Skip to content

Commit

Permalink
Respect nspawn_args whenever doChroot is called
Browse files Browse the repository at this point in the history 
Which also includes all doOutChroot(), because that method calls
doChroot() internally.

This issue was found when trying to workaround an issue [1] when SELinux
policy forbid systemd-machine to create a varlink socket and thus start.
This resulted in systemd-nspawn not being able to register a machine. To
workaround this, Tomáš added the following snippet to the configuration:

    config_opts['nspawn_args'] = ['--register=no']

So that systemd-nspawn does not try to register the machine with
systemd-machine.  However, this had no effect (and the argument was not
visible on command-line and still failed).

[1] https://issues.redhat.com/browse/RHEL-49567

Co-authored-with: Tomáš Hozza <[email protected]>
  • Loading branch information
@praiskup
praiskup committed Sep 19, 2024
1 parent 78f2fc5 commit 6b0bf78
Show file tree
Hide file tree
Showing 6 changed files with 23 additions and 18 deletions.
16 changes: 2 additions & 14 deletions mock/py/mockbuild/backend.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,12 +65,6 @@ def __init__(self, config, uid_manager, plugins, state, buildroot, bootstrap_bui
self.private_network = not config['rpmbuild_networking']
self.rpmbuild_noclean_option = None

def _get_nspawn_args(self):
nspawn_args = []
if util.USE_NSPAWN:
nspawn_args.extend(self.config['nspawn_args'])
return nspawn_args

@traceLog()
def backup_results(self):
srcdir = os.path.join(self.buildroot.basedir, "result")
Expand Down Expand Up @@ -370,7 +364,7 @@ def shell(self, options, cmd=None):
ret = util.doshell(chrootPath=self.buildroot.make_chroot_path(),
environ=self.buildroot.env, uid=uid, gid=gid,
cwd=cwd,
nspawn_args=self._get_nspawn_args(),
nspawn_args=self.config.get("nspawn_args", []),
unshare_net=self.private_network,
cmd=cmd)
finally:
Expand Down Expand Up @@ -400,11 +394,10 @@ def chroot(self, args, options):
result = self.buildroot.doChroot(args, shell=shell, printOutput=True,
uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid,
user=self.buildroot.chrootuser, cwd=options.cwd,
nspawn_args=self._get_nspawn_args(), raiseExc=False,
raiseExc=False,
unshare_net=self.private_network)[1]
else:
result = self.buildroot.doChroot(args, shell=shell, cwd=options.cwd,
nspawn_args=self._get_nspawn_args(),
unshare_net=self.private_network,
printOutput=True, raiseExc=False)[1]
finally:
Expand Down Expand Up @@ -644,7 +637,6 @@ def copy_spec_into_chroot(self, spec_path):
def get_specfile_name(self, srpm_path):
files = self.buildroot.doChroot([self.config['rpm_command'], "-qpl", srpm_path],
shell=False, uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid,
nspawn_args=self._get_nspawn_args(),
unshare_net=self.private_network,
user=self.buildroot.chrootuser,
returnOutput=True
Expand All @@ -661,7 +653,6 @@ def install_srpm(self, srpm_path):
output, return_code = self.buildroot.doChroot(
command, shell=False, uid=self.buildroot.chrootuid,
gid=self.buildroot.chrootgid, user=self.buildroot.chrootuser,
nspawn_args=self._get_nspawn_args(),
unshare_net=self.private_network, returnOutput=True,
returnStderr=True, raiseExc=False)
if return_code:
Expand Down Expand Up @@ -704,7 +695,6 @@ def rebuild_installed_srpm(self, spec_path, timeout):
shell=False, logger=self.buildroot.build_log, timeout=timeout,
uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid,
user=self.buildroot.chrootuser,
nspawn_args=self._get_nspawn_args(),
unshare_net=self.private_network,
printOutput=self.config['print_main_output']
)
Expand Down Expand Up @@ -766,7 +756,6 @@ def get_command(mode, checkdeps=False):
shell=False, logger=self.buildroot.build_log, timeout=timeout,
uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid,
user=self.buildroot.chrootuser,
nspawn_args=self._get_nspawn_args(),
unshare_net=self.private_network, raiseExc=False,
printOutput=self.config['print_main_output'])
if returncode > 0 and returncode != 11:
Expand Down Expand Up @@ -816,7 +805,6 @@ def get_command(mode, checkdeps=False):
shell=False, logger=self.buildroot.build_log, timeout=timeout,
uid=self.buildroot.chrootuid, gid=self.buildroot.chrootgid,
user=self.buildroot.chrootuser,
nspawn_args=self._get_nspawn_args(),
unshare_net=self.private_network,
printOutput=self.config['print_main_output'])
results = glob.glob(bd_out + '/RPMS/*.rpm')
Expand Down
17 changes: 16 additions & 1 deletion mock/py/mockbuild/buildroot.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,11 @@ def __init__(self, config, uid_manager, state, plugins, bootstrap_buildroot=None
self._setup_nspawn_fuse_device()
self._setup_nspawn_loop_devices()

