Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: allow make docker-generate to work with SELINUX #1054

Merged
merged 1 commit into from
Nov 27, 2023
Merged

chore: allow make docker-generate to work with SELINUX #1054

merged 1 commit into from
Nov 27, 2023

Conversation

jvillal-amp
Copy link
Contributor

@jvillal-amp jvillal-amp commented Nov 27, 2023
edited
Loading

Without this change when running on a system using SELINUX you will
receive an error like this:

<snip>
ts=2023-11-27T15:48:48.150Z caller=net_snmp.go:175 level=info msg="Loading MIBs" from=mibs
ts=2023-11-27T15:48:48.150Z caller=main.go:134 level=error msg="Error generating config netsnmp" err="unable to determine absolute path for output"
make: *** [Makefile:92: docker-generate] Error 1

Information on the ':Z' option at:
https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label

@jvillal-amp jvillal-amp mentioned this pull request Nov 27, 2023
Closed
@jvillal-amp jvillal-amp force-pushed the jlvillal/selinux branch 2 times, most recently from ebf6a5e to af96b00 Compare November 27, 2023 17:20
SuperQ
SuperQ requested changes Nov 27, 2023
View reviewed changes
Copy link
Member

@SuperQ SuperQ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you provide a little more description of why this is needed?

@jvillal-amp
chore: allow make docker-generate to work with SELINUX
2c8b55d 
Without this change when running on a system using SELINUX you will
receive an error like this:

<snip>
ts=2023-11-27T15:48:48.150Z caller=net_snmp.go:175 level=info msg="Loading MIBs" from=mibs
ts=2023-11-27T15:48:48.150Z caller=main.go:134 level=error msg="Error generating config netsnmp" err="unable to determine absolute path for output"
make: *** [Makefile:92: docker-generate] Error 1

Information on the ':Z' option at:
https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label

Signed-off-by: John L. Villalovos <[email protected]>
@jvillal-amp
Copy link
Contributor Author

Can you provide a little more description of why this is needed?

Done @SuperQ

Thanks.

@SuperQ SuperQ merged commit d7979b4 into prometheus:main Nov 27, 2023
2 checks passed
@hhromic
Copy link
Contributor

hhromic commented Nov 27, 2023

This part in the linked documentation is a bit scary:

Use extreme caution with these options. Bind-mounting a system directory such as /home or /usr with the Z option renders your host machine inoperable and you may need to relabel the host machine files by hand.

I know is a bit late (this PR was already merged), but doing it like etcd does wouldn't be a safer approach?

https://github.com/kubernetes/kubernetes/blob/ad9b60e2c9ddb21e8b00cabbe27e639638a0ea88/cluster/images/etcd/Makefile#L76-L81

Note that they use :z instead of :Z.
Disclaimer: I am not a user of SELinux and I am not super familiar with these options and their implications.

@SuperQ
Copy link
Member

SuperQ commented Nov 27, 2023

@hhromic Yea, I agree, I should have read the Docker documentation more closely. Would you mind opening a fix PR?

@hhromic
Copy link
Contributor

hhromic commented Nov 27, 2023

Sure, I will open a PR with that approach. 👍
I hope @jvillal-amp can confirm if using :z instead of :Z solves the issue for them.

@hhromic hhromic mentioned this pull request Nov 27, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SuperQ SuperQ SuperQ approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jvillal-amp @hhromic @SuperQ