FC2 useradd in chroot on FC5 host with SELinux
Daniel J Walsh
dwalsh at redhat.com
Thu Jul 13 16:28:49 UTC 2006
Paul Howarth wrote:
> Daniel J Walsh wrote:
>> Paul Howarth wrote:
>>> I use mock to build packages for old distributions in a chroot-ed
>>> environment on my FC5 box. I've pretty well got this working for all
>>> old
>>> distributions now apart from FC2 (see
>>> http://www.fedoraproject.org/wiki/Legacy/Mock). On FC2, the process
>>> gets
>>> off to quite a good start, installing the following packages into the
>>> chroot:
>>>
>>> =============================================================================
>>>
>>> Package Arch Version Repository
>>> Size
>>> =============================================================================
>>>
>>> Installing:
>>> buildsys-build noarch 0.5-1.CF.fc2 groups
>>> 1.8 k
>>> Installing for dependencies:
>>> SysVinit i386 2.85-25 core
>>> 96 k
>>> basesystem noarch 8.0-3 core
>>> 2.7 k
>>> bash i386 2.05b-38 core
>>> 1.5 M
>>> beecrypt i386 3.1.0-3 core
>>> 64 k
>>> binutils i386 2.15.90.0.3-5 core
>>> 2.8 M
>>> buildsys-macros noarch 2-2.fc2 groups
>>> 2.1 k
>>> bzip2 i386 1.0.2-12.1 core
>>> 48 k
>>> bzip2-libs i386 1.0.2-12.1 core
>>> 32 k chkconfig i386 1.3.9-1.1 core
>>> 99 k
>>> coreutils i386 5.2.1-7 core
>>> 2.8 M
>>> cpio i386 2.5-6 core
>>> 45 k
>>> cpp i386 3.3.3-7 core
>>> 1.4 M
>>> cracklib i386 2.7-27.1 core
>>> 26 k
>>> cracklib-dicts i386 2.7-27.1 core
>>> 409 k
>>> db4 i386 4.2.52-3.1 core
>>> 1.5 M
>>> dev i386 3.3.13-1 core
>>> 3.6 M
>>> diffutils i386 2.8.1-11 core
>>> 205 k
>>> e2fsprogs i386 1.35-7.1 core
>>> 728 k
>>> elfutils-libelf i386 0.95-2 core
>>> 36 k
>>> ethtool i386 1.8-3.1 core
>>> 48 k
>>> fedora-release i386 2-4 core
>>> 92 k
>>> file i386 4.07-4 core
>>> 242 k
>>> filesystem i386 2.2.4-1 core
>>> 18 k
>>> findutils i386 1:4.1.7-25 core
>>> 102 k
>>> gawk i386 3.1.3-7 core
>>> 1.5 M
>>> gcc i386 3.3.3-7 core
>>> 3.8 M
>>> gcc-c++ i386 3.3.3-7 core
>>> 2.0 M
>>> gdbm i386 1.8.0-22.1 core
>>> 26 k
>>> glib i386 1:1.2.10-12.1.1 core
>>> 134 k
>>> glib2 i386 2.4.8-1.fc2 updates-released
>>> 477 k
>>> glibc i686 2.3.3-27.1 updates-released
>>> 4.9 M
>>> glibc-common i386 2.3.3-27.1 updates-released
>>> 14 M
>>> glibc-devel i386 2.3.3-27.1 updates-released
>>> 1.9 M
>>> glibc-headers i386 2.3.3-27.1 updates-released
>>> 530 k
>>> glibc-kernheaders i386 2.4-8.44 core
>>> 697 k
>>> grep i386 2.5.1-26 core
>>> 168 k
>>> gzip i386 1.3.3-12.2.legacy updates-released
>>> 88 k
>>> info i386 4.7-4 updates-released
>>> 147 k
>>> initscripts i386 7.55.2-1 updates-released
>>> 906 k
>>> iproute i386 2.4.7-14 core
>>> 591 k
>>> iputils i386 20020927-13 core
>>> 92 k
>>> less i386 382-3 core
>>> 85 k
>>> libacl i386 2.2.7-5 core
>>> 15 k
>>> libattr i386 2.4.1-4 core
>>> 8.6 k
>>> libgcc i386 3.3.3-7 core
