Re: Fedora 20 TC2 AMIs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/21/2013 03:13 PM, Vitaly Kuznetsov wrote: Matthew Miller mat...@fedoraproject.org writes: On Thu, Nov 21, 2013 at 01:30:15PM +0100, Vitaly Kuznetsov wrote: I ran basic tests agains them and they're ok. The only issue I still see is wrong SELinux context for several files: # restorecon -Rvn -e/dev -e/proc -e/sys -e/run -e/tmp/ / restorecon reset /var/cache/yum context system_u:object_r:file_t:s0-system_u:object_r:rpm_var_cache_t:s0 restorecon reset /var/log/boot.log context system_u:object_r:var_log_t:s0-system_u:object_r:plymouthd_var_log_t:s0 restorecon reset /boot/extlinux/ldlinux.sys context system_u:object_r:file_t:s0-system_u:object_r:boot_t:s0 That's weird. We're running fixfiles at the end of the build process to clean up anything like that. I looked into kickstart, you do '/usr/sbin/fixfiles -R -a restore'. I tried running it manually on fresh instance: # /usr/sbin/fixfiles -R -a restore 75k/sbin/restorecon set context /boot/extlinux/ldlinux.sys-system_u:object_r:boot_t:s0 failed:'Operation not permitted' 80k/sbin/restorecon set context /boot/extlinux/ldlinux.sys-system_u:object_r:boot_t:s0 failed:'Operation not permitted' 177k/sbin/restorecon set context /boot/extlinux/ldlinux.sys-system_u:object_r:boot_t:s0 failed:'Operation not permitted' However /boot/extlinux/ldlinux.sys is the only file needs fixind after this: # restorecon -Rvn -e/dev -e/proc -e/sys -e/run -e/tmp/ / restorecon reset /boot/extlinux/ldlinux.sys context system_u:object_r:file_t:s0-system_u:object_r:boot_t:s0 Anyway, https://bugzilla.redhat.com/show_bug.cgi?id=1033274 as suggested by dwalsh) Any change something is mounted on top of these files/directories when the fixfiles is run. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKPXq8ACgkQrlYvE4MpobPw7wCeMz5w3mGE9PRI+qRJxQTDmpK3 gzYAoN2VWaVI5iGpxkVN/vTA+JTfKWoh =WycT -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Fedora 20 TC2 AMIs
On Thu, Nov 21, 2013 at 09:13:19PM +0100, Vitaly Kuznetsov wrote: 177k/sbin/restorecon set context /boot/extlinux/ldlinux.sys-system_u:object_r:boot_t:s0 failed:'Operation not permitted' However /boot/extlinux/ldlinux.sys is the only file needs fixind after this: Oh, that makes sense, as that file is marked immutable (becuase the system won't boot if it moves). I don't think restorecon will move it, so I'll look at making it temporarily mutable and then put that back again. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ mat...@fedoraproject.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Fedora 20 TC2 AMIs
We don't use anaconda to make the images. We use appliance-creator which is part of appliance-tools. I'm the upstream for them. Daniel J Walsh dwa...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/21/2013 07:30 AM, Vitaly Kuznetsov wrote: Dennis Gilmore den...@ausil.us writes: Hi all, Final TC2 images have been uploaded to EC2 and are available at ami-3392b55a : us-east-1 image for i386 ami-f794b39e : us-east-1 image for x86_64 I ran basic tests agains them and they're ok. The only issue I still see is wrong SELinux context for several files: # restorecon -Rvn -e/dev -e/proc -e/sys -e/run -e/tmp/ / restorecon reset /var/cache/yum context system_u:object_r:file_t:s0-system_u:object_r:rpm_var_cache_t:s0 restorecon reset /var/log/boot.log context system_u:object_r:var_log_t:s0-system_u:object_r:plymouthd_var_log_t:s0 restorecon reset /boot/extlinux/ldlinux.sys context system_u:object_r:file_t:s0-system_u:object_r:boot_t:s0 These should be opened as a bug in anaconda. (The file_t ones anyways.) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKOFv4ACgkQrlYvE4MpobOezgCfRCHVSoSCaM9M0X8Jn9b8+RBq kd0AoML3rHbYa00CSGojEFWS8WmmLc9Y =xunE -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- Sent from my Android device with K-9 Mail. Please excuse my brevity.-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Fedora 20 TC2 AMIs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/21/2013 07:30 AM, Vitaly Kuznetsov wrote: Dennis Gilmore den...@ausil.us writes: Hi all, Final TC2 images have been uploaded to EC2 and are available at ami-3392b55a : us-east-1 image for i386 ami-f794b39e : us-east-1 image for x86_64 I ran basic tests agains them and they're ok. The only issue I still see is wrong SELinux context for several files: # restorecon -Rvn -e/dev -e/proc -e/sys -e/run -e/tmp/ / restorecon reset /var/cache/yum context system_u:object_r:file_t:s0-system_u:object_r:rpm_var_cache_t:s0 restorecon reset /var/log/boot.log context system_u:object_r:var_log_t:s0-system_u:object_r:plymouthd_var_log_t:s0 restorecon reset /boot/extlinux/ldlinux.sys context system_u:object_r:file_t:s0-system_u:object_r:boot_t:s0 These should be opened as a bug in anaconda. (The file_t ones anyways.) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKOFv4ACgkQrlYvE4MpobOezgCfRCHVSoSCaM9M0X8Jn9b8+RBq kd0AoML3rHbYa00CSGojEFWS8WmmLc9Y =xunE -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Fedora 20 TC2 AMIs
