Skip to content

Ensure no-selinux case is at least e2e tested periodically #419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cgwalters opened this issue Mar 22, 2024 · 3 comments · Fixed by #790
Closed

Ensure no-selinux case is at least e2e tested periodically #419

cgwalters opened this issue Mar 22, 2024 · 3 comments · Fixed by #790
Labels
area/install Issues related to `bootc install` enhancement New feature or request

Comments

@cgwalters
Copy link
Collaborator

This issue tracks our "full" support for installing SELinux-enabled targets from SELinux-disabled hosts.
@cgwalters cgwalters added enhancement New feature or request area/install Issues related to `bootc install` labels Mar 22, 2024
@albertofaria
Copy link
Contributor

FWIW, crun-vm will make use of this as part of its support for running bootc containers.

@henrywang henrywang mentioned this issue May 20, 2024
Merged
@albertofaria albertofaria mentioned this issue Jul 19, 2024
Merged
@cgwalters cgwalters mentioned this issue Jul 22, 2024
Closed
@larsks
Copy link

larsks commented Sep 17, 2024
edited
Loading

Running a bootc build (on a Fedora 40 system)...

root@host:~# podman run \
  --rm \
  -it \
  --privileged \
  --pull=newer \
  --security-opt label=type:unconfined_t \
  -v "$PWD/output:/output" \
  -v /var/lib/containers/storage:/var/lib/containers/storage \
  registry.redhat.io/rhel9/bootc-image-builder:latest \
  --type qcow2 \
  --local \
  bootc-test-image

...I was directed here by this warning:

Host kernel does not have SELinux support, but target enables it by default; this is less well tested.  See https://github.com/containers/bootc/issues/419

And yet selinux is both present and enabled on the host:

root@host:~# getenforce
Enforcing

What's going on here?

(NB: I see the same message using quay.io/centos-bootc/bootc-image-builder:latest)

@cgwalters cgwalters mentioned this issue Sep 17, 2024
Merged
@cgwalters
Copy link
Collaborator Author

PR in #790

@oglok oglok mentioned this issue Oct 24, 2024
Open
@cdrage cdrage mentioned this issue Apr 7, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/install Issues related to `bootc install` enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

install: Drop SELinux-disabled warning cgwalters/bootc
3 participants
@larsks @cgwalters @albertofaria