Giter VIP home page Giter VIP logo

Comments (6)

elad661 avatar elad661 commented on July 18, 2024 1

This is an SELinux issue, the files need to be labled as container_t (if I remember correctly) for this to work. I've been working around this locally by running the generate outside a container, since my environment is already set up with all the required dependencies (go, pyyaml):

make merge-cluster-roles assets docs

Another option is to set SELinux to permissive mode before running make generate. Generally though I think it's another sign we should improve the process to not have any hurdles like this one.

from cluster-monitoring-operator.

jhadvig avatar jhadvig commented on July 18, 2024

Disabling SELinux does the trick. Thanks @elad661 !!!

from cluster-monitoring-operator.

rhatdan avatar rhatdan commented on July 18, 2024

Disabling SELinux should not be the solution. We should figure out what is mislabeled and fix it. RUnning something like containers with SELinux disabled is asking for trouble.

The label to assign is container_file_t, container_t is a process label, and can not be assigned to content.

from cluster-monitoring-operator.

elad661 avatar elad661 commented on July 18, 2024

@rhatdan Nothing is "mislabeled" in a way that we can fix properly. What happens here is simple: make generate mounts the cluster-monitoring-operator source tree as a volume for the container (see https://github.com/openshift/cluster-monitoring-operator/blob/master/Makefile#L48 ), and because all the files are (probably) labeled user_home_t SELinux doesn't allow the container to access any of them.

I think the proper way to fix this would be moving away from using a container for make generate, since it's reasonable to expect people who contribute to cluster-monitoring-operator will have Go installed on their development machine.

from cluster-monitoring-operator.

rhatdan avatar rhatdan commented on July 18, 2024

Can you disable enforcement in the container IE Run with label:disable rather then disable the selinux on the host.

from cluster-monitoring-operator.

elad661 avatar elad661 commented on July 18, 2024

Thanks @rhatdan, that works. I'll send a PR to add that parameter to the Makefile.

Note that I never advocated for disabling SELinux, I just suggested setting it to permissive mode as a temporary workaround.

from cluster-monitoring-operator.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.