Open VGerris opened 10 months ago
note : my homefolder is encrypted using ecrytfs, I had to apply a policy to overcome another issue that I reported here : https://bugzilla.redhat.com/show_bug.cgi?id=2249481
DEBU stderr: Error: host file not writable, try running with elevated privileges
can the user add entries to the hosts file? or using sudo ?
hi, what do you mean? That log output applies to actions within the VM, correct ? Shouldn't that 'just work' ? Can you write what precise commands I could run to test anything? thank you
hi, what do you mean? That log output applies to actions within the VM, correct ? Shouldn't that 'just work' ? Can you write what precise commands I could run to test anything? thank you
Try to open this file and add some content and save it, does it able to save or have permission issue?
sudo vi /etc/hosts
Hi, I am perfectly cable of changing and saving my host file with sudo, no saving issues.
@VGerris can you try following without sudo?
$ ls -lZ /home/vgerris/.crc/bin/crc-admin-helper-linux
$ /home/vgerris/.crc/bin/crc-admin-helper-linux rm api.crc.testing oauth-openshift.apps-crc.testing console-openshift-console.apps-crc.testing downloads-openshift-console.apps-crc.testing canary-openshift-ingress-canary.apps-crc.testing default-route-openshift-image-registry.apps-crc.testing
Hi, sure here we go:
$ ls -lZ /home/vgerris/.crc/bin/crc-admin-helper-linux
-r-s--x---. 1 root vgerris system_u:object_r:ecryptfs_t:s0 5212680 Nov 13 10:31 /home/vgerris/.crc/bin/crc-admin-helper-linux
$ /home/vgerris/.crc/bin/crc-admin-helper-linux rm api.crc.testing oauth-openshift.apps-crc.testing console-openshift-console.apps-crc.testing downloads-openshift-console.apps-crc.testing canary-openshift-ingress-canary.apps-crc.testing default-route-openshift-image-registry.apps-crc.testing
Error: host file not writable, try running with elevated privileges
host file not writable, try running with elevated privileges
That seems to be an issue. I tried restorecon on it but get :
$ restorecon -Rv /home/vgerris/.crc/bin/crc-admin-helper-linux
restorecon: Could not set context for /home/vgerris/.crc/bin/crc-admin-helper-linux: Operation not supported
I tried setting 755 as here : https://github.com/crc-org/admin-helper/blob/master/crc-admin-helper.spec.in but that didn't help.
@VGerris is it something because of system_u:object_r:ecryptfs_t
context because I can see the permission is as expected but context is different than usual like in my case unconfined_u:object_r:user_home_t
but may be you have some restriction for home directory. try with sudo
also I am surprised that with root
user and suid bit set it is not able to write the file. Also run the restorecon
with sudo.
Also https://github.com/crc-org/crc/issues/2119 looks like dup of this.
Can you be more elaborate ? Running restorecon with sudo I tried :
$ sudo restorecon -Rv /home/vgerris/.crc/bin/crc-admin-helper-linux
[sudo] password for vgerris:
restorecon: Could not set context for /home/vgerris/.crc/bin/crc-admin-helper-linux: Operation not supported
Same as root. This one seems a duplicate indeed and I also have nosuid set in the mount options.
To change the rights to 666 does not work for me and there seems to be check on some of the permissions that requires running crc setup, which restores the sticky bit and other rights.
Is there any issue with using sudo at setup, so one just runs the helper like that, or is it used at start and other occasions? Otherwise to place it outside the home dir seems to be the only option.
This workaround seems to work :
sudo mount -o remount,suid /home/vgerris
so moving the helper outside home sounds like a good idea as @cfergeau suggests here :
https://github.com/crc-org/crc/issues/2119#issuecomment-1558795768
This is a very specific selinux + encrypted home folder setup. We can try to reproduce it, but this is not a scenario we see often.
The solution could be to move crc-admin-helper
to /usr/local/sbin
or similar.
Strictly, this is not because of an encrypted home folder or selinux, it is because the partition is mounted nosuid, correct? ecryptfs seems to be a common way to encrypt file systems if not using LUKS and is particularly useful on a multiuser computer, where one account can be encrypted and another not.
Seems like a good idea to move that file.
Yes the problem is the nosuid
mount.
I have reported this here too: https://bugzilla.redhat.com/show_bug.cgi?id=2249481 Will the file be moved in a coming version?
General information
crc setup
before starting it (Yes)?CRC version
CRC status
CRC config
Host Operating System
Steps to reproduce
clean everything, download latest crc $ crc delete -f $ crc cleanup $ rm -r ~/.crc $ crc setup $ crc start --log-level debug Snippet of log included further on, basically :
Error running post start: exit status 1
Expected
succesful start
Actual
error 1, machine up but problem finishing setup
Logs
Before gather the logs try following if that fix your issue
Please consider posting the output of
crc start --log-level debug
on http://gist.github.com/ and post the link in the issue.