Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate systemd-container-coredump SELinux module not getting installed properly during 4.15 base compose #1652

Open
jlebon opened this issue Nov 25, 2024 · 2 comments
Open

Investigate systemd-container-coredump SELinux module not getting installed properly during 4.15 base compose #1652

jlebon opened this issue Nov 25, 2024 · 2 comments

Comments

@jlebon
Copy link
Member

jlebon commented Nov 25, 2024

E.g. the systemd RPM in 9.2 has:

%post
...
# Install our own selinux-policy module that allows systemd-coredump access to containers
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2

But for some reason, when investigating the resulting policy, the module doesn't seem there. (E.g. it should show up in /etc/selinux/targeted/active/modules/200, but doesn't.)

For now, we've added a workaround in the selinux-policy-targeted package directly, but we should debug why this didn't work.
@jlebon
Copy link
Member Author

jlebon commented Nov 25, 2024

I would probably start by seeing if we can reproduce this against the latest development branch.

@travier
Copy link
Member

travier commented Nov 25, 2024

We bissected this to:

  • Working: 4.15.28 -> 415.92.202408100433-0
  • Broken: 4.15.29 -> 415.92.202408201734-0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jlebon @travier