh ~]#

I'm really tempted to just `setenforce 0` for the first OS update...

Attachments

Issue Links

links to

https://bugzilla.redhat.com/show_bug.cgi?id=2132185

openshift/machine-config-operator#3358: MCO-396: daemon: FCOS workaround, plus SELinux workaround

Activity

People

Assignee:: Colin Walters

Reporter:: Colin Walters

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2022/10/04 8:35 PM

Updated:: 2024/02/14 11:52 PM

Resolved:: 2024/02/14 11:52 PM