Skip to content

Commit

Permalink
Respect nspawn_args whenever doChroot is called
Browse files Browse the repository at this point in the history 
This also includes all `doOutChroot()` calls, as that method internally
calls `doChroot()`.

The issue was identified when trying to work around a problem [1] where
the SELinux policy prevented `systemd-machined` from creating a varlink
socket, causing it to fail to start.  As a result, `systemd-nspawn`
could not register the machine.  Tomáš tried the following
configuration:

    config_opts['nspawn_args'] = ['--register=no']

This was intended to ensure that `systemd-nspawn` does not attempt to
register the machine with `systemd-machined`.  However, the
configuration had no effect (the argument was not visible in the
`systemd-nspawn` command line, and the original issue persisted).

[1] https://issues.redhat.com/browse/RHEL-49567

Co-authored-by: Tomáš Hozza <[email protected]>
Closes: rpm-software-management#1410
Closes: rpm-software-management#1456
  • Loading branch information
@praiskup @thozza @xsuchy
2 people authored and xsuchy committed Sep 24, 2024
1 parent d4c1269 commit e8b3fa2
Show file tree
Hide file tree
Showing 6 changed files with 18 additions and 18 deletions.
16 changes: 2 additions & 14 deletions mock/py/mockbuild/backend.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,12 +65,6 @@ def __init__(self, config, uid_manager, plugins, state, buildroot, bootstrap_bui
self.private_network = not config['rpmbuild_networking']
self.rpmbuild_noclean_option = None

def _get_nspawn_args(self):
nspawn_args = []
if util.USE_NSPAWN:
nspawn_args.extend(self.config['nspawn_args'])
return nspawn_args

@traceLog()
def backup_results(self):
srcdir = os.path.join(self.buildroot.basedir, "result")
Expand Down Expand Up @@ -370,7 +364,7 @@ def shell(self, options, cmd=None):
ret = util.doshell(chrootPath=self.buildroot.make_chroot_path(),
environ=self.buildroot.env, uid=uid, gid=gid,
cwd=cwd,
nspawn_args=self._get_nspawn_args(),
nspawn_args=self.config.get("nspawn_args", []),
unshare_net=self.private_network,
cmd=cmd)
finally:
Expand Down Expand Up @@ -400,11 +394,10 @@ def chroot(self, args, options):
result = self.buildroot.doChroot(args, shell=shell, printOutput=True,
uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid,
user=self.buildroot.chrootuser, cwd=options.cwd,
nspawn_args=self._get_nspawn_args(), raiseExc=False,
raiseExc=False,
unshare_net=self.private_network)[1]
else:
result = self.buildroot.doChroot(args, shell=shell, cwd=options.cwd,
nspawn_args=self._get_nspawn_args(),
unshare_net=self.private_network,
printOutput=True, raiseExc=False)[1]
finally:
Expand Down Expand Up @@ -644,7 +637,6 @@ def copy_spec_into_chroot(self, spec_path):
def get_specfile_name(self, srpm_path):
files = self.buildroot.doChroot([self.config['rpm_command'], "-qpl", srpm_path],
shell=False, uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid,
nspawn_args=self._get_nspawn_args(),
unshare_net=self.private_network,
user=self.buildroot.chrootuser,
returnOutput=True
Expand All @@ -661,7 +653,6 @@ def install_srpm(self, srpm_path):
output, return_code = self.buildroot.doChroot(
command, shell=False, uid=self.buildroot.chrootuid,
gid=self.buildroot.chrootgid, user=self.buildroot.chrootuser,
nspawn_args=self._get_nspawn_args(),
unshare_net=self.private_network, returnOutput=True,
returnStderr=True, raiseExc=False)
if return_code:
Expand Down Expand Up @@ -704,7 +695,6 @@ def rebuild_installed_srpm(self, spec_path, timeout):
shell=False, logger=self.buildroot.build_log, timeout=timeout,
uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid,
user=self.buildroot.chrootuser,
nspawn_args=self._get_nspawn_args(),
unshare_net=self.private_network,
printOutput=self.config['print_main_output']
)
Expand Down Expand Up @@ -766,7 +756,6 @@ def get_command(mode, checkdeps=False):
shell=False, logger=self.buildroot.build_log, timeout=timeout,
uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid,
user=self.buildroot.chrootuser,
nspawn_args=self._get_nspawn_args(),
unshare_net=self.private_network, raiseExc=False,
printOutput=self.config['print_main_output'])
if returncode > 0 and returncode != 11:
Expand Down Expand Up @@ -816,7 +805,6 @@ def get_command(mode, checkdeps=False):
shell=False, logger=self.buildroot.build_log, timeout=timeout,
uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid,
user=self.buildroot.chrootuser,
nspawn_args=self._get_nspawn_args(),
unshare_net=self.private_network,
printOutput=self.config['print_main_output'])
results = glob.glob(bd_out + '/RPMS/*.rpm')
Expand Down
12 changes: 11 additions & 1 deletion mock/py/mockbuild/buildroot.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -389,9 +389,16 @@ def doOutChroot(self, command, *args, **kwargs):
Execute the command in bootstrap chroot (when bootstrap is enabled) or
on host. Return (output, exit_status) tuple.
"""

