https://bugzilla.redhat.com/show_bug.cgi?id=1135152
Bug ID: 1135152
Summary: user: Current not implemented on linux/amd64
Product: Fedora
Version: 20
Component: golang
Assignee: vbatts(a)redhat.com
Reporter: adam(a)spicenitz.org
QA Contact: extras-qa(a)fedoraproject.org
CC: admiller(a)redhat.com, golang(a)lists.fedoraproject.org,
lemenkov(a)gmail.com, lsm5(a)fedoraproject.org,
renich(a)woralelandia.com, s(a)shk.io, vbatts(a)redhat.com
Description of problem:
golang seems to be using some cross-compiled components which are causing
problems. Specifically, Fedora has exactly the problem described here:
http://stackoverflow.com/questions/20609415/cross-compiling-user-current-no…
Here is the sample code from that page:
package main
import (
"fmt"
"os/user"
)
func main() {
fmt.Println(user.Current())
}
You can build the sample code and see the problem directly:
$ go build ./current.go
$ ./current
<nil> user: Current not implemented on linux/amd64
Version-Release number of selected component (if applicable):
golang-1.2.2-22.fc20.x86_64
How reproducible:
Always
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1249043
Bug ID: 1249043
Summary: Tracker for golang-github-godbus-dbus
Product: Fedora
Version: rawhide
Component: golang-github-godbus-dbus
Assignee: lsm5(a)redhat.com
Reporter: jchaloup(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: golang(a)lists.fedoraproject.org, jchaloup(a)redhat.com,
lsm5(a)redhat.com
Tracker for async updates of golang-github-godbus-dbus for rawhide and other
fedora distribution.
As golang devel packages are used only as a build-time dependency at the
moment, this tracker keeps updates and other information about this package,
e.g. broken dependencies, exceptions, important pieces of information and other
issues.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1248722
Bug ID: 1248722
Summary: Tracker for golang-github-coreos-go-systemd
Product: Fedora
Version: rawhide
Component: golang-github-coreos-go-systemd
Assignee: lsm5(a)redhat.com
Reporter: jchaloup(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: bobbypowers(a)gmail.com, golang(a)lists.fedoraproject.org,
jchaloup(a)redhat.com, lsm5(a)redhat.com
Tracker for async updates of golang-github-coreos-go-systemd for rawhide and
other fedora distribution.
As golang devel packages are used only as a build-time dependency at the
moment, this tracker keeps updates and other information about this package,
e.g. broken dependencies, exceptions, important pieces of information and other
issues.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1206751
Bug ID: 1206751
Summary: Docker with overlay cannot run bash(prevented by
SELinx)
Product: Fedora
Version: 21
Component: docker-io
Severity: high
Assignee: ichavero(a)redhat.com
Reporter: robberphex(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: adimania(a)gmail.com, admiller(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
ichavero(a)redhat.com, jchaloup(a)redhat.com,
jperrin(a)centos.org, lsm5(a)redhat.com,
mattdm(a)redhat.com, mgoldman(a)redhat.com,
miminar(a)redhat.com, s(a)shk.io, thrcka(a)redhat.com,
vbatts(a)redhat.com
Description of problem:
the container cannot read .so file in overlay, and cannot relabel the file
system.
How reproducible:
Steps to Reproduce:
1. Add "DOCKER_STORAGE_OPTIONS= --storage-driver=overlay" to
/etc/sysconfig/docker-storage, and restart docker service.
2. repull the image(in my case, pull debian:jessie)
3. Run container(sudo docker run -it debian:jessie /bin/bash)
Actual results:
/bin/bash: error while loading shared libraries: libncurses.so.5: cannot open
shared object file: No such file or directory
(preventing by SELinx)
Expected results:
bash prompt in container
Additional info:
There is 4 SeLinux Alert:
----1----
SELinux is preventing docker from mount access on the filesystem /.
***** Plugin file (47.5 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
***** Plugin file (47.5 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
***** Plugin catchall (6.38 confidence) suggests **************************
If you believe that docker should be allowed mount access on the filesystem by
default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep docker /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:docker_t:s0
Target Context system_u:object_r:unlabeled_t:s0
Target Objects / [ filesystem ]
Source docker
Source Path docker
Port <Unknown>
Host rp.fedora
Source RPM Packages
Target RPM Packages filesystem-3.2-28.fc21.x86_64
Policy RPM selinux-policy-3.13.1-105.6.fc21.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name rp.fedora
Platform Linux rp.fedora 3.19.1-201.fc21.x86_64 #1 SMP Wed
Mar 18 04:29:24 UTC 2015 x86_64 x86_64
Alert Count 1
First Seen 2015-03-28 09:08:17 CST
Last Seen 2015-03-28 09:08:17 CST
Local ID fcd44130-63b9-4680-9975-4dc6a416b566
Raw Audit Messages
type=AVC msg=audit(1427504897.987:739): avc: denied { mount } for pid=1337
comm="docker" name="/" dev="overlay" ino=65132
scontext=system_u:system_r:docker_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
Hash: docker,docker_t,unlabeled_t,filesystem,mount
----2----
SELinux is preventing docker from unmount access on the filesystem .
