search

ros-tooling / cross_compile

A tool to build ROS and ROS2 workspaces for various targets
Apache License 2.0
188 stars 59 forks source link

cross_compile does not adjust SELinux policies of the workspace #178

Open tobiasblass opened 4 years ago

tobiasblass commented 4 years ago

Description

cross_compile needs to mount the workspace into the docker container. This is not allowed by the default SELinux policy (at least on Fedora), which causes "permission denied" errors.

Expected Behavior

I guess the most convenient solution would be if the cross_compile-tool authomatically relabeled the workspace. The docker CLI tool does this if you add :z after the mount specification, i.e., something like docker run -v $HOME/ros_cross:/ws:z <image ID>.

If that doesn't work, or if you feel uneasy changing security labels on the system without notice, a short hint in the documentation that SELinux might cause issues might already be enough.

Actual Behavior

The tool aborts during the rosdep gathering with a Permission denied error. 

INFO:Docker Client:+ rosdep update
INFO:Docker Client:Warning: running 'rosdep update' as root is not recommended.
...
INFO:Docker Client:updated cache in /root/.ros/rosdep/sources.cache
INFO:Docker Client:+ cat
INFO:Docker Client:/root/gather_rosdeps.sh: line 21: cc_internals/armhf-ubuntu-dashing/install_rosdeps.sh: Permission denied

To Reproduce

Install the tool and run ros_cross_compile <workspace> --arch armhf --os ubuntu --rosdistro dashing on a Fedora machine.

System (please complete the following information)

Additional context

Unfortunately, it seems like the docker Python API does not have an easy "please make it work with SELinux" option like the CLI has, and I know neither docker nor SELinux well enough to contribute a patch.

emersonknapp commented 4 years ago

Thanks for reporting this - it's good to know that it largely works on Fedora, it hasn't been tested at all on that platform. Putting this on the backlog.