centos-bootc - cockpit-ws does not work - selinux problems #571
Comments
|
Digging in a bit more, it looks like doing the restorecon during the build process will do nothing as the labels are completely different when the container is running. I found ostreedev/ostree-rs-ext#510 So now I'm wondering if cockpit ships its policy as a binary just like greetd. |
spmfox
changed the title
cgwalters
added
the
area/osintegration
|
Yes, this is a dup of ostreedev/ostree-rs-ext#510 That said, it's probably important enough to have a tracker here too. |
|
Complete tangent: We don't see this in our Cockpit CI image for centos-9-bootc because we don't install cockpit-ws as an RPM there, but as a container. This mostly has historic reasons (it's preferable to do that on CoreOS), but for bootc it'd actually make more sense to include @spmfox So perhaps using https://quay.io/repository/cockpit/ws is at least a temporary workaround for you until this gets sorted out. |
|
@martinpitt I was able to get this working, thank you for the information - I was unaware there was a container version of cockpit-ws. |
Hello, when trying to use cockpit on centos-bootc, I get this error:
Using
bootc usr-overlay, I can do a restorecon (as suggested by setroubleshoot) but this does not fix the problem. It does appear that all of the cockpit related files in /usr have the wrong context. I suspect something is breaking during the installation of cockpit-ws.I can fix this by doing a
dnf reinstall cockpit-ws(with usr-overlay). After the reinstall it seems that all the cockpit files in /usr have the correct context. I have tried doing the restorecon during the container build, however it seems the context is correct because they do not change. Once deployed onto a system, then they are broken. This has me puzzled. The container build machine has selinux set to enforcing.Containerfile to reproduce this:
The text was updated successfully, but these errors were encountered: