Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Detect SELinux and mount volumes appropriately

See original GitHub issue

On a recent Fedora host with SELinux, I can’t access the mounted volumes for the feedstock and recipe when running run_docker_build.

Looks like recent dockers have fixed this.

Because SELinux is a Good Thing, I don’t feel like we should punish conscientious developers for running with it.

Haven’t gone down the whole rabbit hole, but I think the change would be something like this:

...
VOLUME_OPTIONS="rw"
if hash getenforce 2> /dev/null && getenforce | grep 'Enforcing' > /dev/null
then
  VOLUME_OPTIONS="${VOLUME_OPTIONS},Z"
fi

cat << EOF | {{ docker.executable }} run -i \
                        -v "${RECIPE_ROOT}":/home/conda/recipe_root:$VOLUME_OPTIONS \
                        -v "${FEEDSTOCK_ROOT}":/home/conda/feedstock_root:$VOLUME_OPTIONS \
                        {{ matrix_env_vars(matrix) }}
                        -a stdin -a stdout -a stderr \
                        {{ docker.image }} \
                        {{ docker.command }} || exit 1
...

Barring that, just letting me do VOLUME_OPTIONS=Z ./scripts/run_docker_build.sh would do the trick. Happy to PR, with whichever makes the most sense.

Issue Analytics

State:
Created 6 years ago
Comments:17 (17 by maintainers)

Top GitHub Comments

1reaction

jakirkhamcommented, Feb 22, 2018

Thanks @bollwyvl. I’ll leave it unscheduled for now, but would ideally like us to fix a few things and get it in 3.1.0. That all depends on how smoothly 3.0.0 goes. 🍀

0reactions

jakirkhamcommented, Dec 29, 2018

This was ultimately resolved in PR ( https://github.com/conda-forge/conda-smithy/pull/888 ).