def _get_nspawn_args(self):
nspawn_args = []
if util.USE_NSPAWN:
nspawn_args.extend(self.config['nspawn_args'])
return nspawn_args

def set_package_manager(self, fallback=None):
"""
Expand Down Expand Up @@ -389,9 +394,16 @@ def doOutChroot(self, command, *args, **kwargs):
Execute the command in bootstrap chroot (when bootstrap is enabled) or
on host. Return (output, exit_status) tuple.
"""

# the chrootPath would imply running chroot within containers, as well
# as on host (where we would have to setup nspawn_args, which is not
# implemented).
assert "chrootPath" not in kwargs

if self.bootstrap_buildroot:
with self.mounts.buildroot_in_bootstrap_mounted():
return self.bootstrap_buildroot.doChroot(command, *args, **kwargs)
return self.bootstrap_buildroot.doChroot(
command, *args, **kwargs)

return util.do_with_status(command, *args, **kwargs)

Expand All @@ -408,6 +420,9 @@ def doChroot(self, command, nosync=False, *args, **kargs):
kargs['gid'] = uid.getresgid()[1]
self.uid_manager.becomeUser(0, 0)

kargs.setdefault("nspawn_args", [])
kargs["nspawn_args"].extend(self.config.get("nspawn_args", []))

try:
result = util.do_with_status(command, chrootPath=self.make_chroot_path(),
env=env, *args, **kargs)
Expand Down
1 change: 0 additions & 1 deletion mock/py/mockbuild/plugins/rpkg_preprocessor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,5 @@ def _preprocess(self, host_chroot_spec, host_chroot_sources):
gid=self.buildroot.chrootgid,
user=self.buildroot.chrootuser,
unshare_net=private_network,
nspawn_args=self.config.get('nspawn_args', []),
printOutput=self.config.get('print_main_output', True)
)
1 change: 0 additions & 1 deletion mock/py/mockbuild/plugins/rpmautospec.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,5 @@ def attempt_process_distgit(
gid=self.buildroot.chrootgid,
user=self.buildroot.chrootuser,
unshare_net=not self.config.get("rpmbuild_networking", False),
nspawn_args=self.config.get("nspawn_args", []),
printOutput=self.config.get("print_main_output", True),
)
1 change: 0 additions & 1 deletion mock/tests/plugins/test_rpmautospec.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,6 @@ def test_attempt_process_distgit(
gid=plugin.buildroot.chrootgid,
user=plugin.buildroot.chrootuser,
unshare_net=not plugin.config.get("rpmbuild_networking", False),
nspawn_args=plugin.config.get("nspawn_args", []),
printOutput=plugin.config.get("print_main_output", True),
)
else:
Expand Down
5 changes: 5 additions & 0 deletions releng/release-notes-next/nspawn-args-chroot-bootstrap.bugfix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Previously, the `nspawn_args` configuration value was not applied in multiple
internal `doChroot()` calls. This could cause issues when custom nspawn
arguments were needed everywhere (see [PR#1410][]). Now, `doChroot()`
automatically applies `nspawn_args`, shifting the responsibility from callers to
callee.

0 comments on commit 6b0bf78

Please sign in to comment.