On Thu, Nov 21, 2013 at 01:30:15PM +0100, Vitaly Kuznetsov wrote: I ran basic tests agains them and they're ok. The only issue I still see is wrong SELinux context for several files: # restorecon -Rvn -e/dev -e/proc -e/sys -e/run -e/tmp/ / restorecon reset /var/cache/yum context system_u:object_r:file_t:s0-system_u:object_r:rpm_var_cache_t:s0 restorecon reset /var/log/boot.log context system_u:object_r:var_log_t:s0-system_u:object_r:plymouthd_var_log_t:s0 restorecon reset /boot/extlinux/ldlinux.sys context system_u:object_r:file_t:s0-system_u:object_r:boot_t:s0 That's weird. We're running fixfiles at the end of the build process to clean up anything like that. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ mat...@fedoraproject.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Fedora 20 TC2 AMIs
Matthew Miller mat...@fedoraproject.org writes: On Thu, Nov 21, 2013 at 01:30:15PM +0100, Vitaly Kuznetsov wrote: I ran basic tests agains them and they're ok. The only issue I still see is wrong SELinux context for several files: # restorecon -Rvn -e/dev -e/proc -e/sys -e/run -e/tmp/ / restorecon reset /var/cache/yum context system_u:object_r:file_t:s0-system_u:object_r:rpm_var_cache_t:s0 restorecon reset /var/log/boot.log context system_u:object_r:var_log_t:s0-system_u:object_r:plymouthd_var_log_t:s0 restorecon reset /boot/extlinux/ldlinux.sys context system_u:object_r:file_t:s0-system_u:object_r:boot_t:s0 That's weird. We're running fixfiles at the end of the build process to clean up anything like that. I looked into kickstart, you do '/usr/sbin/fixfiles -R -a restore'. I tried running it manually on fresh instance: # /usr/sbin/fixfiles -R -a restore 75k/sbin/restorecon set context /boot/extlinux/ldlinux.sys-system_u:object_r:boot_t:s0 failed:'Operation not permitted' 80k/sbin/restorecon set context /boot/extlinux/ldlinux.sys-system_u:object_r:boot_t:s0 failed:'Operation not permitted' 177k/sbin/restorecon set context /boot/extlinux/ldlinux.sys-system_u:object_r:boot_t:s0 failed:'Operation not permitted' However /boot/extlinux/ldlinux.sys is the only file needs fixind after this: # restorecon -Rvn -e/dev -e/proc -e/sys -e/run -e/tmp/ / restorecon reset /boot/extlinux/ldlinux.sys context system_u:object_r:file_t:s0-system_u:object_r:boot_t:s0 Anyway, https://bugzilla.redhat.com/show_bug.cgi?id=1033274 as suggested by dwalsh) -- Vitaly Kuznetsov -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Fedora 20 TC2 AMIs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/21/2013 11:19 AM, Dennis Gilmore wrote: We don't use anaconda to make the images. We use appliance-creator which is part of appliance-tools. I'm the upstream for them. Is the appliance-tools running restorecon -R -v / in the end like livecd-creator used to? anaconda has a list of files/directories that it runs restorecon on after the install is done. The idea is to fix labels of content that was created before selinux policy was loaded into the kernel. If these are the only two files that are mislabeled, then I would just run restorecon on them. Daniel J Walsh dwa...@redhat.com wrote: On 11/21/2013 07:30 AM, Vitaly Kuznetsov wrote: Dennis Gilmore den...@ausil.us writes: Hi all, Final TC2 images have been uploaded to EC2 and are available at ami-3392b55a : us-east-1 image for i386 ami-f794b39e : us-east-1 image for x86_64 I ran basic tests agains them and they're ok. The only issue I still see is wrong SELinux context for several files: # restorecon -Rvn -e/dev -e/proc -e/sys -e/run -e/tmp/ / restorecon reset /var/cache/yum context system_u:object_r:file_t:s0-system_u:object_r:rpm_var_cache_t:s0 restorecon reset /var/log/boot.log context system_u:object_r:var_log_t:s0-system_u:object_r:plymouthd_var_log_t:s0 restorecon reset /boot/extlinux/ldlinux.sys context system_u:object_r:file_t:s0-system_u:object_r:boot_t:s0 These should be opened as a bug in anaconda. (The file_t ones anyways.) -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKOSb4ACgkQrlYvE4MpobPBUACgsHbZ6R6ie+Co0m2STvpD73Xx HRMAoLZ604yqAErwiW4m7rhLWa0JuadR =2+91 -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Fedora 20 TC2 AMIs
Dennis Gilmore den...@ausil.us writes: Hi all, Final TC2 images have been uploaded to EC2 and are available at ami-3392b55a : us-east-1 image for i386 ami-f794b39e : us-east-1 image for x86_64 I ran basic tests agains them and they're ok. The only issue I still see is wrong SELinux context for several files: # restorecon -Rvn -e/dev -e/proc -e/sys -e/run -e/tmp/ / restorecon reset /var/cache/yum context system_u:object_r:file_t:s0-system_u:object_r:rpm_var_cache_t:s0 restorecon reset /var/log/boot.log context system_u:object_r:var_log_t:s0-system_u:object_r:plymouthd_var_log_t:s0 restorecon reset /boot/extlinux/ldlinux.sys context system_u:object_r:file_t:s0-system_u:object_r:boot_t:s0 -- Vitaly Kuznetsov -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct