build-devtoolbox: Work around broken SELinux in toolbox containers
authorMartin Pitt <martin@piware.de>
Sat, 2 Nov 2019 09:28:11 +0000 (10:28 +0100)
committerMartin Pitt <martin@piware.de>
Sat, 2 Nov 2019 09:29:50 +0000 (10:29 +0100)
Install selinux-policy first and remove all of its files, to force
SELinux to be inert in the container. This unbreaks the subsequent `dnf
builddep cockpit` which drags in selinux-policy as a dependency, causes
long hangs, tons of lsetfilecon errors, and eventually lots of package
install failures.

See https://bugzilla.redhat.com/show_bug.cgi?id=1768075

build-devtoolbox

index fe019d1a9f707c37ee711ec4594a7988fc01e1ec..047b8344b9c888f73328f47b1d753954389ac720 100755 (executable)
@@ -27,6 +27,10 @@ sudo update-ca-trust
 # HACK: no rcm-tools for F31 yet
 sudo sed -i "s/\$releasever/30/" /etc/yum.repos.d/rcm-tools-fedora.repo
 
+# HACK: installing selinux-policy (through transitive builddep cockpit dep) breaks toolbox; https://bugzilla.redhat.com/show_bug.cgi?id=1768075
+sudo dnf install -y selinux-policy
+rpm -ql selinux-policy | sudo xargs rm -f || true
+
 sudo dnf builddep -y cockpit
 sudo dnf install -y make npm fontconfig git valgrind chromium \
     libvirt-daemon-kvm libvirt-client python3-libvirt \