SELinux for mock

Piscium groknok at gmail.com
Sun May 1 18:29:50 UTC 2011 

I like to rebuild a number of Fedora source packages for performance
and some tweaking.

In the past I have used rpmbuild for that purpose, but this weekend I
started using mock.

So far I built about a dozen source packages successfully, but then
got a SELinux snag when building glibc (I am using the targeted policy
on F14).

The wiki has instructions on how to set SELinux for mock:
http://fedoraproject.org/wiki/Using_Mock_to_test_package_builds#SELinux_policy_module_for_mock

I followed the instructions but the result of running Make was
different from the expected, there was an error. [1].

My question is if the policy files of the wiki page are current? They
are three years old, which is a long time in dog years or Fedora
years!

I wonder if anybody could tell me where to get updated policy files as
I am not proficient on SELinux? Or maybe can I just ignore the error
and use what I got as a .pp file was created?

(I am using this after installing mock so if there was no error the
next step per the wiki would be:
restorecon -R /var/lib/mock /usr/bin/mock

I have not done the above yet.)

---------

[1]

[root at d3000 selinux.local]# make -f /usr/share/selinux/devel/Makefile
PackageMaintainers_MockTricks_mock.if:13: Error: duplicate definition
of mock_domtrans(). Original definition on 13.
Compiling targeted PackageMaintainers_MockTricks_mock module
/usr/bin/checkmodule:  loading policy configuration from
tmp/PackageMaintainers_MockTricks_mock.tmp
/usr/bin/checkmodule:  policy configuration loaded
/usr/bin/checkmodule:  writing binary representation (version 10) to
tmp/PackageMaintainers_MockTricks_mock.mod
Creating targeted PackageMaintainers_MockTricks_mock.pp policy package
rm tmp/PackageMaintainers_MockTricks_mock.mod.fc
tmp/PackageMaintainers_MockTricks_mock.mod

[root at d3000 selinux.local]# ls
PackageMaintainers_MockTricks_mock.fc
PackageMaintainers_MockTricks_mock.pp  tmp
PackageMaintainers_MockTricks_mock.if  PackageMaintainers_MockTricks_mock.te

[root at d3000 selinux.local]# ls tmp
all_interfaces.conf  PackageMaintainers_MockTricks_mock.mod.role
iferror.m4           PackageMaintainers_MockTricks_mock.tmp

More information about the users mailing list