Overview
Request 1073519 superseded
- updated to latest repository
- Created by aschnell
- In state superseded
- Superseded by 1074617
-
Open review for
factory-staging
Request History
aschnell created request
- updated to latest repository
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
dimstar_suse set openSUSE:Factory:Staging:F as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:F"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:F"
dimstar accepted review
dimstar_suse added factory-staging as a reviewer
Being evaluated by group "factory-staging"
dimstar_suse accepted review
Unstaged from project "openSUSE:Factory:Staging:F"
dimstar_suse set openSUSE:Factory:Staging:L as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:L"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:L"
dimstar_suse added factory-staging as a reviewer
Being evaluated by group "factory-staging"
dimstar_suse accepted review
Unstaged from project "openSUSE:Factory:Staging:L"
dimstar_suse set openSUSE:Factory:Staging:M as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:M"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:M"
dimstar_suse added factory-staging as a reviewer
Being evaluated by group "factory-staging"
dimstar_suse accepted review
Unstaged from project "openSUSE:Factory:Staging:M"
dimstar_suse set openSUSE:Factory:Staging:D as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:D"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:D"
dimstar_suse added factory-staging as a reviewer
Being evaluated by group "factory-staging"
dimstar_suse accepted review
Unstaged from project "openSUSE:Factory:Staging:D"
superseded by 1074617
This breaks image builds in really fun ways:
https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:L/kiwi-templates-Minimal:MS-HyperV/images/x86_64
Taking snapper out of this staging makes things work again
Is SELinux enabled in those builds? How does SELinux work with chroot? I do not see that any SELinux policy gets installed. Maybe in /var/lib/selinux/targeted/active/modules/100/snapper/cil /usr/bin/snapper must also be added next to /usr/sbin/snapperd.
But since SELinux is new to me I cannot really help here.
I doubt that SELinux is enabled there. The codepaths I checked check for a loaded policy first and do nothing if there's none. I'll try to see what's happening here
It's not the SELinux support. I thought that it misses some SELinux checks, but with my patches it still fails. Then I branched snapper revision 478 into home:jsegitz:branches:filesystems:snapper and it still fails to build the images: https://build.opensuse.org/package/live_build_log/home:jsegitz:branches:filesystems:snapper/kiwi-templates-Minimal:MS-HyperV/images/x86_64
I get different results: With --enable-selinux in the spec file it fails, without it works.
AFAIS enabling SELinux in snapper adds as a side effect a few checks, e.g. if .snapshots is a subvolume. The logs show that kiwi creates subvolumes and directories, so maybe the setup is simply wrong and snapper is right in complaining.
I will try to avoid the side effects and see what happens then.
I see that kiwi does
chroot snapper set-config ...
but at that point.snapshots
is not mounted inside that chroot. Might be enough to fix that in kiwi, if it's not possible to runsnapper set-config
without that.Looks like that worked, kiwi was doing weird stuff.
I'll open a PR upstream.
https://github.com/OSInside/kiwi/pull/2265
Would still be nice to have snapper set-config not care about /.snapshots being mounted though, like before
I have a patch for that but I have to test it a bit more (likely on Monday).
delayed