Open polypoyo opened 4 months ago
@polypoyo Is it possible that your docker requires root?
@polypoyo Is it possible that your docker requires root?
No, it works just fine when in Permissive mode
Ok, -u 1000:1000
already suggests the same.
Can you share the full output of;
libdragon version
and,
libdragon init -v
?
Also how exactly do you install/use the tool, it might also help to debug the problem.
When running
libdragon init
on Fedora Server 39, it fails with the following error:SELinux Logs during
``` type=AVC msg=audit(1716793122.966:814): avc: denied { write } for pid=8150 comm="mkdir" name="libdragon" dev="dm-0" ino=10808131 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1716793122.966:815): avc: denied { add_name } for pid=8150 comm="mkdir" name="build" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1716793122.966:816): avc: denied { create } for pid=8150 comm="mkdir" name="build" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1716793123.018:817): avc: denied { write } for pid=8169 comm="cc1" name="build" dev="dm-0" ino=28758875 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1716793123.018:818): avc: denied { add_name } for pid=8169 comm="cc1" name="fmath.d" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1716793123.018:819): avc: denied { create } for pid=8169 comm="cc1" name="fmath.d" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=1 type=AVC msg=audit(1716793123.018:820): avc: denied { write open } for pid=8169 comm="cc1" path="/libdragon/libdragon/build/fmath.d" dev="dm-0" ino=28758876 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=1 type=AVC msg=audit(1716793123.020:821): avc: denied { write } for pid=8170 comm="as" name="build" dev="dm-0" ino=28758875 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1716793123.020:822): avc: denied { add_name } for pid=8170 comm="as" name="fmath.o" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1716793123.020:823): avc: denied { read } for pid=8170 comm="as" path="/libdragon/libdragon/build/fmath.o" dev="dm-0" ino=28758877 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=1 type=AVC msg=audit(1716793123.156:824): avc: denied { create } for pid=8200 comm="mkdir" name="libcart" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1716793124.635:826): avc: denied { setattr } for pid=8382 comm="ld" name="rsp_crash.o" dev="dm-0" ino=28759187 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=1 type=AVC msg=audit(1716793124.637:827): avc: denied { remove_name } for pid=8384 comm="mv" name="rsp_crash.o" dev="dm-0" ino=28759187 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1716793124.637:828): avc: denied { rename } for pid=8384 comm="mv" name="rsp_crash.o" dev="dm-0" ino=28759187 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=1 type=AVC msg=audit(1716793124.687:829): avc: denied { unlink } for pid=8398 comm="rm" name="rsp_crash.text.bin" dev="dm-0" ino=28759188 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=1 type=AVC msg=audit(1716793126.462:831): avc: denied { write } for pid=8647 comm="cc1" name="tools" dev="dm-0" ino=818563 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1716793126.462:832): avc: denied { add_name } for pid=8647 comm="cc1" name="n64tool.d" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1716793126.592:833): avc: denied { remove_name } for pid=8662 comm="mips64-elf-ar" name="stI8byUA" dev="dm-0" ino=10808271 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1716793131.859:834): avc: denied { rmdir } for pid=8886 comm="rm" name="libcart" dev="dm-0" ino=818599 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1 ```libdragon init