Incompatable with SELinux

[polypoyo]

When running libdragon init on Fedora Server 39, it fails with the following error:

Command docker exec --workdir /libdragon/libdragon -u 1000:1000 -i 5686f4bc6577c7604336f5e16e3bd92a5493bb791edc40b4a331694175df258e /bin/bash ./build.sh exited with code 126.
Command error output:
/bin/bash: ./build.sh: Permission denied

SELinux Logs during libdragon init

type=AVC msg=audit(1716793122.966:814): avc:  denied  { write } for  pid=8150 comm="mkdir" name="libdragon" dev="dm-0" ino=10808131 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1716793122.966:815): avc:  denied  { add_name } for  pid=8150 comm="mkdir" name="build" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1716793122.966:816): avc:  denied  { create } for  pid=8150 comm="mkdir" name="build" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1716793123.018:817): avc:  denied  { write } for  pid=8169 comm="cc1" name="build" dev="dm-0" ino=28758875 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1716793123.018:818): avc:  denied  { add_name } for  pid=8169 comm="cc1" name="fmath.d" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1716793123.018:819): avc:  denied  { create } for  pid=8169 comm="cc1" name="fmath.d" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=1
type=AVC msg=audit(1716793123.018:820): avc:  denied  { write open } for  pid=8169 comm="cc1" path="/libdragon/libdragon/build/fmath.d" dev="dm-0" ino=28758876 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=1
type=AVC msg=audit(1716793123.020:821): avc:  denied  { write } for  pid=8170 comm="as" name="build" dev="dm-0" ino=28758875 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1716793123.020:822): avc:  denied  { add_name } for  pid=8170 comm="as" name="fmath.o" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1716793123.020:823): avc:  denied  { read } for  pid=8170 comm="as" path="/libdragon/libdragon/build/fmath.o" dev="dm-0" ino=28758877 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=1
type=AVC msg=audit(1716793123.156:824): avc:  denied  { create } for  pid=8200 comm="mkdir" name="libcart" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1716793124.635:826): avc:  denied  { setattr } for  pid=8382 comm="ld" name="rsp_crash.o" dev="dm-0" ino=28759187 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=1
type=AVC msg=audit(1716793124.637:827): avc:  denied  { remove_name } for  pid=8384 comm="mv" name="rsp_crash.o" dev="dm-0" ino=28759187 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1716793124.637:828): avc:  denied  { rename } for  pid=8384 comm="mv" name="rsp_crash.o" dev="dm-0" ino=28759187 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=1
type=AVC msg=audit(1716793124.687:829): avc:  denied  { unlink } for  pid=8398 comm="rm" name="rsp_crash.text.bin" dev="dm-0" ino=28759188 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=1
type=AVC msg=audit(1716793126.462:831): avc:  denied  { write } for  pid=8647 comm="cc1" name="tools" dev="dm-0" ino=818563 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1716793126.462:832): avc:  denied  { add_name } for  pid=8647 comm="cc1" name="n64tool.d" scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1716793126.592:833): avc:  denied  { remove_name } for  pid=8662 comm="mips64-elf-ar" name="stI8byUA" dev="dm-0" ino=10808271 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1716793131.859:834): avc:  denied  { rmdir } for  pid=8886 comm="rm" name="libcart" dev="dm-0" ino=818599 scontext=system_u:system_r:container_t:s0:c694,c764 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1

[anacierdem]

@polypoyo Is it possible that your docker requires root?

[polypoyo]

@polypoyo Is it possible that your docker requires root?

No, it works just fine when in Permissive mode

[anacierdem]

Ok, -u 1000:1000 already suggests the same.
Can you share the full output of;
libdragon version and,
libdragon init -v?
Also how exactly do you install/use the tool, it might also help to debug the problem.

[anacierdem]

I also suggest upgrading to latest.