Xen project Mailing List

[PATCH] CI: workaround broken selinux+docker interaction in yocto

From: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>

Date: Sat, 20 Jul 2024 02:15:03 +0200

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>

Delivery-date: Sat, 20 Jul 2024 00:15:57 +0000

Feedback-id: i1568416f:Fastmail

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

`cp --preserve=xattr` doesn't work in docker when SELinux is enabled. It tries to set the "security.selinux" xattr, but SELinux (or overlay fs?) denies it. Workaround it by skipping selinux.selinux xattr copying. Signed-off-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx> --- Tested here: https://gitlab.com/xen-project/people/marmarek/xen/-/jobs/7386198058 But since yocto container fails to build, it isn't exactly easy to apply this patch... "kirkstone" branch of meta-virtualization seems to target Xen 4.15 and 4.16, so it isn't exactly surprising it fails to build with 4.19. I tried also bumping yocto version to scarthgap (which supposedly should have updated pygrub patch), but that fails to build for me too, with a different error: ERROR: Layer 'filesystems-layer' depends on layer 'networking-layer', but this layer is not enabled in your configuration ERROR: Parse failure with the specified layer added, exiting. ... ERROR: Nothing PROVIDES 'xen-image-minimal'. Close matches: core-image-minimal core-image-minimal-dev Parsing of 2472 .bb files complete (0 cached, 2472 parsed). 4309 targets, 101 skipped, 0 masked, 0 errors. --- automation/build/yocto/yocto.dockerfile.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/automation/build/yocto/yocto.dockerfile.in b/automation/build/yocto/yocto.dockerfile.in index fbaa4e191caa..600db7bf4d19 100644 --- a/automation/build/yocto/yocto.dockerfile.in +++ b/automation/build/yocto/yocto.dockerfile.in @@ -68,6 +68,10 @@ RUN locale-gen en_US.UTF-8 && update-locale LC_ALL=en_US.UTF-8 \ ENV LANG en_US.UTF-8 ENV LC_ALL en_US.UTF-8 +# Workaround `cp --preserve=xattr` not working in docker when SELinux is +# enabled +RUN echo "security.selinux skip" >> /etc/xattr.conf + # Create a user for the build (we don't want to build as root). ENV USER_NAME docker-build ARG host_uid=1000 -- 2.45.2

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.