Skip to content

Docker commands don't work with SELinux #80

New issue
New issue
Open
#81
Open
Docker commands don't work with SELinux#80
#81
@mbooth101

Description

@mbooth101
mbooth101
opened on Jul 14, 2022

Docker command to build the firmware does not work on my machine, yields a permission error:

$ docker run -it -v "$(pwd)"/:/firmware matthewwilkes/esp_idf:4.4 IOT_SOLUTION_PATH=/firmware/esp-iot-solution TARGET=esp32s3
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Setting IDF_PATH to '/esp-idf'
Detecting the Python interpreter
Checking "python" ...
/esp-idf/tools/detect_python.sh: line 16: python: command not found
Checking "python3" ...
Python 3.8.10
"python3" has been detected
Adding ESP-IDF tools to PATH...
Using Python interpreter in /root/.espressif/python_env/idf4.4_py3.8_env/bin/python
Checking if Python packages are up to date...
Python requirements from /esp-idf/requirements.txt are satisfied.
Added the following directories to PATH:
  /esp-idf/components/esptool_py/esptool
  /esp-idf/components/espcoredump
  /esp-idf/components/partition_table
  /esp-idf/components/app_update
  /root/.espressif/tools/xtensa-esp32-elf/esp-2021r2-patch3-8.4.0/xtensa-esp32-elf/bin
  /root/.espressif/tools/xtensa-esp32s2-elf/esp-2021r2-patch3-8.4.0/xtensa-esp32s2-elf/bin
  /root/.espressif/tools/xtensa-esp32s3-elf/esp-2021r2-patch3-8.4.0/xtensa-esp32s3-elf/bin
  /root/.espressif/tools/riscv32-esp-elf/esp-2021r2-patch3-8.4.0/riscv32-esp-elf/bin
  /root/.espressif/tools/esp32ulp-elf/2.28.51-esp-20191205/esp32ulp-elf-binutils/bin
  /root/.espressif/tools/esp32s2ulp-elf/2.28.51-esp-20191205/esp32s2ulp-elf-binutils/bin
  /root/.espressif/tools/openocd-esp32/v0.11.0-esp32-20211220/openocd-esp32/bin
  /root/.espressif/python_env/idf4.4_py3.8_env/bin
  /esp-idf/tools
Done! You can now compile ESP-IDF projects.
Go to the project directory and run:

  idf.py build

/build.sh: line 7: cd: /firmware: Permission denied

My machine has SELinux enabled:

$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33

Using the Z option when specifying volumes fixes the problem.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions