search

archlinuxhardened / selinux

PKGBUILDs to build SELinux enabled packages for Arch Linux
146 stars 25 forks source link

arch-selinux: error: unable to create temporary file: Operation not permitted #26

Closed ttchin closed 4 years ago

ttchin commented 4 years ago

I tried to build up a vagrant virtual machine based on terrywang/archlinux and use virtualbox as the backend.

Ubuntu 16.04 Vagrant 2.2.6 virtualbox/xenial-updates,now 5.1.38-dfsg-0ubuntu1.16.04.3 amd64

Unfortunately I faced a permission error during the process:

    arch-selinux: :: Proceed with installation? [Y/n]
    arch-selinux: checking keyring...
    arch-selinux: checking package integrity...
    arch-selinux: loading package files...
    arch-selinux: checking for file conflicts...
    arch-selinux: checking available disk space...
    arch-selinux: :: Processing package changes...
    arch-selinux: installing restorecond...
    arch-selinux: :: Running post-transaction hooks...
    arch-selinux: (1/2) Reloading system manager configuration...
    arch-selinux: (2/2) Arming ConditionNeedsUpdate...
    arch-selinux: Cloning into 'python-ipy'...
    arch-selinux: error: unable to create temporary file: Operation not permitted
    arch-selinux: fatal: failed to write object
    arch-selinux: fatal: unpack-objects failed
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

I did some tiny modifications on terrywang/archilinux that is proxy and certifications since my host is running behind a corporate proxy. And nothing more beside these.

fishilico commented 4 years ago

Hello, as you did not mention how you install packages, I need to ask: What did you run which triggered the failure? Did this issue occurred during a custom installation procedure (by hand or with an AUR helper)? Or did it occurred while running vagrant provision from the configuration provided in https://github.com/archlinuxhardened/selinux/tree/master/_vagrant ?

If you are using the provisioning scripts that are provided in this repository, the issue seems to be in the git clone command from: https://github.com/archlinuxhardened/selinux/blob/426cbd50c56d84b41d891f243055790159e77991/build_and_install_all.sh#L103-L106

What does mktemp -d makepkg-python-ipy-XXXXXX return? Is the project directory (/srv/arch-selinux/) writable by vagrant? (this might be the issue you encounter, which would be fixed with MAKEPKGDIR="$(mktemp -d -p "${TMPDIR:-/tmp}" makepkg-python-ipy-XXXXXX)").

ttchin commented 4 years ago

Hi, thanks for your kind help. :) I followed the instructions written in ArchWiki

 git clone https://github.com/archlinuxhardened/selinux
 cd selinux/_vagrant
 vagrant up
 vagrant ssh

So yes, this issue occured when running vagrant provision. I fixed it by modifying selinux/build_and_install_all.sh on line 103 and line 116.

But I suppose /srv/arch-selinux/ is mapped to directory selinux in my host machine by Vagrantfile and the whole installation process is run by root, why is it mandatory to make the directory writable by vagrant? Maybe machine.vm.synced_folder "..", :mount_options => ["dmode=777", "fmode=666"] could fix this issue as well.

However, I got another issue related to openssl:

    arch-selinux:  352 tests ok
    arch-selinux: test_hostkeys:
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux:  18 tests ok
    arch-selinux: test_match:
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux: .
    arch-selinux:  6 tests ok
    arch-selinux: make[1]: Leaving directory '/home/vagrant/.tmp/build/openssh-selinux/src/openssh-8.1p1/regress'
    arch-selinux: unit tests passed
    arch-selinux: ==> ERROR: A failure occurred in check().
    arch-selinux:     Aborting...
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.
fishilico commented 4 years ago

But I suppose /srv/arch-selinux/ is mapped to directory selinux in my host machine by Vagrantfile and the whole installation process is run by root, why is it mandatory to make the directory writable by vagrant?

Even though the provisioning (and the installation process) is run by root, building packages has to be done with an unprivileged user (otherwise makepkg refuses to work) and is performed under vagrant identity.

I am pushing a commit that fixes the first issue. For the one about openssh-selinux, I did not manage to reproduce it. If it is still failing, please open another issue with the failing test (this information is missing from your report, it only contained ERROR: A failure occurred in check().).

ttchin commented 4 years ago

I retried and everything worked well now. Thanks.