bootc Ensure no-selinux case is at least e2e tested periodically

Ensure no-selinux case is at least e2e tested periodically

Open cgwalters opened this issue 1 year ago • 1 comments

This issue tracks our "full" support for installing SELinux-enabled targets from SELinux-disabled hosts.

Mar 22 '24 16:03 cgwalters

FWIW, crun-vm will make use of this as part of its support for running bootc containers.

Apr 22 '24 15:04 albertofaria

Running a bootc build (on a Fedora 40 system)...

root@host:~# podman run \
  --rm \
  -it \
  --privileged \
  --pull=newer \
  --security-opt label=type:unconfined_t \
  -v "$PWD/output:/output" \
  -v /var/lib/containers/storage:/var/lib/containers/storage \
  registry.redhat.io/rhel9/bootc-image-builder:latest \
  --type qcow2 \
  --local \
  bootc-test-image

...I was directed here by this warning:

Host kernel does not have SELinux support, but target enables it by default; this is less well tested.  See https://github.com/containers/bootc/issues/419

And yet selinux is both present and enabled on the host:

root@host:~# getenforce
Enforcing

What's going on here?

(NB: I see the same message using quay.io/centos-bootc/bootc-image-builder:latest)

Sep 17 '24 14:09 larsks

PR in https://github.com/containers/bootc/pull/790

Sep 17 '24 15:09 cgwalters

bootc bootc copied to clipboard

Ensure no-selinux case is at least e2e tested periodically

bootc
bootc copied to clipboard