Packit: initial enablement

[lsm5]

This commit adds Packit configuration files which will trigger builds on
copr:rhcontainerbot/packit-builds on every PR and on
copr:rhcontainerbot/podman-next on every commit to main branch.

Signed-off-by: Lokesh Mandvekar [email protected]

[lsm5]

/packit copr-build

[lsm5]

@rhatdan looks like make man can't be done without superuser. Are you cool with adding a generated qm_selinux.8 into the repo as in container-selinux ?

$ make man
make -f /usr/share/selinux/devel/Makefile qm.pp
make[1]: Entering directory '/home/lsm5/repositories/qm-selinux'
qm.if:14: Warning: duplicate definition of qm_domain_template(). Original definition on /usr/share/selinux/devel/include/services/qm.if:14.
Compiling targeted qm module
Creating targeted qm.pp policy package
rm tmp/qm.mod tmp/qm.mod.fc
make[1]: Leaving directory '/home/lsm5/repositories/qm-selinux'
Compressing qm.pp -> qm.pp.bz2
bzip2 -f -9 qm.pp
semodule -i qm.pp.bz2
libsemanage.semanage_create_store: Could not read from module store, active modules subdirectory at /var/lib/selinux/targeted/active/modules. (Permission denied).

[lsm5]

@rhatdan added the install.sh script to /usr/libexec/qm-selinux . Please verify the change and remind me what else I need to add.

[rhatdan]

I think we should name this /usr/libexec/qm-install

I am thinking of renaming this repo to just qm

[lsm5]

I think we should name this /usr/libexec/qm-install

I think the script should be 1 level further down. So, inside /usr/libexec/qm/ or if it's only to be used in conjunction with podman, maybe in /usr/libexec/podman/.

I am thinking of renaming this repo to just qm

Dunno, I guess having the -selinux in the name provides a better idea, but not a stong opinion. We could check with the team if you prefer.

[rhatdan]

Yes, /usr/libexec/qm/install would be good.
Or /usr/lib/qm/install since this is not to be executed by other users of a tool.

As far as the -selinux drop is concerned, the goal of this repo is setting up a QM isolated environment. The SELinux component is just a small part of it.

[lsm5]

Yes, /usr/libexec/qm/install would be good. Or /usr/lib/qm/install since this is not to be executed by other users of a tool.

As far as the -selinux drop is concerned, the goal of this repo is setting up a QM isolated environment. The SELinux component is just a small part of it.

SGTM

[lsm5]

file path changed. PTAL

[lsm5]

@rhatdan also added qm.container to /usr/share/containers/systemd/ . PTAL at the new change.

Could you please also remind me of the exact rpm testing steps?

Right now I have:

$ /usr/lib/qm/install
+ sudo systemctl stop qm
+ sudo podman volume rm qmEtc qmVar --force
+ make
make: *** No targets specified and no makefile found.  Stop.

[rhatdan]

Ok I the setup script needs to be modified to expect that the qm-selinux package was already built.

[lsm5]

Ok I the setup script needs to be modified to expect that the qm-selinux package was already built.

@rhatdan ping, just checking if you've updated the script.

[rhatdan]

I have not completed it yet, hopefully I will get back to this tomorrow.

[rhatdan]

Ok I am going to merge, and then we can continue working and improving this.