***** Plugin file (47.5 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
***** Plugin file (47.5 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
***** Plugin catchall (6.38 confidence) suggests **************************
If you believe that docker should be allowed unmount access on the filesystem
by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep docker /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:docker_t:s0
Target Context system_u:object_r:unlabeled_t:s0
Target Objects [ filesystem ]
Source docker
Source Path docker
Port <Unknown>
Host rp.fedora
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-105.6.fc21.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name rp.fedora
Platform Linux rp.fedora 3.19.1-201.fc21.x86_64 #1 SMP Wed
Mar 18 04:29:24 UTC 2015 x86_64 x86_64
Alert Count 1
First Seen 2015-03-28 09:08:17 CST
Last Seen 2015-03-28 09:08:17 CST
Local ID c4a57cd0-ae92-4521-ad81-40a5e30a5627
Raw Audit Messages
type=AVC msg=audit(1427504897.990:740): avc: denied { unmount } for pid=1337
comm="docker" scontext=system_u:system_r:docker_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
Hash: docker,docker_t,unlabeled_t,filesystem,unmount
----3----
SELinux is preventing docker from relabelfrom access on the filesystem .
***** Plugin file (47.5 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
***** Plugin file (47.5 confidence) suggests ******************************
If you think this is caused by a badly mislabeled machine.
Then you need to fully relabel.
Do
touch /.autorelabel; reboot
***** Plugin catchall (6.38 confidence) suggests **************************
If you believe that docker should be allowed relabelfrom access on the
filesystem by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep docker /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:docker_t:s0
Target Context system_u:object_r:unlabeled_t:s0
Target Objects [ filesystem ]
Source docker
Source Path docker
Port <Unknown>
Host rp.fedora
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-105.6.fc21.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name rp.fedora
Platform Linux rp.fedora 3.19.1-201.fc21.x86_64 #1 SMP Wed
Mar 18 04:29:24 UTC 2015 x86_64 x86_64
Alert Count 1
First Seen 2015-03-28 09:08:17 CST
Last Seen 2015-03-28 09:08:17 CST
Local ID ad86497a-be89-4611-8686-7aa67e73f523
Raw Audit Messages
type=AVC msg=audit(1427504897.998:741): avc: denied { relabelfrom } for
pid=1337 comm="docker" scontext=system_u:system_r:docker_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
Hash: docker,docker_t,unlabeled_t,filesystem,relabelfrom
----4----
SELinux is preventing bash from read access on the file
/var/lib/docker/overlay/1cbc0c1b2084b5f3c8fdc283032c124f6fb461242cc5b82fb183095a414869b9/root/lib/x86_64-linux-gnu/libncurses.so.5.9.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that bash should be allowed read access on the libncurses.so.5.9
file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep bash /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:svirt_lxc_net_t:s0:c156,c1000
Target Context system_u:object_r:docker_var_lib_t:s0
Target Objects
/var/lib/docker/overlay/1cbc0c1b2084b5f3c8fdc28303
2c124f6fb461242cc5b82fb183095a414869b9/root/lib/x8
6_64-linux-gnu/libncurses.so.5.9 [ file ]
Source bash
Source Path bash
Port <Unknown>
Host rp.fedora
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-105.6.fc21.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name rp.fedora
Platform Linux rp.fedora 3.19.1-201.fc21.x86_64 #1 SMP Wed
Mar 18 04:29:24 UTC 2015 x86_64 x86_64
Alert Count 1
First Seen 2015-03-28 09:08:18 CST
Last Seen 2015-03-28 09:08:18 CST
Local ID 2a5fbf0f-dc4e-489b-a9ca-2541bb55209e
Raw Audit Messages
type=AVC msg=audit(1427504898.269:754): avc: denied { read } for pid=10156
comm="bash" name="libncurses.so.5.9" dev="dm-0" ino=2100260
scontext=system_u:system_r:svirt_lxc_net_t:s0:c156,c1000
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file permissive=0
Hash: bash,svirt_lxc_net_t,docker_var_lib_t,file,read
----end----
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1246214
Bug ID: 1246214
Summary: Tracker for golang-github-coreos-go-etcd
Product: Fedora
Version: rawhide
Component: golang-github-coreos-go-etcd
Severity: low
Priority: low
Assignee: fpokorny(a)redhat.com
Reporter: jchaloup(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eparis(a)redhat.com, golang(a)lists.fedoraproject.org,
jchaloup(a)redhat.com, lsm5(a)redhat.com,
vbatts(a)redhat.com
Tracker for async updates of golang-github-coreos-go-etcd for rawhide and other
fedora distribution.
