Support mounting on SELinux #251
Conversation
cyplo
requested review from
Dylan-DPC-zz,
jamesmunns and
a team
as code owners
|
Thanks |
tryBuild failed |
|
Heya ! I've seen some failures on CI but not sure if they're related - it seems that he build is starting without problems, is just that some of the things seem to be not behind feature gates anymore in |
|
I traced the problem and proposed a fix to the underlying library: rust-lang/compiler-builtins#272 |
|
@cyplo Thanks. I was about to send them a PR with the change. Will have to wait for them to release a new version and then for the dependent crate to make the change or allow the build for latest nightly to fail (or disable this) |
|
Heya @Dylan-DPC - the PR to |
|
@cyplo actually we don't have to. we just have to wait for compiler-builtins to release a new version and cargo will pick the latest version when resolving the dependencies. |
|
bors: try |
tryBuild failed |
|
Heya @Dylan-DPC - it seems that the build failed but for an unrelated reason - |
|
i'm not sure what's causing that. Will investigate. |
|
Thank you ! |
|
Same problem here: #255 |
Disasm
added
T-tools
S-blocked
This should allow `cross` to work on both non-SELinux enabled systems and SELinux ones.
|
Heya @Dylan-DPC - I solved the conflicts in this PR and force-pushed - it seems that Bors is stuck perhaps ? Not sure what to do next tbh. Thanks btw :) |
|
bors r+ |
251: Support mounting on SELinux r=reitermarkus a=cyplo This should allow `cross` to work on both non-SELinux enabled systems and SELinux ones. I've tested on Fedora 29 for SELinux system. Fixes #112 that was originally reported from Fedora as well I believe. 271: Minor improvements to wording r=reitermarkus a=spl * Fix a typo in "QEMU bug sand" * Add a link for QEMU * Clarify and simplify various other things about the wording The diff looks worse than the changes are. I tried to keep to the 80-column width since it looked like the rest of the text was that way. GitHub's “rich diff” seems to help here. Co-authored-by: Cyryl Płotnicki <cyplo@cyplo.net> Co-authored-by: Sean Leather <sean.leather@gmail.com>
Timed out (retrying...) |
251: Support mounting on SELinux r=reitermarkus a=cyplo This should allow `cross` to work on both non-SELinux enabled systems and SELinux ones. I've tested on Fedora 29 for SELinux system. Fixes #112 that was originally reported from Fedora as well I believe. Co-authored-by: Cyryl Płotnicki <cyplo@cyplo.net>
Build succeeded |
962: Fix SELinux labels to allow shared use. r=Emilgardis a=Alexhuszagh Ensure that the volumes are not mounted as private, unshared volumes since we might mount with the host filesystem. This also fixes permissions issues with reading data from a mounted volume using a rootless container engine. Fixes a bug introduced in #251. Closes #961. This is because the `Z` SELinux label assumes the data is not shared between containers and not being used by the host, as documented below: > If you use selinux you can add the z or Z options to modify the selinux label of the host file or directory being mounted into the container. This affects the file or directory on the host machine itself and can have consequences outside of the scope of Docker. > > - The z option indicates that the bind mount content is shared among multiple containers. > - The Z option indicates that the bind mount content is private and unshared. > > Use extreme caution with these options. Bind-mounting a system directory such as /home or /usr with the Z option renders your host machine inoperable and you may need to relabel the host machine files by hand. Prior to this, we used the `Z` label, when we should have been using the `z` label. Co-authored-by: Alex Huszagh <ahuszagh@gmail.com>
This should allow
crossto work on both non-SELinux enabled systemsand SELinux ones.
I've tested on Fedora 29 for SELinux system.
Fixes #112 that was originally reported from Fedora as well I believe.