>>> 33 k
>>> libselinux i386 1.11.4-1 core
>>> 45 k
>>> libstdc++ i386 3.3.3-7 core
>>> 240 k
>>> libstdc++-devel i386 3.3.3-7 core
>>> 1.3 M
>>> libtermcap i386 2.0.8-38 core
>>> 12 k
>>> make i386 1:3.80-3 core
>>> 337 k
>>> mingetty i386 1.07-2 core
>>> 18 k
>>> mktemp i386 2:1.5-7 core
>>> 12 k
>>> modutils i386 2.4.26-16 core
>>> 395 k
>>> ncurses i386 5.4-5 core
>>> 1.5 M
>>> net-tools i386 1.60-25.1 updates-released
>>> 311 k
>>> pam i386 0.77-40 core
>>> 1.9 M
>>> patch i386 2.5.4-19 core
>>> 61 k
>>> pcre i386 4.5-2 core
>>> 59 k
>>> perl i386 3:5.8.3-18 core
>>> 11 M
>>> perl-Filter i386 1.30-5 core
>>> 68 k
>>> popt i386 1.9.1-0.4.1 updates-released
>>> 61 k
>>> procps i386 3.2.0-1.2 updates-released
>>> 176 k
>>> psmisc i386 21.4-2 core
>>> 41 k
>>> redhat-rpm-config noarch 8.0.28-1.1.1 core
>>> 41 k
>>> rpm i386 4.3.1-0.4.1 updates-released
>>> 2.2 M
>>> rpm-build i386 4.3.1-0.4.1 updates-released
>>> 437 k
>>> sed i386 4.0.8-4 core
>>> 116 k
>>> setup noarch 2.5.33-1 core
>>> 29 k
>>> shadow-utils i386 2:4.0.3-55 updates-released
>>> 671 k
>>> sysklogd i386 1.4.1-16 core
>>> 65 k
>>> tar i386 1.13.25-14 core
>>> 351 k
>>> termcap noarch 11.0.1-18.1 core
>>> 237 k
>>> tzdata noarch 2005f-1.fc2 updates-released
>>> 449 k
>>> unzip i386 5.50-37 core
>>> 139 k
>>> util-linux i386 2.12-19 updates-released
>>> 1.5 M
>>> which i386 2.16-2 core
>>> 21 k
>>> words noarch 2-22 core
>>> 137 k
>>> zlib i386 1.2.1.2-0.fc2 updates-released
>>> 44 k
>>>
>>> After installing all of these packages successfully, the next thing
>>> that
>>> happens is:
>>>
>>> Executing /usr/sbin/mock-helper
>>> chroot /var/lib/mock/fedora-2-i386-core/root /bin/su - root -c
>>> "/usr/sbin/useradd -m -u 500 -d /builddir mockbuild"
>>>
>>> and at that point the "useradd" process just hangs indefinitely. I'm
>>> told that if SELinux is disabled (I've tried permissive mode and that
>>> doesn't help), this works. I can't see any AVCs in the logs.
>>>
>>> Any ideas what might be causing this and how it might be fixed?
>
>
>> In fc2 you should disable SELinux.
>
> I'm running this on FC5; what I'm trying to do is set up a chroot with
> FC2 packages. This includes the FC2 version of useradd, and it's this
> that's hanging when run in the chroot.
>
> I'd happily give things in the chroot the impression that SELinux is
> disabled (I believe mock actually does this already) but I *really*
> don't want to disable SELinux on my FC5 host.
>
> Paul.
I have no idea why this would happen then.
And I am not sure I believe them when they say that if SELinux was
disabled this would work differently, unless there is a kernel bug. You
are not seeing avc messages, correct? Usually if it does not work in
permissive mode it is not an SELinux problem.
More information about the fedora-selinux-list
mailing list