[yocto] [pseudo] Pseudo 1.8+ xattr sqlite corruption
Seebs
seebs at seebs.net
Wed Aug 22 09:41:31 PDT 2018
On Wed, 22 Aug 2018 14:54:02 +0000
<Jack.Fewx at dell.com> wrote:
> So failure mode is the target filesystem is devoid of SELinux file
> contexts, all files are unlabeled_t, which pretty much breaks
> everything in enforcing mode. So whatever the corruption
> cause/effect in the Psuedo database, the end result is when
> Mksquashfs runs it can't get labels for the files.
Ugh. Sorry, this is a known issue, I think we have an open bug for it,
and so far as I could tell the last time I looked at it, it was
theoretically-impossible to fix it sanely.
See:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=6580
The basic problem is: SELinux is extended attributes, and if we are
allowing *any* use of extended attributes, there is no way for pseudo
to distinguish between "host environment is trying to set a host
environment extended attribute" and "build system is trying to set a
target environment extended attribute".
And we can partially address this by turning off xattr support, so all
extended attribute use gets ENOSYS or whatever, but then I think the
host system stuff will also fail.
I am open to suggestions on ways this could be addressed sanely, but I
haven't come up with anything good yet.
(FWIW, I'm more present on the oe-core list, which I still scan for
messages with "pseudo" in the subject line.)
-s
More information about the yocto
mailing list