Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable SELinux enforcement on dev containers #127774

Merged
merged 1 commit into from
Oct 7, 2024
Merged

Disable SELinux enforcement on dev containers #127774

merged 1 commit into from
Oct 7, 2024

Conversation

strugee
Copy link
Contributor

@strugee strugee commented Oct 7, 2024

Proposed change

On SELinux-enforcing systems, such as stock Fedora (to be more precise, in my case, Fedora Silverblue), running scripts/setup fails with a "Permission Denied" error. Fixing the root cause here seemingly requires mucking around in the devcontainers CLI source, so this patch bails out on that and introduces a workaround.

Upstream bug: devcontainers/cli#914

I tested that this works locally. I also verified that --security-opt label=disable is a noop on non-SELinux systems (I ran docker run -it --security-opt label=disable hello-world on a Debian install).

Note that I am running the actual Docker engine and still hit this problem. I am not using Podman.

Type of change

  • Dependency upgrade
  • Bugfix (non-breaking change which fixes an issue)
  • New integration (thank you!)
  • New feature (which adds functionality to an existing integration)
  • Deprecation (breaking change to happen in the future)
  • Breaking change (fix/feature causing existing functionality to break)
  • Code quality improvements to existing code or addition of tests

Additional information

None

Checklist

  • The code change is tested and works locally.
  • Local tests pass. Your PR cannot be merged unless tests pass
  • There is no commented out code in this PR.
  • I have followed the development checklist
  • I have followed the perfect PR recommendations
  • The code has been formatted using Ruff (ruff format homeassistant tests)
  • Tests have been added to verify that the new code works.

If user exposed functionality or configuration variables are added/changed:

If the code communicates with devices, web services, or third-party tools:

  • The manifest file has all fields filled out correctly.
    Updated and included derived files by running: python3 -m script.hassfest.
  • New or updated dependencies have been added to requirements_all.txt.
    Updated by running python3 -m script.gen_requirements_all.
  • For the updated dependencies - a link to the changelog, or at minimum a diff between library versions is added to the PR description.

To help with the load of incoming pull requests:

@strugee strugee requested a review from a team as a code owner October 7, 2024 01:27
@strugee
Disable SELinux enforcement on dev containers
a91c119 
On SELinux-enforcing systems, such as stock Fedora (to be more precise,
in my case, Fedora Silverblue), running `scripts/setup` fails with a
"Permission Denied" error. Fixing the root cause here seemingly
requires mucking around in the devcontainers CLI source, so we just
bail out and use a workaround.

Upstream bug: devcontainers/cli#914
frenck
frenck approved these changes Oct 7, 2024
View reviewed changes
Copy link
Member

@frenck frenck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @strugee 👍

../Frenck

@frenck frenck merged commit 6ee452a into home-assistant:dev Oct 7, 2024
45 checks passed
@strugee strugee deleted the selinux-fix branch October 7, 2024 16:32
@strugee
Copy link
Contributor Author

strugee commented Oct 7, 2024

Thanks for merging all my stuff recently! I appreciate it 🎊

@github-actions github-actions bot locked and limited conversation to collaborators Oct 8, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@frenck frenck frenck approved these changes

Assignees
No one assigned
Labels
cla-signed code-quality Hacktoberfest small-pr PRs with less than 30 lines.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@strugee @frenck