Open praiskup opened 4 months ago
While the use of --root
is desired and safer than --prefix
, I'm not convinced we want to apply the needed SELinux workaround. I'd rather wait till shadow-utils people tell us what to do about this.
This does not work for me. When I change it from host, then it is remounted. And it is read only, so I cannot change it from chroot neither.
Yes, Mock's selinux plugin has some hacks related to SELinux too, and we do recursive bind-mounts later: https://github.com/rpm-software-management/mock/blob/db64d46820234956bd41e8f350ba970b62b46093/mock/py/mockbuild/mounts.py#L228-L231
The point of this hack is to prepare the enforce
file right before shadow-utils (useradd
, groupadd
, etc.) are executed (from /usr/sbin
on host).
Fixes: #1285