As golang devel packages are used only as a build-time dependency at the
moment, this tracker keeps updates and other information about this package,
e.g. broken dependencies, exceptions, important pieces of information and other
issues.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1195525
Bug ID: 1195525
Summary: Docker socket permissions prevent Cockpit integration
Product: Fedora
Version: 21
Component: docker-io
Severity: medium
Assignee: lsm5(a)redhat.com
Reporter: Benjamin(a)BGRoberts.id.au
QA Contact: extras-qa(a)fedoraproject.org
CC: adimania(a)gmail.com, admiller(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
jchaloup(a)redhat.com, jperrin(a)centos.org,
lsm5(a)redhat.com, mattdm(a)redhat.com,
mgoldman(a)redhat.com, miminar(a)redhat.com, s(a)shk.io,
thrcka(a)redhat.com, vbatts(a)redhat.com
Description of problem:
The removal of docker.socket and the docker user/group mean that docker cannot
be used as part of the cockpit console anymore (using non-root accounts). This
is because, although users can be added to the dockerroot group, the
permissions of the sockets are reset upon docker restart.
Version-Release number of selected component (if applicable):
docker-io-1.5.0-1.fc21.x86_64
cockpit-0.27-3.fc21.x86_64 / cockpit-head
Steps to Reproduce:
1. Add user to dockerroot
2. chown docker socket to root:dockerroot
3. Call a docker command from user (succeeds from CLI and cockpit)
4. restart docker
5. Call a docker command from user (fails from CLI and cockpit)
Actual results:
Ownership of docker socket are reset to root:root
Expected results:
Ownership of docker socket should be configurable and compatible with cockpit
Additional info:
related to https://bugzilla.redhat.com/show_bug.cgi?id=1192848
Relevant change in the rpm spec:
"* Fri Jan 16 2015 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 1.4.1-7
- docker group no longer used or created
- no socket activation
- config file updates to include info about docker_transition_unconfined
boolean"
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1248013
Bug ID: 1248013
Summary: Tracker for golang-github-Sirupsen-logrus
Product: Fedora
Version: rawhide
Component: golang-github-onsi-gomega
Severity: low
Priority: low
Assignee: fpokorny(a)redhat.com
Reporter: fpokorny(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: golang(a)lists.fedoraproject.org, jchaloup(a)redhat.com,
lsm5(a)redhat.com, vbatts(a)redhat.com
Tracker for async updates of golang-github-onsi-gomega for rawhide and other
fedora distribution.
As golang devel packages are used only as a build-time dependency at the
moment, this tracker keeps updates and other information about this package,
e.g. broken dependencies, exceptions, important pieces of information and other
issues.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1227273
Bug ID: 1227273
Summary: Tracker for golang-googlecode-goauth2
Product: Fedora
Version: rawhide
Component: golang-googlecode-goauth2
Severity: low
Priority: low
Assignee: jchaloup(a)redhat.com
Reporter: jchaloup(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,
golang(a)lists.fedoraproject.org, jchaloup(a)redhat.com,
lsm5(a)redhat.com, vbatts(a)redhat.com
Tracker for async updates of golang-googlecode-goauth2 for rawhide and other
fedora distribution.
As golang devel packages are used only as a build-time dependency at the
moment, this tracker keeps updates and other information about this package,
e.g. broken dependencies, exceptions, important pieces of information and other
issues.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1248150
Bug ID: 1248150
Summary: Tracker for golang-github-vishvananda-netns
Product: Fedora
Version: rawhide
Component: golang-github-vishvananda-netns
Severity: low
Priority: low
Assignee: fpokorny(a)redhat.com
Reporter: jchaloup(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fpokorny(a)redhat.com, golang(a)lists.fedoraproject.org,
jchaloup(a)redhat.com, lsm5(a)redhat.com,
vbatts(a)redhat.com
Tracker for async updates for rawhide and other fedora distribution.
As golang devel packages are used only as a build-time dependency at the
moment, this tracker keeps updates and other information about this package,
e.g. broken dependencies, exceptions, important pieces of information and other
issues.
--
You are receiving this mail because:
You are on the CC list for the bug.