* [Buildroot] [PATCH 1/1] Revert "package/docker: enable selinux module"
@ 2024-01-02 19:41 Fabrice Fontaine
2024-01-02 19:57 ` Yann E. MORIN
2024-01-12 16:14 ` Peter Korsgaard
0 siblings, 2 replies; 4+ messages in thread
From: Fabrice Fontaine @ 2024-01-02 19:41 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine
This reverts commit 245b13a0778ec6ad061555b0b994e7649ef01006 as docker
selinux module is for docker-engine, not for "a system tray dock for X"
Moreover, it raises the following build failure:
Compiling targeted policy.33
env LD_LIBRARY_PATH="/home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/lib:/home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/usr/lib" /home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/usr/bin/checkpolicy -c 33 -U deny -S -O -E policy.conf -o policy.33
policy.conf:1912:ERROR 'attribute container_engine_domain is not declared' at token ';' on line 1912:
type dockerd_t, container_engine_domain;
type dockerd_exec_t;
Fixes:
- http://autobuild.buildroot.org/results/87d78b6f15875f0fa3e6fc85e352db14ab0383bb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/docker/docker.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/docker/docker.mk b/package/docker/docker.mk
index 39f7ee4580..4a8c6fcd8d 100644
--- a/package/docker/docker.mk
+++ b/package/docker/docker.mk
@@ -7,7 +7,7 @@
DOCKER_VERSION = 1.5
DOCKER_SITE = http://icculus.org/openbox/2/docker
DOCKER_DEPENDENCIES = host-pkgconf libglib2 xlib_libX11
-DOCKER_SELINUX_MODULES = docker
+
DOCKER_LICENSE = GPL-2.0+
# The 'or later' is specified at the end of the README, so include that one too.
DOCKER_LICENSE_FILES = COPYING README
--
2.43.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] Revert "package/docker: enable selinux module"
2024-01-02 19:41 [Buildroot] [PATCH 1/1] Revert "package/docker: enable selinux module" Fabrice Fontaine
@ 2024-01-02 19:57 ` Yann E. MORIN
2024-01-02 20:00 ` Fabrice Fontaine
2024-01-12 16:14 ` Peter Korsgaard
1 sibling, 1 reply; 4+ messages in thread
From: Yann E. MORIN @ 2024-01-02 19:57 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
Fabrice, All,
On 2024-01-02 20:41 +0100, Fabrice Fontaine spake thusly:
> This reverts commit 245b13a0778ec6ad061555b0b994e7649ef01006 as docker
> selinux module is for docker-engine, not for "a system tray dock for X"
>
> Moreover, it raises the following build failure:
>
> Compiling targeted policy.33
> env LD_LIBRARY_PATH="/home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/lib:/home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/usr/lib" /home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/usr/bin/checkpolicy -c 33 -U deny -S -O -E policy.conf -o policy.33
> policy.conf:1912:ERROR 'attribute container_engine_domain is not declared' at token ';' on line 1912:
> type dockerd_t, container_engine_domain;
> type dockerd_exec_t;
Does that mean we can't do:
DOCKER_ENGINE_SELINUX_MODULES = docker
either?
> Fixes:
> - http://autobuild.buildroot.org/results/87d78b6f15875f0fa3e6fc85e352db14ab0383bb
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/docker/docker.mk | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/package/docker/docker.mk b/package/docker/docker.mk
> index 39f7ee4580..4a8c6fcd8d 100644
> --- a/package/docker/docker.mk
> +++ b/package/docker/docker.mk
> @@ -7,7 +7,7 @@
> DOCKER_VERSION = 1.5
> DOCKER_SITE = http://icculus.org/openbox/2/docker
> DOCKER_DEPENDENCIES = host-pkgconf libglib2 xlib_libX11
> -DOCKER_SELINUX_MODULES = docker
> +
> DOCKER_LICENSE = GPL-2.0+
> # The 'or later' is specified at the end of the README, so include that one too.
