Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

selinux: create Vagrantfile for SELinux #2900

Merged
merged 2 commits into from
Sep 20, 2024
Merged

selinux: create Vagrantfile for SELinux #2900

merged 2 commits into from
Sep 20, 2024

Conversation

Gekko0114
Copy link
Contributor

In this PR, created Vagrantfile for an SELinux environment.

ref: #2850

@Gekko0114
Copy link
Contributor Author

Hi @utam0k @YJDoc2
I've created a PR creating Vagrantfile for SELinux. Could you review it?

@YJDoc2 YJDoc2 added the kind/experimental `/experimental` label Sep 2, 2024
@YJDoc2
Copy link
Collaborator

YJDoc2 commented Sep 2, 2024

Hey, I'll take a look and also validate the file works with virtualbox, as that's what I use.

@YJDoc2 YJDoc2 self-requested a review September 2, 2024 07:01
@YJDoc2 YJDoc2 self-assigned this Sep 2, 2024
@Gekko0114
Copy link
Contributor Author

Hi @YJDoc2
I've fixed your comment. Could you review it again?

@YJDoc2
Copy link
Collaborator

YJDoc2 commented Sep 20, 2024

Hey, so the vagrant box is working for me now. A couple of things -

  1. We can remove the git clone command. We are already mounting the current directory in the box, and we would need that to do development, so no need to clone the repo.
  2. How do I validate that SELinux is enabled and working as expected in the box? On my host, where I know selinux is disabled, I get from cargo run
selinux is not enabled
Failed to set enforce mode of SELinux: can't get selinux enforce path
default enforce mode is: disabled
current enforce mode is: disabled
Invalid format for SELinux label: unconfined

Error: Failed to set file label for SELinux: Failed to set_xattr: No data available (os error 61)

In the vagrant box I am getting

selinux is enabled
default enforce mode is: enforcing
current enforce mode is: enforcing
SELinux label of current process is: unconfined_u:unconfined_r:unconfined_t:s0-s0
Error: Failed to set file label for SELinux: Failed to set_xattr: Operation not supported (os error 95)

Is the last error ok? Is that issue with box setup or the demo code we have in the experimental crate?

Apart from this, it looks good. Thanks!

@Gekko0114
Copy link
Contributor Author

Is the last error ok? Is that issue with box setup or the demo code we have in the experimental crate?

I've updated main.rs in this PR, so it has been fixed now.

We can remove the git clone command. We are already mounting the current directory in the box, and we would need that to do development, so no need to clone the repo.

Sure, then I will remove git clone.

@YJDoc2
Copy link
Collaborator

YJDoc2 commented Sep 20, 2024

I've updated main.rs in this PR, so it has been fixed now.

Ok, great. Can I ask you to either rebase or do main merge?

Sure, then I will remove git clone.

Thanks!

Apart from these it looks good, so once you update, I'll approve and merge.

@Gekko0114
Copy link
Contributor Author

Can I ask you to either rebase or do main merge?

Sure, then I will rebase and force push this PR later today

@Gekko0114
Create vagrantfile for SELinux
5ba6ac3 
Signed-off-by: moriya <41197469+Gekko0114@users.noreply.github.com>
@Gekko0114
generic/centos8
35b94e4 
Signed-off-by: moriya <41197469+Gekko0114@users.noreply.github.com>
@Gekko0114
Copy link
Contributor Author

Hi @YJDoc2
I've removed git command and rebased my branch. Could you review it ?

@YJDoc2
Copy link
Collaborator

YJDoc2 commented Sep 20, 2024

Hey @Gekko0114 Thanks for updating. I'm still receiving the

Error: Failed to set file label for SELinux: Failed to set_xattr: Operation not supported (os error 95)

Error. Can this be an issue with my underlying system?
I am running vagrant up, then going into the /vagrant/youki dir and doing cargo run. Is that correct?

@Gekko0114
Copy link
Contributor Author

Gekko0114 commented Sep 20, 2024
edited
Loading

Yes, it is correct. Did you run on this branch?
I updated main.rs and xattr.rs in this PR.

@YJDoc2
Copy link
Collaborator

YJDoc2 commented Sep 20, 2024

Hmm, the issue was that with the directory mounting. When I copied the binary into /tmp it worked correctly as expected and sets the label. This is probably issue with mounting dirs into vagrant, not not with our code, so can ignore. Going ahead and merging this PR. Thanks a lot!

YJDoc2
YJDoc2 approved these changes Sep 20, 2024
View reviewed changes
experiment/selinux/src/tools/xattr.rs
match rfs::setxattr(path, attr, data, rfs::XattrFlags::CREATE) {
match rfs::setxattr(path, attr, data, rfs::XattrFlags::REPLACE) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What was the logic behind changing this from create to replace? What was the error otherwise?

@YJDoc2 YJDoc2 merged commit 0b92791 into youki-dev:main Sep 20, 2024
28 checks passed
@github-actions github-actions bot mentioned this pull request Sep 20, 2024
Open
@YJDoc2 YJDoc2 mentioned this pull request Sep 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YJDoc2 YJDoc2 YJDoc2 approved these changes

Assignees

@YJDoc2 YJDoc2

Labels
kind/experimental `/experimental`
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Gekko0114 @YJDoc2