c7a3b93e31
In some circumstances, like semanage-store being on overlayfs, rename() could fail with EXDEV - Invalid cross-device link. This is due to the fact that overlays doesn't support rename() if source and target are not on the same layer, e.g. in containers built from several layers. Even though it's not atomic operation, it's better to try to copy files from src to dst on our own in this case. Next rebuild will probably not fail as the new directories will be on the same layer. Fixes: https://github.com/SELinuxProject/selinux/issues/343 Reproducer: $ cd selinux1 $ cat Dockerfile FROM fedora:35 RUN dnf install -y selinux-policy selinux-policy-targeted $ podman build -t localhost/selinux . --no-cache $ cd ../selinux2 $ cat Dockerfile FROM localhost/selinux RUN semodule -B $ podman build -t localhost/selinux2 . --no-cache STEP 2/2: RUN semodule -B libsemanage.semanage_commit_sandbox: Error while renaming /var/lib/selinux/targeted/active to /var/lib/selinux/targeted/previous. (Invalid cross-device link). semodule: Failed! Error: error building at STEP "RUN semodule -B": error while running runtime: exit status 1 With the fix: $ podman build -t localhost/selinux2 . --no-cache STEP 2/2: RUN semodule -B libsemanage.semanage_rename: Warning: rename(/var/lib/selinux/targeted/active, /var/lib/selinux/targeted/previous) failed: Invalid cross-device link, fall back to non-atomic semanage_copy_dir_flags() COMMIT localhost/selinux2 --> d2cfcebc1a1 Successfully tagged localhost/selinux2:latest d2cfcebc1a1b34f1c2cd661ac18292b0612c3e5fa71d6fa1441be244da91b1af Reported-by: Joseph Marrero Corchado <jmarrero@redhat.com> Signed-off-by: Petr Lautrbach <plautrba@redhat.com> Acked-by: Ondrej Mosnacek <omosnace@redhat.com> |
||
|---|---|---|
| .. | ||
| example | ||
| include | ||
| man | ||
| src | ||
| tests | ||
| utils | ||
| .gitignore | ||
| COPYING | ||
| Makefile | ||
| VERSION | ||