Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross not compatible with SELinux #112

Closed
Susurrus opened this issue Jun 29, 2017 · 9 comments · Fixed by #251
Closed

Cross not compatible with SELinux #112

Susurrus opened this issue Jun 29, 2017 · 9 comments · Fixed by #251
Labels
better-errors enhancement help wanted

Comments

@Susurrus
Copy link

I've been trying to debug our CI failures by running cross locally, but I've run into Permission denied error when doing so. I'm not really certain where to look to try and debug this issue, so I'm posting here. Any help figuring this out would be appreciated.

$ cross build --target aarch64-unknown-linux-gnu
Unable to find image 'japaric/aarch64-unknown-linux-gnu:v0.1.10' locally
Trying to pull repository docker.io/japaric/aarch64-unknown-linux-gnu ... 
sha256:7bd5365e6aec2cdcab009e59039117f3e8b5e25b089d28d30036a10739225fdc: Pulling from docker.io/japaric/aarch64-unknown-linux-gnu
30d541b48fc0: Pull complete 
8ecd7f80d390: Pull complete 
46ec9927bb81: Pull complete 
2e67a4d67b44: Pull complete 
7d9dd9155488: Pull complete 
08aa1b431028: Pull complete 
7d802a03e2fb: Pull complete 
a37098550b32: Pull complete 
031c3405b7a7: Pull complete 
Digest: sha256:7bd5365e6aec2cdcab009e59039117f3e8b5e25b089d28d30036a10739225fdc
Status: Downloaded newer image for docker.io/japaric/aarch64-unknown-linux-gnu:v0.1.10
sh: 1: cargo: Permission denied
@th0br0
Copy link

th0br0 commented Jun 29, 2017

If you're running on an SELinux-enabled system, SELinux is probably at fault.
Try running it again after sudo setenforce 0.

@Susurrus
Copy link
Author

Indeed, that was it. Fedora has SELinux on by default. The failure message here is confusing, it'd be nice if the invalid permissions could be detected and a clearer message could be provided. Don't know if that's for cargo or cross to address, however.

@thejpster
Copy link

I've just fallen across this one as well. Unfortunately I don't think disabling SELinux is ever a good solution - it's there for a reason!

@jamesmunns
Copy link
Contributor

Duplicates #185, there needs to be better documentation on what the requirements cross has for running on the host environment, which pretty much boils down to "you need to be able to docker run as the current user without selinux or sudo problems.

@jamesmunns jamesmunns added pending-close Issue will be closed if no further comments duplicate labels Mar 17, 2018
@thejpster
Copy link

SELinux isn't a 'problem', it's a security feature. Cross should support mounting volumes using the Z flag.

@jamesmunns
Copy link
Contributor

@thejpster makes sense. Maybe another config flag for CROSS_USE_ZFLAG or something?

@jamesmunns jamesmunns removed the pending-close Issue will be closed if no further comments label Mar 17, 2018
@jamesmunns jamesmunns changed the title Running cross locally gives permission denied error Cross not compatible with SELinux Mar 17, 2018
@jamesmunns
Copy link
Contributor

Updated the title to better track the underlying issue. Thanks for the insight @thejpster!

@cyplo
Copy link
Contributor

cyplo commented Jan 19, 2019

Using Z when mounting a volume on a system without SELinux just works as well, at least for my setup - would it be okay to just use it by default everywhere ?

@cyplo cyplo mentioned this issue Jan 19, 2019
Merged
@cyplo
Copy link
Contributor

cyplo commented Jan 19, 2019

I went ahead and proposed a PR for this - #251 - feel free to close if it does not make sense though.

Thanks !

bors bot added a commit that referenced this issue Aug 25, 2019
@bors @cyplo @spl
Merge #251 #271
1f298f4 
251: Support mounting on SELinux r=reitermarkus a=cyplo

This should allow `cross` to work on both non-SELinux enabled systems
and SELinux ones.

I've tested on Fedora 29 for SELinux system.

Fixes #112 that was originally reported from Fedora as well I believe.

271: Minor improvements to wording r=reitermarkus a=spl

* Fix a typo in "QEMU bug sand"
* Add a link for QEMU
* Clarify and simplify various other things about the wording

The diff looks worse than the changes are. I tried to keep to the 80-column width since it looked like the rest of the text was that way. GitHub's “rich diff” seems to help here.

Co-authored-by: Cyryl Płotnicki <cyplo@cyplo.net>
Co-authored-by: Sean Leather <sean.leather@gmail.com>
@bors bors bot closed this as completed in e476178 Aug 25, 2019
@Alexhuszagh Alexhuszagh mentioned this issue Sep 6, 2022
Open
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
better-errors enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support mounting on SELinux cyplo/cross
5 participants
@th0br0 @Susurrus @cyplo @thejpster @jamesmunns