Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lsm: Forcibly relabel all initial state #294

Closed
wants to merge 1 commit into from
Closed

lsm: Forcibly relabel all initial state #294

wants to merge 1 commit into from

Conversation

cgwalters
Copy link
Collaborator

This is attempting to handle the "install selinux-enabled target from selinux-disabled host". We're kind of papering over effectively ostree design bugs here as in this case libostree itself should be setting the labels, but doing that is a bit hard and awkward right now.

@cgwalters
lsm: Forcibly relabel all initial state
ac0bd17 
This is attempting to handle the "install selinux-enabled target from selinux-disabled host".
We're kind of papering over effectively ostree design bugs here
as in this case libostree itself should be setting the labels,
but doing that is a bit hard and awkward right now.

Signed-off-by: Colin Walters <[email protected]>
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Feb 1, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@github-actions github-actions bot added the area/install Issues related to `bootc install` label Feb 1, 2024
@cgwalters cgwalters mentioned this pull request Feb 1, 2024
Merged
cgwalters added a commit to cgwalters/bootc-image-builder that referenced this pull request Feb 14, 2024
@cgwalters
Mount /boot ro by default
496907c 
See containers/bootc#294
This is particularly motivated by CentOS/centos-bootc-dev#27
because with that suddenly `dnf` will appear to start working
but trying to do anything involving the kernel (i.e. mutating `/boot`)
will end in sadness, and this puts a stop to that.

(This also relates of course to ye olde osbuild#18
 where we want the partitioning setup in the default case
 to come from the container)

Signed-off-by: Colin Walters <[email protected]>
cgwalters added a commit to cgwalters/bootc-image-builder that referenced this pull request Feb 14, 2024
@cgwalters
Mount /boot ro by default
3cc02ee 
See containers/bootc#294
This is particularly motivated by CentOS/centos-bootc-dev#27
because with that suddenly `dnf` will appear to start working
but trying to do anything involving the kernel (i.e. mutating `/boot`)
will end in sadness, and this puts a stop to that.

(This also relates of course to ye olde osbuild#18
 where we want the partitioning setup in the default case
 to come from the container)

Signed-off-by: Colin Walters <[email protected]>
@cgwalters cgwalters mentioned this pull request Feb 14, 2024
Merged
@bcl
Copy link

bcl commented Feb 14, 2024

This seems like a good idea to me, but I'm not sure I have a good enough grasp of all the moving parts to ack it :) Also, is there any testing that would cover this, or does the current test suite passing inherently prove it doesn't break things?
Not sure what's up with the failing test, those look like rust errors.

cgwalters added a commit to cgwalters/bootc-image-builder that referenced this pull request Feb 14, 2024
@cgwalters
Mount /boot ro by default
0da5251 
See containers/bootc#294
This is particularly motivated by CentOS/centos-bootc-dev#27
because with that suddenly `dnf` will appear to start working
but trying to do anything involving the kernel (i.e. mutating `/boot`)
will end in sadness, and this puts a stop to that.

(This also relates of course to ye olde osbuild#18
 where we want the partitioning setup in the default case
 to come from the container)

Signed-off-by: Colin Walters <[email protected]>
github-merge-queue bot pushed a commit to osbuild/bootc-image-builder that referenced this pull request Feb 15, 2024
@cgwalters
Mount /boot ro by default
711f39b 
See containers/bootc#294
This is particularly motivated by CentOS/centos-bootc-dev#27
because with that suddenly `dnf` will appear to start working
but trying to do anything involving the kernel (i.e. mutating `/boot`)
will end in sadness, and this puts a stop to that.

(This also relates of course to ye olde #18
 where we want the partitioning setup in the default case
 to come from the container)

Signed-off-by: Colin Walters <[email protected]>
@cgwalters
Copy link
Collaborator Author

Not sure what's up with the failing test, those look like rust errors.

Just to explain this a bit...the bootc install is a cargo feature that can be disabled. Basically some operating systems/distros may have their own installer and don't want to support bootc carrying its own.

(That said increasingly I'm thinking at least bootc install-to-filesystem should always be on...but bootc install-to-disk is way more opinionated and something that one might want to replace)

@cgwalters
Copy link
Collaborator Author

Actually forgot I'd started on this one here. This is obsoleted by #397

@cgwalters cgwalters closed this Mar 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/install Issues related to `bootc install` do-not-merge/work-in-progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cgwalters @bcl