Fix --containers with selinux (!21) · Merge requests · CentOS / automotive / src / automotive-image-builder

Alexander Larsson requested to merge fix-container-selinux into main May 16, 2024

I am getting this error when running aib-osbuild-mpp in the container:

{"msg":"exec container process /vcs/tyt/automotive-image-builder/mpp/aib-osbuild-mpp: Permission denied","level":"error","time":"2024-05-16T15:44:09.059782Z"}

Due to this AVC:

AVC avc: denied { entrypoint } for pid=1062421 comm="3" path="/vcs/tyt/automotive-image-builder/mpp/aib-osbuild-mpp" dev="nvme1n1p3" ino=115804 scontext=system_u:system_r:unconfined_t:s0:c>

I think this is because its unnecessarily (in the mpp case) running as unconfined_t, and we can avoid this by not using that in the mpp container.

Fix --containers with selinux

Merge request reports