Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error Compiling Modules on CentOS 8.6 #33

Closed
ccravens opened this issue Feb 14, 2023 · 11 comments
Closed

Error Compiling Modules on CentOS 8.6 #33

ccravens opened this issue Feb 14, 2023 · 11 comments
Assignees
@galal-hussein

Comments

@ccravens
Copy link

Looks like the semodule errors when installing on latest of CentOS 8:

Rancher RKE2 Common (stable)                                                                                               12 kB/s | 2.4 kB     00:00    
Importing GPG key 0xE257814A:
 Userid     : "Rancher (CI) <ci@rancher.com>"
 Fingerprint: C8CF F216 4551 26E9 B9C9 18BE 925E A29A E257 814A
 From       : https://rpm.rancher.io/public.key
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                  1/1 
  Running scriptlet: container-selinux-2:2.195.1-1.module_el8.8.0+1254+78119b6e.noarch                                                                1/4 
  Installing       : container-selinux-2:2.195.1-1.module_el8.8.0+1254+78119b6e.noarch                                                                1/4 
  Running scriptlet: container-selinux-2:2.195.1-1.module_el8.8.0+1254+78119b6e.noarch                                                                1/4 
  Running scriptlet: rke2-selinux-0.11-1.el8.noarch                                                                                                   2/4 
  Installing       : rke2-selinux-0.11-1.el8.noarch                                                                                                   2/4 
  Running scriptlet: rke2-selinux-0.11-1.el8.noarch                                                                                                   2/4 
Conflicting name type transition rules
Binary policy creation failed at /var/lib/selinux/targeted/tmp/modules/400/rke2/cil:324
Failed to generate binary
semodule:  Failed!

OS Info:

$ sudo uname -r
4.18.0-448.el8.x86_64
$ sudo uname -a
Linux ip-192-168-32-10.us-gov-east-1.compute.internal 4.18.0-448.el8.x86_64 #1 SMP Wed Jan 18 15:02:46 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
$ sudo rpm -q centos-stream-release
centos-stream-release-8.6-1.el8.noarch
@ccravens ccravens mentioned this issue Feb 14, 2023
Closed
@brandond
Copy link
Member

brandond commented Feb 14, 2023
edited
Loading

@mysticaltech
Copy link

@galal-hussein @brandond Please folks, we will soon be installing rke2 on MicroOS and will need this to be fixed. Can we do anything to help?

@mysticaltech mysticaltech mentioned this issue Apr 5, 2023
Closed
@mysticaltech
Copy link

@galal-hussein Please, that's one of our main blocker in adopting rke2!

@galal-hussein
Copy link
Contributor

@mysticaltech @ccravens I am currently investigating the issue, I beileve I have a fix for microos and centos9

@galal-hussein
Copy link
Contributor

To give you more context on the issue, it seems that container-selinux has updated some of their macros definitions starting from container-selinux v2.195 and that particular macro container_domain_template specifically this line:

containers/container-selinux@6e0cb6e#diff-d87cfd6c86daf9204f212619e52210d06d7575d9b4ad27b41966ab3e1b80e2a8R891

which basically includes a new argument to the definition, and since we only pass one argument you will see a lot of error of missing context like _file_t which it should be container_file_t. currently I am passing the missing argument into the selinux policy for all distros and this fix the issue

This was referenced May 9, 2023
Open
Merged
@galal-hussein
Copy link
Contributor

@rancher-max @mysticaltech @ccravens new rpms in the testing channel has been released that will include the fix for newer container-selinux versions

@galal-hussein galal-hussein self-assigned this May 9, 2023
@mysticaltech
Copy link

Wonderful, thanks @galal-hussein! 🙏

@ccravens
Copy link
Author

ccravens commented May 9, 2023

@galal-hussein yes thank you!

@johanneskastl
Copy link

@galal-hussein 1.12testing.1 builds successfully on openSUSE. Thanks for the work!

@rancher-max
Copy link

Hussein covered all of the good details in this thread, but we have concluded testing on this now! I gave some details in rancher/rke2#4285 (comment), but the tl;dr is that this should be available to use via the install script at https://get.rke2.io and the testing channel.

For el8 in particular, as that was the original issue here, we opted for requiring a container-selinux version less than 191 since not all of the el8 distros have updated yet to the latest.

I am going to close this out as the changes will find their way into the latest and stable channels in line with the May patch releases (very soon). Thank you everyone for your reports and help with validations here!

@rancher-max rancher-max mentioned this issue May 25, 2023
Closed
@mysticaltech
Copy link

Thanks @rancher-max!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@galal-hussein galal-hussein

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@brandond @mysticaltech @ccravens @galal-hussein @johanneskastl @rancher-max