Overview
This breaks image builds in really fun ways:
[ 81s] [ INFO ]: 09:07:27 | --> Syncing root filesystem data [ 81s] [ DEBUG ]: 09:07:27 | EXEC: [rsync --archive --hard-links --xattrs --acls --one-file-system --inplace --exclude /image --exclude /.profile --exclude /.kconfig --exclude /run/* --exclude /tmp/* --exclude /.buildenv --exclude /var/cache/kiwi --exclude /boot/efi/* --exclude /boot/efi/.* /usr/src/packages/KIWI-vmx/build/image-root/ /var/tmp/kiwi_volumes.9pt1y7yj/@/.snapshots/1/snapshot] [ 84s] [ DEBUG ]: 09:07:30 | EXEC: [btrfs qgroup create 1/0 /var/tmp/kiwi_volumes.9pt1y7yj] [ 84s] [ DEBUG ]: 09:07:30 | EXEC: [chroot /var/tmp/kiwi_volumes.9pt1y7yj/@/.snapshots/1/snapshot snapper --no-dbus set-config QGROUP=1/0] [ 84s] [ DEBUG ]: 09:07:30 | EXEC: Failed with stderr: IO error (.snapshots is not a btrfs subvolume). [ 84s] , stdout: (no output on stdout) [ 84s] [ ERROR ]: 09:07:30 | KiwiCommandError: chroot: stderr: IO error (.snapshots is not a btrfs subvolume). [ 84s] , stdout: (no output on stdout) [ 84s] [ INFO ]: 09:07:30 | Cleaning up FileSystemFat16 instance [ 84s] [ INFO ]: 09:07:30 | umount FileSystemFat16 instance
Taking snapper out of this staging makes things work again
Is SELinux enabled in those builds? How does SELinux work with chroot? I do not see that any SELinux policy gets installed. Maybe in /var/lib/selinux/targeted/active/modules/100/snapper/cil /usr/bin/snapper must also be added next to /usr/sbin/snapperd.
But since SELinux is new to me I cannot really help here.
I doubt that SELinux is enabled there. The codepaths I checked check for a loaded policy first and do nothing if there's none. I'll try to see what's happening here
It's not the SELinux support. I thought that it misses some SELinux checks, but with my patches it still fails. Then I branched snapper revision 478 into home:jsegitz:branches:filesystems:snapper and it still fails to build the images: https://build.opensuse.org/package/live_build_log/home:jsegitz:branches:filesystems:snapper/kiwi-templates-Minimal:MS-HyperV/images/x86_64
I get different results: With --enable-selinux in the spec file it fails, without it works.
AFAIS enabling SELinux in snapper adds as a side effect a few checks, e.g. if .snapshots is a subvolume. The logs show that kiwi creates subvolumes and directories, so maybe the setup is simply wrong and snapper is right in complaining.
I will try to avoid the side effects and see what happens then.
I see that kiwi does chroot snapper set-config ...
but at that point .snapshots
is not mounted inside that chroot. Might be enough to fix that in kiwi, if it's not possible to run snapper set-config
without that.
Would still be nice to have snapper set-config not care about /.snapshots being mounted though, like before
I have a patch for that but I have to test it a bit more (likely on Monday).
Request History
aschnell created request
- updated to latest repository
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
dimstar_suse set openSUSE:Factory:Staging:M as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:M"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:M"
dimstar accepted review
dimstar_suse added factory-staging as a reviewer
Being evaluated by group "factory-staging"
dimstar_suse accepted review
Unstaged from project "openSUSE:Factory:Staging:M"
dimstar_suse set openSUSE:Factory:Staging:F as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:F"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:F"
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:F got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:F got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:F got accepted.