cbuild: Avoid permission denied error due to SElinux #986
Conversation
When using SELinux for controlling processes within a container, we need to make sure any content that gets volume mounted into the container is readable. Use :Z option for volume mounts, so docker will set correct labels. This change fixes the error below: ➜ rdma-core git:(master) buildlib/cbuild make centos7 CMake Error: The source directory "/home/leonro/src/rdma-core" does not appear to contain CMakeLists.txt. Specify --help for usage, or press the help button on the CMake GUI. .... Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
|
Why doesn't /tmp need a label? I'm not sure about this, doesn't re-labeling mean the filesystem is changed? |
|
I tried with /tmp and it didn't accept ":Z", my explanation is that it is not part of SElinux. And it is not relabeling but actually call to the following command inside docker: |
|
Doesn't that command change the filesystem? Does this work on non-selinux systems? I wonder if we should just give up and make this stuff use podman |
I don't know about other OSes, but on my plain FC 33 cbuild doesn't work. |
|
I'm not really sure about this, it touches the filesystem to write the labels.. This is why people turn selinux off |
|
ok, I disabled SElinux and it fixed permission error. Let's keep this PR maybe more people will complain, because disabling SElinux is not a solution but a workaround. |
When using SELinux for controlling processes within a container,
we need to make sure any content that gets volume mounted into
the container is readable.
Use :Z option for volume mounts, so docker will set correct labels.
This change fixes the error below:
➜ rdma-core git:(master) buildlib/cbuild make centos7
CMake Error: The source directory "/home/leonro/src/rdma-core" does not appear to contain CMakeLists.txt.
Specify --help for usage, or press the help button on the CMake GUI.
....
Signed-off-by: Leon Romanovsky leonro@nvidia.com