Michael E Brown wrote:
On Mon, Dec 03, 2007 at 04:39:26PM -0600, Michael E Brown wrote:
> On Mon, Dec 03, 2007 at 04:49:41PM +0000, Paul Howarth wrote:
>> Michael E Brown wrote:
>> If you're not using the policy module, I'd expect you to have problems
>> building packages that run mono and/or java code at build time as
>> described at
http://fedoraproject.org/wiki/PackageMaintainers/MockTricks
Can you explain to me what you mean by "if you're not using the policy
module"? I'm sorta-slow when it comes to selinux (as evidenced by this
thread...)
I'm referring to the SELinux policy module attached to the wiki page:
http://fedoraproject.org/wiki/PackageMaintainers/MockTricks
There's a description of the problem (at least as it was in FC5) on that
page.
>> The package I came across that exhibited this problem and led
me to
>> write the policy module was "lat", a mono-based package.
Using unmodified current mock (0.8.12) on Fedora 8 with selinux
enforcing, I was able to compile current F8 lat:
$ mock -r fedora-8-x86_64 --rebuild --resultdir=./try/out ./try/lat-1.2.3-1.fc8.src.rpm
INFO: mock.py version 0.8.12 starting...
State Changed: init plugins
State Changed: start
State Changed: lock buildroot
State Changed: clean
INFO: Start(./try/lat-1.2.3-1.fc8.src.rpm) Config(fedora-8-x86_64)
State Changed: init
State Changed: lock buildroot
INFO: enabled yum cache
State Changed: cleaning yum metadata
INFO: enabled root cache
State Changed: unpacking cache
State Changed: running yum
State Changed: setup
State Changed: build
INFO: Done(./try/lat-1.2.3-1.fc8.src.rpm) Config(fedora-8-x86_64) 9 minutes 42 seconds
INFO: Results and/or logs in: ./try/out
INFO: Cleaning up build root ('clean_on_success=True')
State Changed: lock buildroot
State Changed: clean
I'm also unable to reproduce the problem at this time, but I believe
that that's because of the labelling issue, which is masking the problem.
After building lat, try this:
# ls -lZ /var/lib/mock/fedora-8-x86_64/root/usr/bin/mono
I get:
-rwxr-xr-x root root system_u:object_r:mono_exec_t:s0
/var/lib/mock/fedora-8-x86_64/root/usr/bin/mono
With the LD_PRELOAD, this would have been var_lib_t or mock_var_lib_t,
depending on whether you were using the policy module. I'd expect the
build to fail with this file not labelled as mono_exec_t, due to execmod
errors.
If you get var_lib_t for this file, could you try removing any cache for
this root, and also the root itself (/var/lib/mock/fedora-8-x86_64/root)
and try again?
Paul.