From patchwork Tue Nov 17 18:24:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?RWR3aW4gVMO2csO2aw==?= X-Patchwork-Id: 11913209 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 88C011668 for ; Tue, 17 Nov 2020 18:25:23 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4D3A62467A for ; Tue, 17 Nov 2020 18:25:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="CA5HiP0b" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4D3A62467A Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.29204.58460 (Exim 4.92) (envelope-from ) id 1kf5ec-0000Jk-9d; Tue, 17 Nov 2020 18:24:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 29204.58460; Tue, 17 Nov 2020 18:24:34 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kf5ec-0000Ja-64; Tue, 17 Nov 2020 18:24:34 +0000 Received: by outflank-mailman (input) for mailman id 29204; Tue, 17 Nov 2020 18:24:32 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kf5ea-0000JQ-9R for xen-devel@lists.xenproject.org; Tue, 17 Nov 2020 18:24:32 +0000 Received: from esa5.hc3370-68.iphmx.com (unknown [216.71.155.168]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 1fa9788e-34b1-401f-83d8-b0ee46c4d5b4; Tue, 17 Nov 2020 18:24:31 +0000 (UTC) Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kf5ea-0000JQ-9R for xen-devel@lists.xenproject.org; Tue, 17 Nov 2020 18:24:32 +0000 X-Inumbo-ID: 1fa9788e-34b1-401f-83d8-b0ee46c4d5b4 Received: from esa5.hc3370-68.iphmx.com (unknown [216.71.155.168]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 1fa9788e-34b1-401f-83d8-b0ee46c4d5b4; Tue, 17 Nov 2020 18:24:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1605637471; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=+xpoQqJ/pbgvLZlCMz1D78iIlwiuXy9MMBl0DGtdCWE=; b=CA5HiP0bTqJl34cCj37MKkMHVFDfiG8HgMgKqpkAyJkvXcgiWaOXHLjm UW77X5sRFZ70SInqNyhk8po1UXdMBEspaDSerOiG5V0tFFZy3Q47yWPRR 7FGpmX21ZzFaxg7bFojPhcW5kPVXqTPKutXalRMyNsWVln2WL4oBTOsb7 4=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: PZ7B6VkG7TYTQ2LzJFIJRinvipug0hywn82BZW1WgXjggOwuGai/BfAMIa5zeFsaSgs3RNVUeP aNMbS7ycFA2wEYeeazq0OTL4nM/NVBgaogeFB2rD0j6AVldImmO9vekRPzem3mTAXMWtDHn0s1 Ub31NwE0KhnTSGXDpNY86dadJgb9iArgWkXeh0ytArYEotGe5Rj7Eu9Ar7OIhH8Yx8xeQb8mAl Uk7R+fjlrbDniwA0iPQqPuRuMdvv8j4J6HzD02EloMPWcMz0xmnHpz/ElatiFrUQWc4UYYEHF8 284= X-SBRS: None X-MesageID: 31385518 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.77,486,1596513600"; d="scan'208";a="31385518" From: =?utf-8?b?RWR3aW4gVMO2csO2aw==?= To: CC: =?utf-8?b?RWR3aW4gVMO2csO2aw==?= , "Doug Goldstein" Subject: [PATCH v1 1/4] automation/scripts/containerize: fix DOCKER_CMD=podman Date: Tue, 17 Nov 2020 18:24:09 +0000 Message-ID: <28469d0fea059a51694c6fa3b5bd3971696a4f13.1605636800.git.edvin.torok@citrix.com> X-Mailer: git-send-email 2.18.4 In-Reply-To: References: MIME-Version: 1.0 On CentOS 8 with SELinux containerize doesn't work at all: Make sure that the source code and SSH agent directories are passed on with SELinux relabeling enabled. (`-security-opt label=disabled` would be another option) Signed-off-by: Edwin Török Acked-by: Doug Goldstein --- automation/scripts/containerize | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/automation/scripts/containerize b/automation/scripts/containerize index a75d54566c..ed991bb79c 100755 --- a/automation/scripts/containerize +++ b/automation/scripts/containerize @@ -7,7 +7,7 @@ # and /etc/subgid. # docker_cmd=${DOCKER_CMD:-"docker"} -[ "$DOCKER_CMD" = "podman" ] && userns_podman="--userns=keep-id" +[ "$DOCKER_CMD" = "podman" ] && userns_podman="--userns=keep-id" selinux=",z" einfo() { echo "$*" >&2 @@ -95,9 +95,9 @@ einfo "*** Launching container ..." exec ${docker_cmd} run \ ${userarg} \ ${SSH_AUTH_SOCK:+-e SSH_AUTH_SOCK="/tmp/ssh-agent/${SSH_AUTH_NAME}"} \ - -v "${CONTAINER_PATH}":/build:rw \ + -v "${CONTAINER_PATH}":/build:rw${selinux} \ -v "${HOME}/.ssh":/root/.ssh:ro \ - ${SSH_AUTH_DIR:+-v "${SSH_AUTH_DIR}":/tmp/ssh-agent} \ + ${SSH_AUTH_DIR:+-v "${SSH_AUTH_DIR}":/tmp/ssh-agent${selinux}} \ ${XEN_CONFIG_EXPERT:+-e XEN_CONFIG_EXPERT=${XEN_CONFIG_EXPERT}} \ ${CONTAINER_ARGS} \ -${termint}i --rm -- \