From: Seebs <seebs@seebs.net>
To: <Jack.Fewx@dell.com>
Cc: yocto@yoctoproject.org
Subject: Re: [pseudo] Pseudo 1.8+ xattr sqlite corruption
Date: Wed, 22 Aug 2018 11:41:31 -0500 [thread overview]
Message-ID: <20180822114131.0e67fee5@seebsdell> (raw)
In-Reply-To: <0c3dff3db46a4a83a73a4ffe1c83535d@AUSX13MPC104.AMER.DELL.COM>
On Wed, 22 Aug 2018 14:54:02 +0000
<Jack.Fewx@dell.com> wrote:
> So failure mode is the target filesystem is devoid of SELinux file
> contexts, all files are unlabeled_t, which pretty much breaks
> everything in enforcing mode. So whatever the corruption
> cause/effect in the Psuedo database, the end result is when
> Mksquashfs runs it can't get labels for the files.
Ugh. Sorry, this is a known issue, I think we have an open bug for it,
and so far as I could tell the last time I looked at it, it was
theoretically-impossible to fix it sanely.
See:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=6580
The basic problem is: SELinux is extended attributes, and if we are
allowing *any* use of extended attributes, there is no way for pseudo
to distinguish between "host environment is trying to set a host
environment extended attribute" and "build system is trying to set a
target environment extended attribute".
And we can partially address this by turning off xattr support, so all
extended attribute use gets ENOSYS or whatever, but then I think the
host system stuff will also fail.
I am open to suggestions on ways this could be addressed sanely, but I
haven't come up with anything good yet.
(FWIW, I'm more present on the oe-core list, which I still scan for
messages with "pseudo" in the subject line.)
-s
next prev parent reply other threads:[~2018-08-22 16:47 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-20 18:45 [pseudo] Pseudo 1.8+ xattr sqlite corruption Jack.Fewx
2018-08-22 8:41 ` Alexander Kanavin
2018-08-22 13:58 ` Jack.Fewx
2018-08-22 14:41 ` Joshua Watt
2018-08-22 14:54 ` Jack.Fewx
2018-08-22 15:09 ` Richard Purdie
2018-08-22 15:32 ` Jack.Fewx
2018-09-18 20:26 ` Jack.Fewx
2018-09-18 21:09 ` Seebs
2018-09-18 21:16 ` Joshua Watt
2018-09-18 21:20 ` Seebs
2018-09-19 11:33 ` Burton, Ross
2018-09-19 14:39 ` Seebs
2018-09-19 16:25 ` Jack.Fewx
2018-09-20 19:16 ` Seebs
2018-09-20 20:41 ` Jack.Fewx
2018-09-20 20:46 ` Seebs
2018-09-20 20:50 ` Seebs
2018-09-21 12:50 ` Burton, Ross
2018-09-23 13:23 ` Martin Jansa
2018-08-22 16:41 ` Seebs [this message]
2018-08-22 14:44 ` Alexander Kanavin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180822114131.0e67fee5@seebsdell \
--to=seebs@seebs.net \
--cc=Jack.Fewx@dell.com \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.