# the chrootPath would imply running chroot within containers, as well
# as on host (where we would have to setup nspawn_args, which is not
# implemented).
assert "chrootPath" not in kwargs

if self.bootstrap_buildroot:
with self.mounts.buildroot_in_bootstrap_mounted():
return self.bootstrap_buildroot.doChroot(command, *args, **kwargs)
return self.bootstrap_buildroot.doChroot(
command, *args, **kwargs)

return util.do_with_status(command, *args, **kwargs)

Expand All @@ -408,6 +415,9 @@ def doChroot(self, command, nosync=False, *args, **kargs):
kargs['gid'] = uid.getresgid()[1]
self.uid_manager.becomeUser(0, 0)

kargs.setdefault("nspawn_args", [])
kargs["nspawn_args"].extend(self.config.get("nspawn_args", []))

try:
result = util.do_with_status(command, chrootPath=self.make_chroot_path(),
env=env, *args, **kargs)
Expand Down
1 change: 0 additions & 1 deletion mock/py/mockbuild/plugins/rpkg_preprocessor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,5 @@ def _preprocess(self, host_chroot_spec, host_chroot_sources):
gid=self.buildroot.chrootgid,
user=self.buildroot.chrootuser,
unshare_net=private_network,
nspawn_args=self.config.get('nspawn_args', []),
printOutput=self.config.get('print_main_output', True)
)
1 change: 0 additions & 1 deletion mock/py/mockbuild/plugins/rpmautospec.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,5 @@ def attempt_process_distgit(
gid=self.buildroot.chrootgid,
user=self.buildroot.chrootuser,
unshare_net=not self.config.get("rpmbuild_networking", False),
nspawn_args=self.config.get("nspawn_args", []),
printOutput=self.config.get("print_main_output", True),
)
1 change: 0 additions & 1 deletion mock/tests/plugins/test_rpmautospec.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,6 @@ def test_attempt_process_distgit(
gid=plugin.buildroot.chrootgid,
user=plugin.buildroot.chrootuser,
unshare_net=not plugin.config.get("rpmbuild_networking", False),
nspawn_args=plugin.config.get("nspawn_args", []),
printOutput=plugin.config.get("print_main_output", True),
)
else:
Expand Down
5 changes: 5 additions & 0 deletions releng/release-notes-next/nspawn-args-chroot-bootstrap.bugfix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Previously, the `nspawn_args` configuration value was not applied in multiple
internal `doChroot()` calls. This could cause issues when custom nspawn
arguments were needed everywhere (see [PR#1410][]). Now, `doChroot()`
automatically applies `nspawn_args`, shifting the responsibility from callers to
callee.

0 comments on commit e8b3fa2

Please sign in to comment.