> DOCKER_LICENSE_FILES = COPYING README
> --
> 2.43.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] Revert "package/docker: enable selinux module"
2024-01-02 19:57 ` Yann E. MORIN
@ 2024-01-02 20:00 ` Fabrice Fontaine
0 siblings, 0 replies; 4+ messages in thread
From: Fabrice Fontaine @ 2024-01-02 20:00 UTC (permalink / raw)
To: Yann E. MORIN; +Cc: buildroot
Le mar. 2 janv. 2024 à 20:57, Yann E. MORIN <yann.morin.1998@free.fr> a écrit :
>
> Fabrice, All,
>
> On 2024-01-02 20:41 +0100, Fabrice Fontaine spake thusly:
> > This reverts commit 245b13a0778ec6ad061555b0b994e7649ef01006 as docker
> > selinux module is for docker-engine, not for "a system tray dock for X"
> >
> > Moreover, it raises the following build failure:
> >
> > Compiling targeted policy.33
> > env LD_LIBRARY_PATH="/home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/lib:/home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/usr/lib" /home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/usr/bin/checkpolicy -c 33 -U deny -S -O -E policy.conf -o policy.33
> > policy.conf:1912:ERROR 'attribute container_engine_domain is not declared' at token ';' on line 1912:
> > type dockerd_t, container_engine_domain;
> > type dockerd_exec_t;
>
> Does that mean we can't do:
>
> DOCKER_ENGINE_SELINUX_MODULES = docker
Indeed, we can't do that either, I didn't investigated further but at
the very least, container selinux module should be added like this:
DOCKER_ENGINE_SELINUX_MODULES = container docker
>
> either?
>
> > Fixes:
> > - http://autobuild.buildroot.org/results/87d78b6f15875f0fa3e6fc85e352db14ab0383bb
> >
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>
> Applied to master, thanks.
>
> Regards,
> Yann E. MORIN.
>
> > ---
> > package/docker/docker.mk | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/package/docker/docker.mk b/package/docker/docker.mk
> > index 39f7ee4580..4a8c6fcd8d 100644
> > --- a/package/docker/docker.mk
> > +++ b/package/docker/docker.mk
> > @@ -7,7 +7,7 @@
> > DOCKER_VERSION = 1.5
> > DOCKER_SITE = http://icculus.org/openbox/2/docker
> > DOCKER_DEPENDENCIES = host-pkgconf libglib2 xlib_libX11
> > -DOCKER_SELINUX_MODULES = docker
> > +
> > DOCKER_LICENSE = GPL-2.0+
> > # The 'or later' is specified at the end of the README, so include that one too.
> > DOCKER_LICENSE_FILES = COPYING README
> > --
> > 2.43.0
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot@buildroot.org
> > https://lists.buildroot.org/mailman/listinfo/buildroot
>
> --
> .-----------------.--------------------.------------------.--------------------.
> | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
> | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
> | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
> | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
> '------------------------------^-------^------------------^--------------------'
Best Regards,
Fabrice
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] Revert "package/docker: enable selinux module"
2024-01-02 19:41 [Buildroot] [PATCH 1/1] Revert "package/docker: enable selinux module" Fabrice Fontaine
2024-01-02 19:57 ` Yann E. MORIN
@ 2024-01-12 16:14 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2024-01-12 16:14 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> This reverts commit 245b13a0778ec6ad061555b0b994e7649ef01006 as docker
> selinux module is for docker-engine, not for "a system tray dock for X"
> Moreover, it raises the following build failure:
> Compiling targeted policy.33
> env
> LD_LIBRARY_PATH="/home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/lib:/home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/usr/lib"
> /home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/usr/bin/checkpolicy
> -c 33 -U deny -S -O -E policy.conf -o policy.33
> policy.conf:1912:ERROR 'attribute container_engine_domain is not declared' at token ';' on line 1912:
> type dockerd_t, container_engine_domain;
> type dockerd_exec_t;
> Fixes:
> - http://autobuild.buildroot.org/results/87d78b6f15875f0fa3e6fc85e352db14ab0383bb
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2023.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-01-12 16:14 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-02 19:41 [Buildroot] [PATCH 1/1] Revert "package/docker: enable selinux module" Fabrice Fontaine
2024-01-02 19:57 ` Yann E. MORIN
2024-01-02 20:00 ` Fabrice Fontaine
2024-01-12 16:14 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox