Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure root_t label for /store #197

Merged
merged 1 commit into from
Mar 7, 2024
Merged

Ensure root_t label for /store #197

merged 1 commit into from
Mar 7, 2024

Conversation

cgwalters
Copy link
Contributor

The way osbuild works is to synthesize a filesystem tree in the store, then copy it to the disk. This ensures the label for the store is root_t which ends up being the labeling for the "infrastructure" bits in the /ostree repository in the target root.

This in turn is blocking a lot of things.

Closes: #149

@cgwalters cgwalters mentioned this pull request Feb 13, 2024
Closed
@cgwalters
Copy link
Contributor Author

The other thing I did briefly mess around with here is that in theory the existing org.osbuild.ostree.selinux stage could grow support for labeling the base dirs, but given that we can hopefully push towards bootc install to-filesystem anyways, I think this short term hack will be fine.

@cgwalters
Copy link
Contributor Author

Thoughts?

achilleas-k
achilleas-k previously approved these changes Mar 4, 2024
View reviewed changes
Copy link
Member

@achilleas-k achilleas-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

AIUI, this will not be necessary when we switch to using bootc install (osbuild/images#462).

@cgwalters
Copy link
Contributor Author

AIUI, this will not be necessary when we switch to using bootc install (osbuild/images#462).

Probably/hopefully yes, but OTOH I think this is generally right as a generic baseline anyways.

@cgwalters cgwalters added this pull request to the merge queue Mar 4, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 4, 2024
@rhatdan
Copy link
Contributor

rhatdan commented Mar 5, 2024

LGTM

@cgwalters cgwalters added this pull request to the merge queue Mar 5, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to no response for status checks Mar 5, 2024
@cgwalters cgwalters added this pull request to the merge queue Mar 6, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 6, 2024
@cgwalters cgwalters enabled auto-merge March 6, 2024 19:50
@cgwalters
Copy link
Contributor Author

OK this one just needs a quick re-stamp for approval, I just did a minor tweak to avoid a textual/logical conflict with #238

mvo5
mvo5 previously approved these changes Mar 7, 2024
View reviewed changes
@cgwalters
Ensure root_t label for /store
54cbc08 
The way osbuild works is to synthesize a filesystem tree in the
store, then copy it to the disk.  This ensures the label for the
store is `root_t` which ends up being the labeling for
the "infrastructure" bits in the `/ostree` repository in the
target root.

This in turn is blocking a lot of things.

Closes: osbuild#149
@cgwalters
Copy link
Contributor Author

Oops, stray whitespace change still led to a conflict. Fixed.

@cgwalters cgwalters added this pull request to the merge queue Mar 7, 2024
Merged via the queue into osbuild:main with commit 0fb2c53 Mar 7, 2024
7 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mvo5 mvo5 mvo5 approved these changes

@achilleas-k achilleas-k achilleas-k left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

root filesystem label is container_file_t when it should be root_t
4 participants
@cgwalters @rhatdan @mvo5 @achilleas-k